If you are an Industry Data Exchange (IDX) subscriber, you likely connect your current Enterprise Resource Package (ERP) or Order Management System (OMS) to the IDX using one of the following connections: File Transfer Protocol (FTP) or Secure File Transfer Protocol (SFTP).
Though IDEA is able to connect you to our upgraded Tier 1 EDI service solution using either FTP or SFTP, we recommend connecting using the secure connection found through the SFTP. To better understand this recommendation, and to help you decide if switching to a secure connection makes sense for your business, let’s take a look at the differences between the FTP and SFTP connection types.
What is FTP?
FTP is an internet protocol, or system of rules governing the transfer of files between computers in cases where each individual user’s computer is connected to an internet server (the FTP server, or “host”). The FTP server runs programs that “serve” data to other computers in the network. In turn, those computers run their own programs that request information and process the replies that the server sends.
With FTP, a user can download files from the server to their own computer, or upload files from their computer to the server. The system of rules behind FTP also includes commands that can be used to execute operations on a remote computer (e.g., to show folder contents, change directories, create folders, delete files, etc.).
What is SFTP?
SFTP is the standard system of rules governing the transmission of data over a single channel; it ensures that data is securely transferred using a private and safe data stream.
Though the SFTP’s main purpose is to transfer data, it can also be used to obtain general access to a FTP server’s file system, and since the SFTP runs on a secure channel, no clear text passwords or file data are transferred in the process. Using SFTP to access a FTP server’s file system allows for the connection between the user’s computer and the FTP server to be encrypted. Data is then transferred to the user’s computer over that encrypted connection.
Risks when using FTP
Although FTP is one of the oldest and most widely used internet protocols, it does pose several security risks when used. For example, using FTP is considered to be less safe and secure than SFTP, because a password must be entered to kick off each file transfer. That password is subsequently transmitted over the internet without encryption and is left vulnerable. Other risks of using a FTP connection include:
- Usernames and passwords are transferred in clear text when logging in and, as a result, can be easily recognized;
- Transferred data can “stray” to a remote computer rather than arriving at its intended destination. Third parties can then download data from that remote system to their own computers, or view and edit existing data, presenting a significant risk, particularly when transferring confidential information.
- Since passwords are transferred in clear text when logging on, FTP can be used to determine the passwords of individual users. This means that even those with unauthorized access to the given network can record that password information.
Taking all of these security concerns into account, IDEA advises that IDX users use SFTP connections to ensure their data is securely transferred. If you are interested in switching to a SFTP connection – provided your ERP or OMS can support it – IDEA’s team of highly trained migration specialists can work with you and counsel you on secure options.
For more information on the difference between FTP and SFTP connections, please contact George Kane (firstname.lastname@example.org) or Paulette Ortiz (email@example.com), EDI Product Support Specialists.