Secure file transfer is a challenge we all face. Electronically exchanging confidential or sensitive data carries risks that the data won’t reach the intended recipients or worse — that an authorized person will intercept the data.

For years, FTP was the way to transfer files on a regular basis. After all, it is quick and easy. I mention FTP because, despite its lack of security, FTP is still the most common method of transferring files. FTP protocol includes little or no security, leaving data vulnerable to attack and authorized viewing during transmission and while stored on the server.

Unfortunately, many companies have no IT mandate on the subject and leave data transfer decisions up to individual users. This is a disaster in the making. If your clients are still using FTP, you might recommend an update to either Secure Sockets Layer (SSL) or Secure Shell (SSH).

  • SSL: Also known as FTPS, SSL provides secure encryption using standard FTP connections. SSL protects data from unauthorized viewing and editing during transmission.
  • SSH: Also known as SFTP, SSH encrypts the entire transfer process.

SSH seems to be the favorite because most operating systems support it. The following table compares features of the three transfer methods.

Feature  FTP  SSL  SSH 
Credential encryption  X  X  X
Transport encryption    X  X
File integrity check  X  X  X
Built-in compression      X
Connection ports  2  2  1

As you can see, SSH is the most robust, and the port issue alone is a great bonus. In addition, only SSH offers built-in compression for better performance.

Chances are, you know all about SSL and SSH, but it might be time to discuss better security for file transfer with those stubborn clients still clinging to unsecured FTP connections. It’s time for those clients to change their attitude in regards to data transfer; they must treat data transfer as an essential process and standardize their file transfer solution.

The first step to standardization is to adopt a more secure method of transfer, perhaps SSL or SSH, for sensitive data. You can help clients decide which is the most practical and efficient. The next step is implementation and education. It’ll be your job to make sure everyone has the appropriate access, licensing, and training.

Related TechRepublic resources

Get weekly consulting tips in your inbox
TechRepublic’s IT Consultant newsletter, delivered each Monday, offers tips on how to attract customers, build your business, and increase your technical skills in order to get the job done.
Automatically sign up today!