Secure File Transfers: Best Practices, Protocols And Tools

Written by
Secure file transfers can rely on a variety of different protocols which is why IT teams are moving to MFT software to help managed them all.

File transfers are a critical part of an organization’s business, responsible for all types of sensitive information. As more processes become digitized, the amount of information being exchanged is growing too. Cybersecurity firm Varonis found that organizations share files with an average of 800 domains.

File transfer protocols are key to protecting information between endpoints and networks. But organizations rely on a variety of protocols depending on the type of information and the destination — internal and external transfers often have different requirements, while data regulations can differ between countries. 

Different file sharing solutions are often used to handle different types of file transfers. However this leads to server sprawl and increases complexity of file transfer environments, making administration and management difficult and time-consuming. Additionally, holes in capabilities are often plugged with custom scripts that are rigid and error-prone. This is especially common for organizations relying on older protocols and file transfer methods.

A better way to manage file sharing is needed as environments grow and security requirements evolve. Let’s take a look at the different types of protocols used for secure file transfers, before diving deeper into best practices and secure file transfer services.

Top Protocols For Secure File Transfer

The original File Transfer Protocol established an easy method for transferring files over a network. But FTP was designed in the 1970s, long before data security was much of a concern. FTP is still around, but its usage has drastically diminished with the introduction of secure file transfer protocols.

So what is a secure file transfer protocol? Most people will answer SFTP, which is half the answer. Basically, whereas FTP is known as an insecure protocol because it doesn’t provide encryption, secure file transfer protocols do.

SSH File Transfer Protocol (SFTP)

SFTP is a protocol developed by the Internet Engineering Task Force (IETF), and is perhaps the most common file transfer protocol in use today. SFTP is built on Secure Shell cryptography to encrypt data being transferred. This encryption is done in part by transferring information in packets as opposed to plain text, which generally leads to faster transmission times when compared to FTP. SFTP supports the use of key pairs as well as host-based authentication, making SFTP useful for sensitive data such as personally information.

File Transfer Protocol Over SSL (FTPS)

FTPS is an attempt to make FTP secure using Secure Sockets Layer (SSL). SSL however was deprecated in 2015 so even though most FTPS servers are using Transport Layer Security (TLS), we still refer to it as FTPS. TLS uses certificates to authenticate users and to prevent information from being accessed by unauthorized parties. FTPS requires two ports on the client server which can make it more difficult to get FTPS transfers through a firewall. There is also explicit FTPS (FTPES) which provides extra functionality for secure file sharing.

Applicability Statement 2 (AS2)

The AS2 protocol is widely used between trading partners in the retail and automotive industries. AS2 is based on S/MIME and HTTPS for sending encrypted messages. AS2 also enables digital signatures and Message Disposition Notification (MDN), which provide the sender with receipts for non-repudiation. 

ODETTE File Transfer Protocol 2 (OFTP2)

OFTP2 is a TCP/IP protocol that is popular among automotive companies, especially those based in Europe. OFTP2, much like AS2, supports non-repudiation through receipts. Importantly, OFTP2 can compress large amounts of data, making OFTP2 an efficient means of transferring large files. The original OFTP was introduced in 1986 by the Organisation for Data Exchange by Tele-Transmission in Europe (ODETTE).

Additionally, OFTP2 can operate through Value Added Networks (VANs), with both push and pull modes.

User Datagram Protocol (UDP)

UDP is a transport layer protocol similar to TCP. UDP however doesn’t include much of the “overhead” implied by other protocols, such as handshakes, certificates or receipts. This makes UDP a much faster method of sending data such as video or audio files, especially when transfers are occurring over long-distance networks that are experiencing high-latency. That speed however comes with noticeable drawbacks, including packet loss.


Handle Any Protocol, Any Platform With A Unified MFT Solution

Take control of your file transfers with additional layers of security, workflow automation and unlimited trading partners.


Best Practices For Secure File Transfers

File transfer needs can be diverse and ever-evolving, depending on the organization’s business. New protocols are always being developed while data regulations at times seem to be completely fluid.

