Is SFTP Still Relevant?

Saggi Neumann -

If you thought SFTP would quietly retire and take up gardening, you were wrong. It’s still the default file handoff for vendors, scheduled exports and imports, batch jobs, and sensitive data workflows.

In fact, it's widely used and relevant across a range of regulated industries like healthcare, finance, retail, media, and more.

SFTP is not trendy. It’s just one of the few things that works across industries, across vendors, across time zones, and across security teams who do not want surprises.

Let’s talk about why.

Let’s start with the basics:
What is SFTP?

SFTP is the SSH File Transfer Protocol. It runs over SSH, usually on port 22, and it’s built for moving files reliably between a client and a server.

In practical terms, SFTP lets you:

  • Upload and download files
  • List directories, create folders, delete files
  • Set basic permissions (depending on server policy)
  • Automate transfers using CLI tools and libraries

One detail that matters more than most people realize: SFTP is not “FTP but secure”. It’s a different protocol that happens to solve a similar job. Also, if you use SCP in modern OpenSSH, you are using SFTP underneath anyway. Since OpenSSH 9.0, SCP uses the SFTP protocol for transfers by default. 

If you're interested in learning more, explore the differences between SFTP, FTPS, and FTP here.

Why do people and organizations use SFTP?

  • SFTP security: SFTP encrypts traffic in transit. You typically authenticate using passwords or SSH keys, and keys are the more common “serious” option when teams care about repeatable security. Explore SFTP Security to learn more.
  • Accessibility: On Linux and Unix-like systems, SSH is already there. SFTP support comes along for the ride. There's no additional protocol stack for clients, while managed platforms handle the security controls, logging, and lifecycle management centrally.
  • Simplicity: Most people can figure out an SFTP client in minutes, especially if they have ever used FTP clients like FileZilla or Cyberduck. The mental model is folders, files, upload, download, done. With a managed SFTP solution, things become even simpler.
  • Automation: SFTP is easy to schedule. That includes cron jobs, CI workflows, ETL exports, nightly reconciliations, vendor drops, and all the other quiet background tasks that keep businesses running. Explore SFTP Automation for more insight.
  • Auditability:
    Modern compliance work is not just “encrypt it”. It’s also “prove who accessed what, when, from where, and what changed.” That is why audit log expectations show up across security control frameworks. Explore SFTP Compliance to learn all about SFTP, HIPAA, GDPR, SOC 2, and more.

What “secure SFTP” actually requires

SFTP is a secure transport, not a complete security outcome. Secure SFTP workflows usually include:

  • SSH keys over passwords where possible
  • Strong host key verification (avoid blindly accepting new host keys)
  • IP allowlisting when the source systems are predictable
  • Least-privilege folder access (separate vendors, separate paths)
  • Log retention that matches your evidence needs
  • Explicit offboarding, remove keys and credentials fast

If your SFTP server is “one shared login for everyone”, that is not a protocol problem. That is an access control problem. A good managed cloud SFTP solution will facilitate all of this.

Where SFTP shows up today (and why)

Because of its superior security, organizations in all industries use the SFTP protocol to exchange files. Let’s discuss a few examples:

Healthcare

Healthcare data flows are still full of exports, referrals, imaging handoffs, lab results, billing files, and vendor processing pipelines. The security expectation is not optional, especially for ePHI transmission over networks. HIPAA’s Security Rule includes transmission security requirements, and encryption is explicitly called out as an addressable implementation specification. 

SFTP fits with HIPAA and healthcare data because it is predictable, encrypted, and easy to integrate into legacy systems that cannot be modernized on your schedule.

Dr. Herbstein feels quite confident no one will ever know about her hematophobia because her secret is protected by the SFTP server. (Photo by NCI on Unsplash)

Finance

Finance teams still ship a lot of data as files: settlement batches, reconciliation exports, partner feeds, audit extracts, and regulatory submissions.

SFTP is used here because it supports:

  • Encrypted transfer over untrusted networks.
  • Strong authentication (SSH keys, not just passwords).
  • Predictable, automatable batch delivery for partner and inter-system workflows where files are the correct operational boundary.
  • Clean access boundaries between internal systems and third parties.
  • Traceability when combined with logs and scheduled jobs (who moved what, when, and whether it failed).

