From the time it was invented, FTP (File Transfer Protocol) has been used to move large files from one host to another by accessing the internet using an FTP hosting service.
This simple – and popular – tool has been the industry standard for moving files for decades. In 2011, FTP technology turned 40 years old, making it a dinosaur in the digital world. Since the technology was designed prior to the creation of encryption, FTP is not a secure protocol, especially by today's heavily regulated standards of security and compliance.
Since FTP is not able to encrypt its traffic, its key weakness is that all data is fully exposed. Data is transmitted in simple text, allowing anyone to unleash packet capture (sniffing) that can intercept your data. This sniffing uncovers text-based usernames, passwords and data commands, and with your files just sitting out on an unsecure server, almost anyone can access and share your data.
But even with inadequate security measures in FTPs native state, you can solve security issues. By using TLS-protected (Transport Layer Security) versions of FTP hosting services, you can feel confident that your data is safe and maintain a good relationship with your IT team and compliance group.
Here are two widely accepted and implemented secure protocols that you need to look for when looking for the best FTP host.
FTPS is a secure version of FTP, but it comes in two flavors: FTPS Explicit SSL and FTPS Implicit SSL. Both utilize SSL encryption (Secure Sockets Layer), which is the most basic form of internet communication security.
FTPS Explicit SSL is an added command that allows your FTP client to request that the file transfer be encrypted before a connection is opened. This happens when an “AUTH LS” command is sent by the server that is accessing files from another server. The server receiving the command has the option to accept or reject the connection based on whether the files are TLS-protected. Simply put, it creates a checkpoint at the point of entry, and if your files do not comply with the security protocols, they are turned away. If proper protocol is in place, the connection is opened and the files are allowed to enter the server.
FTPS Implicit SSL is much simpler than Explicit SSL, and it establishes a secure connection before any data is exchanged. If the data is not being transferred over a secure connection, then the files are refused. This is where the security protocol ends. While still in limited use, the added security of the Explicit SSL has widely rendered FTPS Implicit SSL obsolete.
SFTP (SSH File Transfer Protocol) has little to do with FTP other than that it is used to transfer files from one network to another – and that is where the similarity ends. This form of file transfer uses Secure Shell (SSH) to make the exchange, which provides built-in encryption for both data and commands. Unlike FTPS, which provides security solely through the connection, SFTP provides security on the data layer. In this respect, standard FTP clients are not able to communicate with an SFTP server, nor can an SFTP client communicate with an FTP-only server.
SFTP web hosting clients with graphical user interfaces are available for all major platforms, and they allow you to use the file transfer client as a drag and drop interface, giving you a desktop-like environment that you'll need to authenticate with a username and password set up by the host.
When seeking out and selecting an FTP hosting service, be certain you choose one that provides options for the best layer of encryption, but also works with your own internal infrastructure and security processes. This technology may be antiquated by today’s standards, but it continues to be a workhorse for many users who move data from one place to another.