Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
Secure File Transfer Protocol (SFTP) is a file protocol for transferring large files over the web. It builds on the File Transfer Protocol (FTP) and includes Secure Shell (SSH) security components.
This term is also known as Secure Shell (SSH) File Transfer Protocol.
Secure Shell is a cryptographic component of internet security. SSH and SFTP were designed by the Internet Engineering Task Force (IETF) for greater web security.
There are two different ways to use SFTP as a protocol.
One is through a graphical user interface (GUI), where a program abstracts the use of SFTP visually for end users. Here, you can often drag and drop files, or use control buttons to send files with this protocol over the Internet.
Administrators who are designing systems for end users will typically use a GUI method to help others achieve SFTP protocol use goals.
Another option is to use a command line SFTP method. This is often used in a Linux environment. With this type of setup, the user has to type in specific command lines to generate the SFTP protocol.
SFTP as a successor to FTP is used for many situations where file security is important.
One of the biggest ones is to comply with standards like the federal Health Insurance Portability and Accessibility Act or HIPAA act that governs protected health information.
Any business, even a third party working with a hospital or healthcare provider, must keep its PHI confidential, and that includes during its transition through networks in digital packet form. That’s why SFTP can be useful in securing this type of data.
SFTP is one of several options for shielding that data in transfer, to make sure that hackers don't obtain it, and that the company does not unwittingly perform a HIPAA violation if that law applies.
SFTP can also satisfy other standards for data protection. For example, the General Data Protection Rule or GDPR governing the data of European users may require this type of security.
SFTP can also be handy in other situations where sensitive data needs to be protected. For example, trade secrets may not be covered by any particular data privacy rule, but it can be devastating for them to fall into the wrong hands. So a business user might use SFTP to transmit files containing trade secrets or other similar information.
A private user may want to encrypt his or her communications as well.
Some users who are relatively new to SFTP as a protocol ask whether it is preferable to use SFTP or a virtual private network (VPN).
Both systems will protect data, but they're not the same. SFTP is a protocol, whereas VPN is a secure encrypted tunnel for data. With that in mind, information can be sent using SFTP protocol through a VPN, or through a VPN as an alternative to SFTP, or through SFTP as an alternative to a VPN.
However, the answer to the security question is that either of these approaches provides security on its own. So, theoretically speaking, you don't need a VPN to send files through SFTP and have them be secure to that particular standard.
The use of SSH and SFTP are part of a sea change toward Internet security as we approach Web 3.0, the semantic web.