It’s no news that data is one of the most valuable resources for any company. And like any valuable resource, it needs to be stored, transferred and shared securely.
Have you heard of SFTP and FTPS protocols?
These file transfer protocols may or may not be familiar to you, especially if your company has an active website.
Choosing between SFTP and FTPS, however, is not such a simple task. In this article, we will help you in this mission by showing what each of these protocols is and what are their advantages and disadvantages.
SFTP and FTPS: file transfer protocols, understand their differences
SFTP and FTPS are basically a type of connection that allows the exchange of files between two computers that are connected to the internet.
While FTPS is the abbreviation of FTP/SSL i.e. a File Transfer Protocol, SFTP is FTP under SSH protocol encryption
Although both acronyms are similar, their similarities stop there. These two protocols couldn’t be more different and that’s what we’re going to show you next:
What is SFTP – Secure File Transfer Protocol?
SFTP, or Secure File Transfer Protocol, protects the files and changes being made to the hosting using SSH technology that securely authenticates the contact between two machines.
SSH is an encrypted network protocol, and it aims to provide a secure path for exchanging information and data, protecting them from interception. It is widely used in remote logins, for example.
When an SFTP connection is established, the information is protected by SSH and the user can also configure private keys, further reinforcing the security of the data packets being transferred.
What is FTPS – File Transfer Protocol over SSL?
Meanwhile, FTPS can be conceptualized as an FTP, with an additional security layer, coming from SSL, or Secure Socket Layer.
But what does that mean in practice?
Unlike SFTP, the information leaving your computer and going to the server doesn’t have an extra layer of protection, but that doesn’t mean it’s any easier to intercept.
When you use FTPS to transfer information, the data leaving your computer is encrypted and only decrypted once it reaches the server.
This means that even if the information falls into the wrong hands on the way between your computer and the server, it cannot be deciphered.
FTPS falls into two main categories: implicit and explicit. In implicit FTPS all connections need to be protected by encryption. Meanwhile, in explicit FTPS, the computer issuing the information can choose which data to encrypt.
It is important to note that both SFTP and FTPS offer a higher level of protection for data transmission than FTP alone.
Features and evaluation of FTPS
FTPS offers an extra layer of protection, guaranteed by SSL. See now some of the positives and negatives of using this data sharing protocol.
- FTPS is one of the most popular file transfer protocols;
- Communication can be understood by humans;
- Its SSL/TLS authentication mechanism is very good;
- There are many support mechanisms for FTPS.
- Does not have a uniform directory listing;
- Encoding of filenames may fail for special characters such as cedillas and accents;
- Requires a secondary data channel to be used, which can conflict with firewalls;
Features and evaluation of SFTP
SFTP, or Secure File Transfer Protocol, secured by SSH, is a protocol that allows you to transfer files over the network. Check below some of the positives and negatives of using SFTP in your data transmission.
- The connection is always encrypted;
- The listing of information is always uniform and machine-readable;
- The SFTP connection also features good background operations;
- SFTP is capable of operating with just one connection, without requiring a data connection.
- SSH keys tend to be more complex to manage;
- There is no native support in VCL and .NET frameworks;
- There are several standards for SFTP, which can lead to incompatibility between software;
- The communication may not be human readable because it is binary encoded.
SFTP vs FTPS: Which Protocol to Use?
It’s safe to say that every user has unique needs when it comes to file transfer protocols. However, there are some best practices when choosing SFTP or FTPS.
If your server has accessibility for portable devices such as smartphones, or has access to operating systems that do not support SFTP/SSH, SFTP is an ideal choice for building a more secure space for users of your websites and applications.
On the other hand, many software offer little or no support for SFTP, and in these cases FTPS is best used in place of regular FTP. It provides an extra layer of security without compromising data transfer performance.
It is worth remembering that FTPS is not less secure than SFTP, it just has less functionality.
Ultimately, what matters are your company’s needs and the way documents are transmitted.