Maximizing Security in Secure File Transfer: Best Encryption Practices

Learn the best encryption practices for secure file transfers. Explore top protocols like SFTP, HTTPS, FTPS and AS2 to help you protect your sensitive data.

File transfers are elementary to the functioning of an organization. That said, the technology behind secure file transfers is growing more complicated, as perpetrators are finding new ways to latch onto sensitive company data and wreak havoc.

File Transfer Protocol (FTP), for example, was designed in the 1970s and was once the standard protocol for transferring files over a network. Quite naturally, data security was not as much of a concern back then. Fast-forward to March 2017, when the FBI issued a warning stating that cybercriminals are using anonymous FTP servers to steal PII and PHI.

Simply put, FTP servers became a liability for secure file transfer. The flaws of standard protocols like FTP and HTTP led to the rise of managed file transfer (MFT) software. MFT software supports secure file transfer protocols that provide encryption techniques, enabling safe file sharing.

A managed file transfer solution also provides additional security features, including data loss prevention (DLP) content scanning, anti-virus or malware scanning and proxy servers that support PCI DSS, HIPAA and GDPR compliance.

Most importantly though, MFT software allows organizations to standardize file transfers on the most secure protocols. Read on to learn about the best secure file transfer solutions that MFT software like Progress MOVEit supports.

Best Secure File Transfer Protocols

No, we are not exclusively talking about Secure File Transfer Protocol (SFTP) here. While SFTP is a secure file transfer solution and one of the best secure file transfer protocols, several other solutions use encryption to share data safely. Here are the most secure file transfer protocols:

• Secure File Transfer Protocol (SFTP)
• Hypertext Transfer Protocol Secure (HTTPS)
• File Transfer Protocol Over SSL (FTPS)
• Applicability Statement 2 (AS2)

Also known as SSH File Transfer Protocol, SFTP is one of the most used secure file transfer protocols today. It is built on Secure Shell (SSH) cryptography to encrypt data transfers. Data is transferred in packets, rather than as plain text, leading to quicker transmission times.

SFTP supports host-based authentication and the use of key pairs, thereby making it a good option for sensitive data transfers.

Hypertext Transfer Protocol Secure (HTTPS)

HTTPS is an extension of Hypertext Transfer Protocol (HTTP), the primary protocol to transfer data between a web browser and a website. HTTPS is encrypted using Transport Layer Security (TLS) to secure this communication—hence, it is also referred to as HTTP over TLS.

Source: Pixabay (skylarvision)

It is widely used on the internet and, as a standard practice, each website should use HTTPS. This is especially true for websites that require users to submit sensitive data. An HTTPS-protected website has a secured padlock icon in the URL bar of most browsers, and some browsers discourage access to HTTP. Ninety-five percent of websites on Google use the secure file transfer solution.

File Transfer Protocol Over SSL (FTPS)

Also known as File Transfer Protocol Secure, FTPS is an extension of FTP that adds support for TLS. It uses encryption algorithms like AES and numerous security measures to connect with foreign servers and verify authorized parties.

One of the criticisms of FTPS is that it requires two ports on the client server, making it difficult to get data transfers through highly secure firewalls. Nevertheless, FTPS and SFTP are the two mainstream secure file transfer protocols for sensitive data.

Applicability Statement 2 (AS2)

Applicability Statement 2 (AS2) is based on HTTP and S/MIME for sending encrypted messages, and it is the preferred protocol for cheap, quick and safe Electronic Data Interchange (EDI) data transfers, especially in the retail and consumer goods sectors.

It creates an envelope of sorts for EDI data so it can be transferred more securely, using encryption and digital certificates. Interestingly, Walmart helped drive the mass adoption of AS2 for EDI data in the retail sector.

For a managed file transfer solution that implements these encryption methods, sign up for a free 30-day trial of Progress MOVEit today.