Secure file transfer is essential for organizations that deal with sensitive data such as intellectual property (IP), financial information, and patent information (just to name a few). But what is SFTP, and how do we define SFTP?
FTP clients have for years provided a longstanding file transfer method—and SFTP, its secure successor, does the same with added layers of security.
But is there a stark difference between secure file transfer protocol (SFTP) and FTP? Which one is better for your specific use case and are there better, more modern options for secure file transfer?
The answer is yes. More on that below.
Table of Contents
Get The Most Secure Large File Transfer
Start using MASV’s fast, reliable large file transfer defended by enterprise-grade security tools.
What Is SFTP, and How Does It Work?
The Secure File Transfer Protocol (SFTP) is a more secure version of the File Transfer Protocol, or plain FTP, that originated in the 1970s. It was designed in the late 1990s by the Internet Engineering Task Force (IETF)’s Tatu Ylonen to improve on traditional file transfer protocol by facilitating inherently encrypted and secure file transfer. It’s a secure protocol also known as SSH File Transfer Protocol, SSH FTP, or Secure FTP.
How to Send Files Securely
Best practices on how to send files securely, what tools you can use, and the risks of not having a secure file sharing platform in place.
How Does SFTP Work?
SFTP is a network protocol often used to securely send large files using Secure Shell (SSH protocol) version 2 over a Transmission Control Protocol (TCP) / Internet Protocol (IP) network. SFTP transfers require a software client and SFTP server, which stores and retrieves files sent over an SFTP connection.
Secure Shell is a secure channel primarily used for remote logins between authorized users and trusted hosts by verifying the server, generating a session key, and then having the server verify the client. It can be used to create an encrypted tunnel between systems.
SSH2 was developed by the IETF in 2006 as a complete rewrite of SSH1, including improved encryption and authentication.
An SFTP session only requires one connection to send and receive sensitive files and supports server-to-server file transfers, and gives users control over file access permissions.
This is different from a standard FTP server which uses one connection for FTP commands and responses and another for data transfer.
Some of SFTP’s main features include:
Data Security
As mentioned, SFTP is also known as Secure FTP and uses Secure Shell for authentication and encryption to facilitate a secure file sharing channel.
An FTP client sends data in plain text while SFTP encrypts data during transmission, making sensitive data less vulnerable to unauthorized access. SFTP’s improved security helps users comply with regulatory frameworks and sensitive data protection standards while keeping data safe. SFTP can also be integrated with a virtual private network (VPN) for even better security.
Authentication
SFTP offers more authentication methods via:
1. A username and password.
2. A username and SSH key.
3. Or username and password with an SSH key to prevent unauthorized access.
Data integrity
SFTP can also use hash codes or SSH2’s Message Authentication Code (MAC) to verify data integrity, while FTP does not provide any data integrity tools.
Firewall-friendly
Because SFTP uses a single connection (usually port 22) for both commands and data transfer, it’s generally more firewall-friendly than FTP.
SFTP can also be configured to handle automated file sharing via third-party tools such as WinSCP, but this can be a complicated process which requires support from IT.
Top Secure File Transfer Services
Remote companies must prioritize security when sharing data. It’s why we compiled this list of the top secure file transfer services.
SFTP vs FTPS
But Secure FTP isn’t the only secure transfer protocol: File Transfer Protocol over Secure Socket Layer/Transport Layer Security (SSL/TLS), also known as File Transfer Protocol Secure, FTP secure, or FTPS, is also a popular method of sending files securely.
The major difference between SFTP and FTPS is that FTPS requires a new port be opened with each new file transfer request, leading to the use of multiple ports, which opens up more gateways for hackers to breach an internal system and can cause problems with firewall configurations.
SFTP vs MFT
Managed file transfer (MFT) is another way of securely sharing large files using a secure file transfer protocol such as HTTPs.
MFT is regarded as the ideal file transfer option since it’s generally far easier to use, faster, and more reliable than FTP clients. MFT also offers more functionality than SFTP, such as no-code automation and centralized file sharing and user management.
Managed File Transfer vs FTP
Still using an FTP server? Here is breakdown of MFT vs FTP and why a managed file transfer solution is a more secure and reliable alternative.
Advantages and Disadvantages of SFTP for Secure Data Transfer
SFTP can play a role in the transfer of sensitive information, but like every technology has advantages and disadvantages when it comes to facilitating secure file transfer.
Advantage: Security and Compliance
SFTP is obviously preferable to traditional FTP when it comes to keeping file transfers secure thanks to an encrypted, secure connection. SFTP’s inherent file-sharing encryption algorithms and access controls help keep file transfers compliant with data protection regulations for handling sensitive and personal information, such as GDPR, PCI DSS, and HIPAA.
Just keep in mind that an older SFTP client could use defunct encryption techniques such as MD5 or DES, which won’t meet compliance requirements for encryption. Newer SFTP programs often use modern encryption standards such as AES-128 or AES-256.