Retail

Retail is basically a conveyor belt of files:

  • Inventory feeds
  • Supplier forecasts
  • Shipment manifests
  • Payment and reconciliation exports
  • Cross-border partner deliveries

If that data crosses the public internet, it needs encryption. SFTP is a simple way to get encrypted transfer without requiring bespoke integrations for every partner relationship.

Also, retail loves automation. SFTP plays nicely with “run this job every hour and drop the output here.”

I hope they're using SFTP in their supply chain, It's payday and my new credit card is here (Photo by Andrea Piacquadio from Pexels)

Media

The importance of security in the Media & Entertainment industry is continuously increasing in parallel to the growing consumption of content around the world.

Media workflows are huge files, tight timelines, and high leak pressure.

SFTP is common for:

  • Delivering masters and mezzanine files
  • Moving dailies and pre-release content
  • Sharing localization assets
  • Vendor handoffs for post-production

And yes, distributing content without secure transfer is still like going to the movies without popcorn. It’s technically possible, but it feels wrong.

One practical note: SFTP does not replace DRM. If you need DRM, you still need DRM. SFTP helps control transport and access, it doesn’t enforce downstream usage rules. For your amusement and some laughs, check out this list of “The 9 biggest movie leaks ever”.

Distributing video files without using SFTP, is like going to the movies sans popcorn. (Photo by Pixabay from Pexels)

So, is SFTP still relevant?

Yes and it’s becoming even more relevant as we write about it!

It’s relevant for the same reason cargo containers are relevant. They’re not exciting, but they standardize the messy part where things move between systems, teams, and companies.

SFTP is especially relevant when:

  • You need secure file transfer without turning the project into an integration epic.
  • You exchange files with partners, customers, or external systems using a clear, well-understood handoff.
  • You run batch workflows such as exports, imports, scheduled jobs, or recurring data deliveries.
  • You need a durable audit trail showing who connected, what moved, and when.

Then there’s SFTP To Go

SFTP To Go is a fully managed SFTP as a service:

  • End-to-end security: Files are encrypted not only in transit but also at rest.
  • Scalable and durable limitless storage: SFTP To Go uses Amazon S3 as storage, so you can rest assured that your data stays intact and dealing with a massive volume of data will not be problematic since you never run out of disk space.
  • Manage users and credentials easily and automatically: Including password rotation or public/private key authentication.
  • Webhook notifications: You can use webhooks to automate your data processes - start a process every time a file is created, modified or deleted.
  • One-Click setup: Yes, it’s as simple as that. And there are no servers to maintain as well.
  • More ways to access files: How about an Amazon S3 endpoint to interact with your data over HTTPS with Amazon S3 APIs? And did we mention the handy but highly secure web portal? For you FTPS lovers out there, Why not add an FTPS endpoint?

To conclude, SFTP is not only still relevant but also the smart choice for ensuring the secure transfer of files.

Want to give SFTP To Go a try? Click here to sign up.

Frequently asked questions

Is SFTP still relevant today?

Yes. SFTP remains one of the most widely used ways to move files securely between organizations. It’s stable, well understood, and supported across platforms, which is why it’s still relied on for business-critical file exchange.

Why do companies still use SFTP instead of newer tools?

Many real-world workflows are file-based. Vendors, partners, banks, healthcare providers, and media distributors often exchange data in batches, not live transactions. SFTP handles this reliably without requiring deep system integration.

Is SFTP secure enough for regulated industries?

Yes. SFTP encrypts both authentication and data in transit and supports strong access controls such as SSH keys. With proper logging and access management, it fits well into compliance-driven environments.

What kinds of workflows is SFTP best suited for?

SFTP is commonly used for scheduled exports, imports, partner handoffs, data feeds, and batch processing. These workflows benefit from predictable delivery, clear ownership, and simple automation.

Is SFTP difficult to automate?

No. SFTP works well with scripts, schedulers, and ETL tools, and is supported by libraries in most programming languages. This makes it easy to integrate into repeatable, unattended workflows.

How does managed SFTP change things?

Managed SFTP removes operational overhead. Instead of maintaining servers, storage, backups, and access controls yourself, you get a ready-to-use service with security, scaling, and reliability handled for you.