Let's start with the basics: what is FTPS?
FTPS evolved from the widely used File Transfer Protocol (FTP). It provides additional support for the cryptographic protocols Transport Layer Security (TLS) and Secure Sockets Layer (SSL) while maintaining all of the functionality offered by FTP. When using the FTPS protocol, the client and server can be authenticated through FTPS-supported methods such as client and server certificates. Furthermore, both commands and transferred data can be encrypted over the wire.
There are two separate security methods that may be used to set up FTPS connections: “implicit” and “explicit”.
With the Implicit Method, the entire session is encrypted using TLS encryption. This indicates that if the client doesn’t make the security request instantly, the server is expected to drop the connection. Due to this limitation, the implicit method is most commonly considered deprecated.
As for the alternative Explicit Method, a traditional FTP connection is established and immediately after the connection is made, a secure TLS connection is established. Unlike the implicit method, in the case that the client doesn’t instantly make the security request, it’s the server’s job to either decline the connection or continue with basic FTP processes. Moreover, the client may choose whether or not to encrypt the data channel, and the server can yet again choose either to allow or prohibit insecure requests.
- If compliance is imperative for your organization, FTPS meets various compliance requirements, such as: PCI DSS, HIPAA, HITECH, SOX, and data privacy laws.
- FTPS adds a critical security layer to the legacy FTP.
- All modern clients support FTPS.
- You can relatively easily set up an FTPS server as part of IIS on Windows servers or by installing 3rd party servers.
- FTPS makes use of multiple ports, which makes the management of networking and security problematic when it comes to configuring firewalls and NATs.
- Linux and Mac don't come bundled with FTP or FTPS clients or servers.
Now that you know a little bit more about FTPS and how it works, it’s time to answer the question at hand - Is FTPS still relevant?
Yes, FTPS is still relevant
As business requirements for security become a prime standard in many industries, many organizations are abandoning the old data transfer methods (such as FTP) and are looking for the ultimate way to securely transfer their sensitive files. For many FTP users, moving up to FTPS was a natural step. We know it's a popular choice, but is it the best choice?
What about SFTP, you ask?
SFTP is a different secure file transfer protocol that was built from the ground up and is an even more popular option than FTPS. What if you could enjoy the best of both worlds and utilize both protocols at the same time? Better yet - let’s throw in the benefits of Amazon S3 in there too ;the HTTPS-based protocol and the most durable and cost effective cloud storage to the deal.
SFTP To Go is a fully managed SFTP as a service that offers you the option to manage your files through SFTP and FTPS endpoints as well as an Amazon S3 endpoint, so why not have it all?