Some best practices for securing an SFTP server include:
- The use of strong passwords.
- Active SFTP server account management.
- Limiting admin server access.
- Ensuring your client has modern encryption.
- Using IP deny-and-allow lists to block distributed denial-of-service (DDoS) attacks.
- Keeping an audit log of SFTP file transfers for forensic analysis.
Advantage: Authentication
As mentioned earlier, SFTP can use either a user ID and password or an SSH key (or both) for authentication and access control. Unlike FTP, all authentication data using this SSH connection is encrypted.
An SFTP client can also be configured for multi-factor authentication (MFA) and role-defined access controls, which help with both data security and compliance.
Disadvantage: Complexity
The main downside of SFTP, as with FTP, is that it’s complex and often difficult to use—especially for non-technical users or those unaccustomed to dated interfaces and command-line prompts—which can lead to painfully slow onboarding times and a near-constant need for technical support.
In many cases setting up SFTP is even more complicated than FTP and requires a higher level of technical expertise, although one positive note is that SFTP doesn’t require firewall configuration like FTPS or FTP.
Disadvantage: Performance
SFTP is almost always used to transfer data in a professional capacity, which means turnaround time is a critical factor when evaluating solutions.
But even though SFTP has undergone a number of performance improvements since its initial iteration, it’s generally considered not a very fast option for sending large files. In many cases it can be even slower than FTP.
For one thing, most SFTP clients send data in very small 32 KB chunks (this limitation can be manually increased within the software, but this process can be time-consuming). MASV large file transfer, by contrast, divides data into chunks of around 100MB.
Common workarounds to improve the performance of SFTP are the use of file compression or improving your overall network bandwidth to handle faster file transfers.
Why You Need a Secure File Transfer Service
SFTP is a more secure version of FTP that’s often used to send large files using SSH2 over TCP/IP. However, even though SFTP is more secure than FTP, it still carries several potential security risks.
Because it’s not a cloud or SaaS service with strong password enforcement, for example, SFTP relies on users themselves to uphold strong authentication processes like setting strong passwords. Without strong client-side password management SFTP can be vulnerable to brute force attacks.
SSH File Transfer Protocol also isn’t proactively updated with security patches or software updates, which can leave users vulnerable if they don’t perform these updates themselves. SFTP is also vulnerable to IT misconfigurations.
MASV For Secure File Sharing
When we define SFTP file transfer, it’s important to realize that it’s simply a more secure version of the original File Transfer Protocol, and comes with a lot of the same performance and usability issues as FTP.
Secure managed file transfer options such as MASV are an excellent SFTP alternative thanks to better performance, flexibility, and functionality. The MASV secure file transfer solution allows users to:
- Onboard quickly over a browser without opening access to internal systems.
- Automate file transfers between local and cloud storage, or other recipients, without coding to cut down on human error.
- Easily track and audit file transfer activity and manage users to stay compliant and keep tabs on account activity.
- Manage bandwidth by allowing users to control which file transfers receive priority, or by setting speed limits to limit the speeds of uploads and downloads at certain times of day or days of the week.
MASV also facilitates compliant and secure file sharing for remote or in-office workflows through strong authentication via MFA, SSO, and user permissions and encryption of all files both at-rest and in-flight. MASV is compliant with ISO 27001, SOC 2, GDPR, PIPEDA, HIPAA, and is a member of the MPA’s Trusted Partner Network (TPN).
Sign up for MASV for free today and start with 10GB free every month on our Free Tier.
Frequently Asked Questions
How to use SFTP to securely transfer files with a remote server?
Use the SSH protocol to establish and authenticate a secure connection with your SFTP client. Once your connection is established, you can use an SFTP command to connect your remote server by typing in the server IP or remote hostname and begin sending files. Other commands for transferring files include GET (to download files from the remote server), or PUT to transfer files to the remote server.
How do you manually upload data files to your SFTP site?
You can manually upload files to your SFTP site by following these steps: 1) Prepare your files so they’re consistently formatted; 2) Open your SFTP client and enter your host, username, and password; 3) Upload your files using the SFTP directory in your SFTP client.
Can multiple users access an SFTP server at the same time?
Yes, multiple users can access an SFTP server, but it’s a cumbersome process. Administrators must first create a separate SSH key pair (public/private) for every unique user, who can use these key pairs to log in without needing a password. The SFTP public key must then be deployed to the hosting server. FTP clients configured to use the private key should then be installed on each user’s machine.
What is managed file transfer (MFT) and why does it beat FTP?
MFT boasts greater security and compliance, performance, reliability, observability, and customizability than FTP or SFTP, while also being far easier to use. Many MFT solutions, such as MASV, offer drag-and-drop file transfer tools and no-code cloud integrations for automated workflows.
Send Large Files Without Compression
MASV never compresses your files, and you’ll never have to compress your files when sending them with MASV.