In order to stay ahead of information security, many organizations have dozens of servers dedicated to several different protocols. This makes maintenance difficult and time-consuming as file transfer environments are fragmented between platforms. Onboarding a new employee for example could mean manually adding a new username to multiple clients.

There are other workarounds for adding new layers of security to meet new compliance needs. IT could write custom scripts to fill in gaps, but that method is error-prone and builds technical debt.

In order to meet changing needs, file transfer environments need to be centralized. This includes providing a single point of control through which IT teams can cascade changes. This requires having file transfer software that handles multiple types of protocols, while enabling additional layers of security to those transfers.

At the same time, IT teams need to find ways to automate transfer processes without having to write custom scripts. Workflow automation software reduces manual touch points, minimizing the risk of human error while improving efficiency and reliability.

These capabilities can be found in most managed file transfer software.

Managed File Transfer Solutions To Reduce Complexity

Secure file transfer solutions (as well as file sharing services), are often designed for a single protocol and are reactive solutions that are deployed ad hoc and separate from any long-term strategy. Conversely, managed file transfer (MFT) solutions are designed to handle most — if not all — file transfer protocols, thereby supporting business strategies regardless of how business needs might change.

There are of course a variety of capabilities and features provided by MFT vendors, but some functionality is common and can help your team centralize your file transfer environment.

  • Support for any protocol, with the ability to manage multiple protocols from a single server. In many cases, each protocol needs its own server, which can lead to server sprawl and make management more complex while occupying important hardware. Handling multiple protocols from a single server helps reduce complexity and costs.
  • API connectivity is important for providing connections to critical platforms and technologies in the organization. Some MFT solutions will provide REST API access so users can connect with their enterprise tools. This can help in consolidating file transfer tools to centralize control over the file transfer environment. There are also MFT solutions that provide prebuilt integrations with common transfer tools such as Outlook.
  • Additional layers of security are a frequent draw for MFT tools. Common security features include DMZ streaming, granular user permissions, two-factor authentication and audit trails. Having a suite of security tools that promote end encryption can make it easier to keep pace with evolving data protection regulations such as GDPR, HIPAA or PCI.
  • Intuitive graphical user interfaces are also a major reason why IT teams often choose MFT software over a bare bones FTP server. Instead of working through a command line, MFT software provides clean drag-and-drop GUIs that make it easier to set up transfers while providing views that drastically improve visibility into your file transfer systems. Additionally, some vendors will provide secure client access through web browsers and mobile devices.
  • For reliability, some MFT tools will provide load balancing and load testing so users can determine how their systems will perform under heavy loads. MFT solutions can vary as to whether or not they can handle any file type or file size.
  • And, as we mentioned above, workflow automation is key to helping IT teams manage large file transfer environments. This includes achieving real-time file transfers with event triggers, for example uploading new files to an SFTP server or initiating sends. Without automation for file transfer processes, scaling your file transfer environment can be cost-prohibitive.

Beyond software capabilities, MFT software can offer a variety of services and subscriptions that make it easier to scale and maintain your file transfers. For example, the right solution allows for unlimited trading partners without pricing changes, helping customers control their AS2 costs. Additionally, some file transfer services provide out-of-the-box services to analyze and optimize your file transfer environment.

Data transfers are an integral part of day-to-day business operations, and as organizations increase their reliance on data, the need for file transfers will continue to grow. The only way to manage this growth is with a scalable file transfer environment that makes it easy to manage any protocol from a single location.


Ready To See How We Make Managed File Transfers Easy?

Schedule a demo to watch our experts run jobs that match your use cases in ActiveMFT. Get your questions answered and learn how easy it is to automate and manage all of your file transfers in ActiveMFT.

Brian is a staff writer for the IT Automation Without Boundaries blog, where he covers IT news, events, and thought leadership. He has written for several publications around the New York City-metro area, both in print and online, and received his B.A. in journalism from Rowan University. When he’s not writing about IT orchestration and modernization, he’s nose-deep in a good book or building Lego spaceships with his kids.

Let Us Know What You Thought about this Post.

Leave a Reply

Your email address will not be published. Required fields are marked *