Pros and Cons of (S)FTP


Requires management of user accounts and may be a graveyard for data.

Once set up and running an FTP server is relatively cheap to run but they will most often occupy a member of your staff for some time to build and manage. Transaction costs are low but access may be complicated so user set-up and support will take time.

In house FTP servers are not secure. User access controls are frequently rudimentary and it is common to find large amounts of legacy data on older ftp servers which have not been purged, however they have the benefit of being inside your DMZ.

Large files may be handled by ftp servers, but controlled availability data integrity and user authentication are weaknesses and the concepts of non-repudiation are handled poorly. Some level of audit trail is possible.

For non-technical users ftp services are un-popular and with security being especially low outside the DMZ services based on ftp are sporadic in use. However relative ease of access and lower authentication hurdles mean that they are easy to use.

Secure FTP

Complex to use, time-consuming to set up and operate. May conflict with other infrastructure. 

More expensive than regular FTP and more complex to install and create SFTP can place a very large burden on your corporate IT infrastructure and on IT staff to install administer and manage. The need for user accounts and administration add to the costs.

Bringing encryption in transit and in storage provides short term security but often poor long term management of the data store. SFTP does have the benefit of running inside the firewall and being locally administered offers some configurability. In the long term SFTP solutions tend to be updated infrequently and are vulnerable to current threats.

SFTP services are rarely certified but they have some advantages, high security, clear process inclusion often policy driven and a clear audit trail. Against this is the problem of ad hoc usage and management which can place barriers to use.

Requiring a client installation SFTP takes time to set up and some level of training before it can be used. For the client end it is more complex to use than SFTP and policy creation is complex. Back to overview Learn now how to transfer files using Cryptshare.