Roughly 80% of all business-to-business communication consists of files containing a large amount of information. That's why it's business-critical to transfer those files securely.
File Transfer Protocol (FTP) is a network protocol used to transfer files across a network. Do it right, and the files get there untouched. Do it carelessly, and there's no way to recover the sensitive data that's been lost.
As remote work has boomed, and companies get more and more decentralized, the need to send large batches of files has increased. Once only 'nice', this service is now 'necessary' to maintaining the daily operations of many businesses, international and domestic. Spreading supply chains and work-from-anywhere employees have further expanded the need for a secure, systematized approach to sending large numbers of files both quickly and securely.
The Types of File Transfer Protocols
There are several types of FTP, and they each serve different purposes. The one you use will depend on which lines up with your specific business and security goals.
Classic FTP
The original File Transfer Protocol (FTP) was developed before the web and hasn't changed much since then. This is still the way to transmit files over a network, it uses Port 21 to send and receive authentication communications. However, it must access another port (traditionally, Port 22), to send the data itself.
The problem is that basic FTP sends credentials in plaintext, instead of encrypting them. It also lacks automation or adherence with today's compliance standards.
FTPS
FTPS, or FTP over Secure Sockets Layer/ Transport Layer Security (SSL/TLS) is a much safer option. As stated in the name, it provides a way to not only send files, but ensures that sure they get there securely.
It uses a combination of credentials and certificates to authenticate, and it gives you the option to encrypt both channels, the one to authenticate and the one to send data. Should you choose to encrypt, it makes use of algorithms like AES and Triple DES.
While a lot better, FTPS has its problems, too. It can be blocked by high-security firewalls, and the fact that it still uses multiple ports opens it up for a higher number of attacks.
SFTP
SFTP, also known as FTP over SSH (Secure Shell), provides the safest option yet. Sending file transfers over SSH provides organizations with a higher amount of security for their files in transit. It not only uses AES and Triple DES, but other algorithms to ensure encryption between destinations.
It increases this level of safety by authenticating via several combined methods: credentials, SSH keys, or both. It only uses one port (Port 22) for both avenues of communication – authentication and transfer – further reducing the burden of risk.
This is the best choice for complying with federal cybersecurity regulations and maintaining security best-practices.
SCP
Secure Copy Protocol (SCP) is a secure file transfer solution that also uses SSH. Similar to SFTP, the two are often compared.
SCP runs faster, as it is built off a simpler algorithm, but SFTP is a more robust option that provides file management capabilities, like naming files, deleting files, and listing directories. SCP will not resume transfer if there are connectivity issues, but is right for companies looking for a fast, efficient transfer option.
HTTP and HTTPS
HTTP forms the backbone of communications across the web and defines the format of communication between web browsers and web servers. It uses TCP and is a stateless protocol.
HTTPS serves the same function with added security, encrypting with SSL or TLS.
AS2, AS3, AS4
AS2, AS3, and AS4 (Applicability Statement 2, 3, and 4) are used to securely send critical file transfers.
- AS2 utilizes digital certificates and encryption, and its messages can be compressed, signed, and sent over a secure SSL tunnel.
- AS3 can transmit virtually any file type and uses digital signatures and encryption.
- AS4 is a business-to-business standard, simplifying the secure exchange of documents over the internet.
PeSIT
PeSIT is primarily used for compliant and safe transfers of bank-to-bank communications in Europe. It only allows one file transfer per session, meaning multiple sessions must be open to facilitate multiple transfers securely.
TFTP
Trivial File Transfer Protocol (TFTP) is an insecure protocol best used for one-time transfers within a LAN. It should not be used over the internet and does not allow for user authentication.
MFT
Managed File Transfer (MFT) not only facilitates the secure transfer of files between parties, but it does it faster and with less hands-on management.
The 'one FTP to rule them all,’ MFT integrates with cloud services and web applications, and deploys across multiple environments:
- On-premises
- Cloud
- Cloud platforms like AWS and Microsoft Azure
- Hybrid environments
- GoAnywhere's MFTaaS plan
MFT lifts the FTP management burden by providing centralized control of all security settings and audit trails. It also processes file information into XML, CSV and JSON databases.
GoAnyhere MFT supports features of multiple FTPs, including:
MFTaaS
The SaaS offering of MFT, MFTaaS, gives you all the benefits of MFT while being managed from the cloud. There is no need to manage cloud infrastructure or install software on-premises, and the setup, hosting, and management is taken care of by a third-party.
This gives you a versatile, lightweight way to streamline file transfer in the cloud, to the cloud, and between cloud and on-premises environments.
MFTaaS also simplifies compliance with data regulations like HIPAA, PCI DSS, and GDPR. Policies are easily set up and rolled out with centralized controls, centralized management, built-in audit logs, granular permissions, and encrypted file transfer.
Make File Transfer an Asset, Not a Liability
As organizations continue to expand beyond geographic and perimeter-based borders, the landscape for vendors and clients opens up. For that reason, many companies are being selective when it comes to choosing who to connect to their network.
Supply chain risks are top of mind for many executives, and a secure file transfer method could spell the difference between being considered a partner, or a liability.
Want to see what MFT can do for your organization?
