There are lots of file transfer protocols to choose from, but one that’s rarely discussed in depth is AS2. In this article, we take a deeper look at AS2, how it stacks up against SFTP, and why you would choose one or the other.
To understand AS2, we must first start with AS1. Applicability Statement 1, or AS1, is a file transfer protocol that was first created in the 1990s by EDI Over the Internet (EDIINT), a group that creates business communications. AS1 used Simple Mail Transport Protocol (SMTP) to enable the exchange of files. Eventually, AS1 was superseded by AS2, which saw widespread adoption by retailers and related third-party vendors looking for a secure way to transfer files.
Unlike AS1, allowed for the encryption of messages, which were exchanged over HTTPS via an SSL tunnel. AS2 also allows users to request a receipt, which will notify the sender once a message has been decrypted by the recipient, in a process commonly known as non-repudiation. To this day, AS2 remains a popular standard with retail organizations, both brick and mortar and online.
SSH File Transfer Protocol (SFTP), also known as Secure File Transfer Protocol is a file transfer protocol that uses Secure Shell 2 (SSH2), a secure tunneling protocol, to emulate an FTP connection and provides a firewall-friendly and encrypted channel for file transfers using the well-known TCP port 22. SFTP only requires one port, making it one of the more straightforward options for encrypted file transfer. All data exchanged between an SFTP client and server will be protected by an encryption cipher, as well as through the use of public and private keys. These offer further protection through another form of authentication, called public key authentication. Users can also authenticate connections using a password or an SSH key.
Typically, most businesses would use FTPS, due to the faster nature of its encryption, however between, SFTP and AS2, SFTP is the top choice, due to its strong authentication capabilities, and its firewall-friendly nature. However, there is one vertical where AS2 reigns supreme: Retail.
That’s because way back in 2002, Walmart decided that AS2 would be their standard for EDI, and where Walmart goes, thousands of other retailers, suppliers and third-party vendors must follow. So, simply put, if you’re in retail and your trading partners require you to use AS2, that’s your best bet, otherwise, you should take a hard look at SFTP or FTPS.
Regardless of your choice, MOVEit supports for a wide variety of encrypted transfer methods that can be used to exchange cardholder data over public networks, including the Internet, and VPN implementations. MOVEit Automation can perform transfers using secure FTP over SSL/TLS (FTPS), secure FTP over SSH2 (SFTP and SCP2), as well as secure file transfers using HTTPS and the AS1, AS2, and AS3 protocols. MOVEit Automation can also combine file-level PGP or S/MIME encryption with unencrypted transport protocols such as FTP to achieve encrypted transmission of data in legacy or migration situations. MOVEit Transfer supports transfers using secure FTP over SSL/TLS (FTPS), secure FTP over SSH2 (SFTP and SCP2), as well as secure file transfers using HTTPS and the AS2, and AS3 protocols. Download a free trial today and see for yourself.
Jeff Edwards is a tech writer and analyst with three years of experience covering Information Security and IT. Jeff has written on all things cybersecurity, from APTs to zero-days, and previously worked as a reporter covering Boston City Hall.
Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.
Learn MoreSubscribe to get all the news, info and tutorials you need to build better business apps and sites