FTP is certainly not the right transfer protocol for sensitive and confidential data. If you have consulting clients who still depend on FTP, Susan Harkins explains why you may want to encourage them to update to either SSL or SSH.
Secure file transfer is a challenge we all face. Electronically exchanging confidential or sensitive data carries risks that the data won't reach the intended recipients or worse -- that an authorized person will intercept the data.
For years, FTP was the way to transfer files on a regular basis. After all, it is quick and easy. I mention FTP because, despite its lack of security, FTP is still the most common method of transferring files. FTP protocol includes little or no security, leaving data vulnerable to attack and authorized viewing during transmission and while stored on the server.
Unfortunately, many companies have no IT mandate on the subject and leave data transfer decisions up to individual users. This is a disaster in the making. If your clients are still using FTP, you might recommend an update to either Secure Sockets Layer (SSL) or Secure Shell (SSH).
- SSL: Also known as FTPS, SSL provides secure encryption using standard FTP connections. SSL protects data from unauthorized viewing and editing during transmission.
- SSH: Also known as SFTP, SSH encrypts the entire transfer process.
SSH seems to be the favorite because most operating systems support it. The following table compares features of the three transfer methods.
|File integrity check||X||X||X|
As you can see, SSH is the most robust, and the port issue alone is a great bonus. In addition, only SSH offers built-in compression for better performance.
Chances are, you know all about SSL and SSH, but it might be time to discuss better security for file transfer with those stubborn clients still clinging to unsecured FTP connections. It's time for those clients to change their attitude in regards to data transfer; they must treat data transfer as an essential process and standardize their file transfer solution.
The first step to standardization is to adopt a more secure method of transfer, perhaps SSL or SSH, for sensitive data. You can help clients decide which is the most practical and efficient. The next step is implementation and education. It'll be your job to make sure everyone has the appropriate access, licensing, and training.
Related TechRepublic resources
- SSL/TLS certificates: What you need to know
- SSL/TLS certificates: Perspectives helps authentication
- Implementing SSL or TLS secure communications
- Five steps to a secure login using SSH
- Use PuTTY as an SSH client on Windows
- Realize the flexibility of OpenSSH