If you google the term secure FTP, most of the definitions you'll come across will fall into one of two groups: those that are just too technical and those that are simply too vague. Some, even contradicting. So if you're an average guy with a not-so-technical background, you'll be walking away with a head all tangled in arcane networking acronyms.
What we've put together here is a dumbed down explanation of the term that's just right for folks who aren't network engineers, consultants or administrators. We're hoping that, once you're done with this article, you will have gained a better understanding on what it is, why you might want to start using it, and how.
Defining secure FTP
Secure FTP is actually just a general term for describing a handful of protocols (namely FTPS and SFTP) that enable secure file transfers.
Now, for those who don't know what a network protocol is, it is just a set of rules which network devices are made to adhere to in order for them to communicate with one another. If you want a simple analogy, you can think of it as a common language. Just like people, two devices who want to communicate with one another should first agree on a common language before they can communicate seamlessly.
Certain network protocols are designed for certain functions. And when it comes to transferring big files or a large number of files, the network protocol of choice is usually File Transfer Protocol or FTP.
Note: FTP isn't the only protocol for transferring files. You can even use HTTP. So if we have to strictly follow semantics, then a file transfer protocol (all lowercase) should refer to any protocol that supports file transfers and File Transfer Protocol (with uppercase first letters) to refer to the popular protocol represented by the acronym FTP. However, because of its popularity, it is normal to use FTP as an all-encompassing term.
Unfortunately, FTP transmits data in plaintext, which can be viewed through certain network monitoring tools. Armed with these tools, nosy individuals can carry out man-in-the-middle attacks and grab confidential information from an FTP connection - including usernames and passwords.
One way of protecting the transmission from these types of attacks is by employing encryption. Encryption renders the transmitted data unreadable to those who don't have the right decryption key. In fact, practically all secure file transfer protocols protect data through encryption.
We've written an article illustrating both how hackers steal information from unencrypted FTP and what they see in an encrypted file transfer session, complete with diagrams and screenshots. Read Countering Packet Sniffers Using Encrypted FTP to learn more.
The two most popular secure file transfer protocols are FTPS (FTP with SSL/TLS) and SFTP (SSH File Transfer Protocol). Both provide secure file transfers through encryption. That's why some people address FTPS as the "Secure FTP", while others reserve that title for SFTP. They're all correct. To understand how these two differ from one another, read Understanding Key Differences Between FTP, FTPS and SFTP.
Who needs secure FTP?
Secure FTP is ideal for organizations who need to send confidential files over the Internet or other unsecure networks. Here's a list of some areas where secure FTP can be useful. We've also included a few articles where you can find additional information on these areas' specific file transfer needs.
- Organizations operating in the healthcare industry and their business associates
- Organizations handling credit cards or debit cards
- Guide to PCI DSS Compliant File Transfers
- Required MFT Server Password Settings for PCI DSS Compliance
- Legal firms, paralegals, and their business associates
- Ensuring Regulatory Compliance in eDiscovery File Transfers
- Advantages of Using a Managed File Transfer Server During eDiscovery
- How MFT Server File Sharing Minimizes Potential eDiscovery Costs
- How to Share Files with a Virtual Paralegal
- Manufacturers, suppliers, and CAD designers
- Businesses who need to transfer large files to the cloud
- Businesses who are starting to adopt a BYOD policy
How to use secure FTP
To share files using secure FTP (whether implemented as FTPS or SFTP), you'll need either two secure FTP-enabled servers (for a server-to-server file transfer) or a secure FTP server and a secure FTP client.
It's worth remembering, however, secure file transfers aren't all about encryption. There are other security elements that are also important. The article 10 Essential Attributes of a Secure File Transfer can help you identify some of them.
You've just read a simplified definition of secure FTP. We hope you not only now understand what it is but have also started appreciating the value of transferring files securely.
You can now try transferring files via FTPS, SFTP, and other secure file transfer protocols using the evaluation version of JSCAPE's managed file transfer server, JSCAPE MFT Server, and the free secure file transfer client, AnyClient.