Secure FTP: More than a matter of protocols0

As high-speed, high bandwidth connections have become more affordable, a growing number of businesses and organizations are replacing cumbersome file exchange and Electronic Data Interchange (EDI) processes with simple file transfers using FTP.  The days of shipping tapes and paper statements are disappearing quickly.

FTP is a ubiquitous and easy-to-use protocol, so it’s a very cost-effective way to move data around. But as FTP becomes embedded in important business processes, you may need to secure those transfers – transitioning from basic FTP to a secure FTP environment.

How do you make FTP secure? 

The obvious first place to start is encrypting the data – both in transit and at rest in the FTP server.  For example, you could use:

  • HTTPS to encrypt data in transit
  • PGP or some other encryption for data stored in the server

If you have an FTP server that supports those protocols, does the use of these protocols mean you are using secure FTP?  Not yet.

If the file transfers include proprietary or regulated data, you’ll have to add other controls.

Authentication, authorization and access control

You need to protect access to the secure FTP server – perhaps integrating it with existing Active Directory or LDAP authentication. In addition, you need to manage who is authorized to access different directories of the server.

Audit and reporting

Secure FTP processes today support many interactions between financial institutions, subject to audit and compliance reporting. If you’re handling any regulated data, you’ll need to log all access to and transfers of data.  In addition to encryption protocols, you need logging and reporting.

Deployment/architecture issues

Where should the secure FTP server reside – inside your firewall, outside the firewall, or in the cloud?  If you want to keep the sensitive files on the FTP server within the firewall, how do you manage connections with the outside world securely?

Beyond data: Take care of processes

A secure FTP server handles important or sensitive data that’s part of critical processes.  Your ultimate objective is to make sure that those processes run smoothly, securely and reliably.

For example, if secure FTP is supporting retail logistics and you receive an order from a major partner, you may want to decrypt it, load it into a database and send a notification to someone that the order has arrived.  An invoice might trigger a different set of processes and back-end integrations.  To support all of this, you need automation and integration capabilities built into the FTP server.

Expanding protocols and interfaces

While HTTPS and PGP are enough to implement basic encryption for your own systems, you partners may be using other interfaces or applications and require different protocols.  Companies using secure FTP to interact with multiple partners often need to support SFTP, SSL/TLS and AS2.

Look for a complete, secure FTP environment

Secure FTP is a great way to handle file and data exchanges that drive your business processes. But a secure FTP environment requires more than a few encryption protocols. Whether you’re building your own or evaluating packaged solutions and services products, make sure that you consider the complete set of controls and capabilities you need to protect vital file transfer processes and data.

About the Author

Guest Blog from John Wright, Senior Marketing Manager at Globalscape.  Their flagship product EFT Server is one of the best known and widely deployed Secure FTP Servers on the planet.

Join us for for a free eSeminar on 12th December to find out more about Globalscape EFT Server

Leave a Comment

Do you want to link to your last blog post?