Secure File Transfer Protocol (SFTP)

Why Trust Techopedia

What is Secure File Transfer Protocol (SFTP)?

Secure File Transfer Protocol (SFTP) is a technical protocol for transferring large files securely. Data is hidden by cryptography, and users have to prove their identity before any data is shared.

Advertisements

The Internet is an amazing resource, but using it to share information can be risky. SFTP gives organizations a safer way to send sensitive files over transmission control protocol (TCP/IP).

It uses Secure Shell technology (SSH) to create an encrypted connection between a server and a client. When files are transmitted over public networks, there’s a chance they could be intercepted, causing data breaches or compliance violations.

SFTP ensures that both host and client are validated and authenticated while keeping sensitive information like file content, identity, and passwords safe from prying eyes.

What is Secure File Transfer Protocol (SFTP)

Key Takeaways

  • The Secure File Transfer Protocol (SFTP) enables safe and secure transfers of data over the public Internet.
  • In today’s frequently hacked public Internet, SFTP gives businesses and governments a secure alternative to the File Transfer Protocol (FTP).
  • It uses the Secure Shell technology (SSH) for reliable authentication and to encrypt data being transferred.
  • Instead of FTP’s two port connections, SFTP needs only one, allowing any transfer to be optimized for speed and stability.
  • For even more security, it can be used in conjunction with a VPN, doubling up the encryption.

How Does SFTP Work?

How SFTP Works

SFTP operates in a standard client-server architecture, moving data securely between entities and making files unreadable as they’re being transferred.

To share a file via SFTP, there are four basic steps:

  1. The client (i.e., an end-user) initiates a request to connect with an SFTP server.
  2. The server switches on the SSH protocol to verify the identities of both the server and the client. Once that’s complete, SSH uses cryptography to create a connection that’s unreadable to outsiders.
  3. The file transfer can now begin. In the event that the secure connection drops, SFTP automatically re-connects and resumes the transfer where it left off.
  4. The end user’s client completes the transfer, signals that is done, and the secure connection is allowed to close.

What is SFTP Used for?

SFTP is the successor to the less secure File Transfer Protocol (FTP). It’s designed to mitigate the risks of data loss and maximize security when files are being shared over the public Internet.

Private and public sector organizations use it to send confidential and commercially sensitive files in a secure manner. Data privacy regulations like Europe’s General Data Protection Rule (GDPR) and the US Health Insurance Probability and Accessibility Act (HIPAA) mandate that SFTP be used to secure healthcare and some other types of data during transit.

SFTP vs. FTP

SFTP
  • SFTP creates a single channel for data transmission through TCP port 22, allowing it to be cryptographically secured by SSH
  • SFTP supports public-key authentication, which is more secure than authentication using passwords alone
  • Suitable for sending sensitive files securely over public networks like the Internet
FTP
  • FTP requires a command channel and a data channel on ports 20 and 20, and the connections between client and server are unencrypted
  • FTP relies on passwords and unencrypted connections, giving cybercriminals more freedom to intercept data in plain text
  • Suitable for non-sensitive  file transfers that don’t need to be secured from unauthorized access

Using SFTP for Secure Data Transfer

In order to use SFTP, you need an SFTP client and an SFTP server. The SFTP client software gives you the ability to connect to the server. It also allows you to manipulate files already uploaded to the server, editing, deleting, downloading, or moving them into folders.

The SFTP server is the computer that holds the files for transfer. Connecting to it typically requires a private key for authentication, though some can be used with a standard username and password combination.

Using keys for authentication means the key is stored on the SFTP server. The client uses the key to verify upon login. If the two keys match, a secure connection can be activated, and file transfer can begin.

SFTP and VPN

Secure File Transfer Protocol servers and Virtual Private Networks (VPNs) are both mechanisms that allow data to be transferred securely over the Internet.

VPN connections can be encrypted and are often used with FTP. Using a VPN in combination with FTP will make FTP transfers over the Internet more secure, however, it usually means sacrificing speed and latency.

Because SFTP uses a single secured connection to enact the transfer, it is faster and more reliable than VPN/FTP used in tandem.

4 Best Practices for SFTP Usage

Using SFTP correctly can improve its speed, security, and reliability:

Set security levels to maximum
Use strong passwords, two-factor authentication (2FA), and update and patch the SFTP software regularly.
Make full use of automation
Automate as many actions as possible to cut time from the file transfer process and minimize opportunities for human error.
Backup data
Ensure regularly scheduled files backups are in place and have a recovery plan in case of any loss.
Practice effective file management
Keeping files on the server organized can improve the speed of file transfers.

SFTP Examples

There are numerous ways to transfer or manipulate files stored on a SFTP server:

  • Upload and download files.
  • Move files to different directories.
  • Display files to show where they sit within the current directory.
  • Display the full contents of a directory.
  • Create new directories.
  • Rename files.
  • Delete files.

SFTP Pros and Cons

Pros
  • Because SFTP uses encryption and public key authentication, data is protected while in transit
  • SFTP is designed to quickly move large files or multiple files simultaneously from server to client
  • SFTP works with firewalls and can be used with VPNs for added security
  • Files can be transferred via SFTP using a web interface or a locally-installed SFTP client
Cons
  • While SFTP is flexible, setting up an SFTP client is more complicated than setting up an FTP client
  • To keep them private, SFTP private keys must be stored on the device that you want to transfer files from
  • Technical standards for SFTP are optional, which could cause compatibility issues between different brands of SFTP software

The Bottom Line

Everyone wants to send files securely. Thanks to its use of SSH for verification and encryption, Secure File Transfer Protocol is, by definition, an improvement on traditional FTP.

When you add benefits for compliance, speed, and latency to the mix, it’s easy to see why SFTP is becoming the standard for file transfers between businesses. Regardless of industry or file type, SFTP is designed to keep all information encrypted, secure, and in line with regulatory rules while moving data across the Internet.

FAQs

What is SFTP in simple terms?

What is needed for an SFTP connection?

What is the difference between FTP and SFTP?

Why do people still use FTP?

What is an example of SFTP?

Is SFTP still used?

Advertisements

Related Terms

Mark De Wolf
Technology Journalist
Mark De Wolf
Technology Journalist

Mark is a freelance tech journalist covering software, cybersecurity, and SaaS. His work has appeared in Dow Jones, The Telegraph, SC Magazine, Strategy, InfoWorld, Redshift, and The Startup. He graduated from the Ryerson University School of Journalism with honors where he studied under senior reporters from The New York Times, BBC, and Toronto Star, and paid his way through uni as a jobbing advertising copywriter. In addition, Mark has been an external communications advisor for tech startups and scale-ups, supporting them from launch to successful exit. Success stories include SignRequest (acquired by Box), Zeigo (acquired by Schneider Electric), Prevero (acquired…