Let’s start with understanding FTPS and SFTP. Better known as File Transfer Protocol Secure and Secure File Transfer Protocol. So what is the difference, and why are they even needed?
In short, they are needed for security reasons. Without these secure file transfer protocols, data would be left exposed for spying, snooping, manipulation and other unwanted activities. Service Objects has several ways a client can connect with our data validation services: API, automated batch processing and one-time batch processing. When it comes to our automated batch process or the one-time batch processing, before we even get into actually sending the files for these processes, it is important with us or anyone else that the files that are sent contain only the data that is necessary for the process.
If we require address data for doing address validation don’t send user account information and other data points of that nature along with it. Any personally identifiable information (PII) that is included in the files should be carefully vetted to be certain it needs to be in the file. Now that you have a file prepared to send you’ll be using one of two secure file transfer protocols to accomplish the transfer in a way that secures your data: FTPS and SFTP.
FTPS versus SFTP – a comparison
While both of these protocols have similar functions, each has differences in secure file transfer. Here is a quick summary of their respective features:
File Transfer Protocol Secure – FTPS, FTP-SSL, FTP Secure
- Is a secure file transfer protocol.
- It allows machines to connect securely with each other.
- Uses encryption and other security to connect with servers.
- Is compliant with HIPAA, PCI DSS, SOX and more.
- Validates authentication.
- Helps with cybersecurity compliance.
- Uses TLS to secure connections.
- Hides sensitive data being transferred.
- Uses multiple ports for connecting making connecting through very secure firewalls more problematic.
- Uses a Control Channel for communications between the client and the server, and uses a Data Channel for file transfer.
Secure File Transfer Protocol – Secure Shell File Transfer Protocol, SFTP
- Has Secure Shell (SSH) security components and is a cryptographic internet security component.
- Uses SSH and encrypted FTP commands.
- Single port
- Less data transferred over the web by using packets instead of text-based protocols.
- Protects against ‘man in the middle’ attacks.
- Supports concurrent operations
- Authentication is performed by client and server via username-password and/or SSH key (via public and private keys)
- Is compliant with HIPAA and more.
Keeping your private data secure
Internet security is a major concern for organizations and as more and more compliance rules are introduced, it is important to ensure that sensitive data is protected. Our APIs are secure, but now let’s talk about how to use these protocols to send us your data securely.
First, we have an automated batch process where clients and prospective clients can upload a file to us and our systems will detect it, process it against our data validation services, and send the resulting validations back. This is done via FTPS connections. In an effort to bolster the FTPS security for our Control and Data Channels, we force powerful encryption with no use of SSL or TLS 1.0. Though this process is compliant with HIPAA, SOX, PCI and more, some prefer to use SFTP connections.
We can set up SFTP connections outside of our automated batch process. These are more typical when transferring larger files, and usually in a one-time batch data validation. Files transfer quicker due to this process using packets, which are smaller than the text-based protocols.
When it comes to your data, we take its security seriously, whether sending encrypted data through our APIs or using our secure batch processes to handle file transfer, you can rest assured that your data is protected with up-to-date, bank grade security protocols. And as always, our friendly technical experts are always here to help ensure you get the most out of your Service Objects products.