What is the right approach to protect electronic communication?
...their traditional email soon reached its limits. Large amounts of data were routinely burned on CDs or stored on USB sticks and then sent off. Confidential data often had to be sent by post or fax. That was awkward and costly. In addition, the communication partner receiving the documents exclusively in analog form and could not simply process them digitally....
We talk about your individual challenges! For secure digital communication with applicants and employees when sensitive information is involved. Optimise sales through secure and traceable communication. Protect your know-how against industrial espionage and easily handle the exchange of large files...
Your instant access to expert knowledge. For your research or presentation to stakeholders. Collection of current and helpful topics: Secure email and sending large files in the digital world of tomorrow.
Cryptshare Web App
Large or sensitive files via browser app? Request and send them quickly, easily and at any time.
Cryptshare for Outlook
Your files - large or sensitive. Send simply and securely with Outlook.
Cryptshare for Notes
Your files - large or sensitive. Send simply and securely with Notes.
Cryptshare API and Automation
The security upgrade for your IT systems. Integrated transport service for digital information - fast and secure.
You are the focus at all times. Whether it's testing, FAQs, documentation in the Cryptshare WIKI or in-house product support. You get more than just software.
With Cryptshare, you are choosing a manufacturer that focuses on cooperation with your IT service providers. Whether it's operation, acquisition or deeper system integration, we live and breathe partner business.
Whether you are a small professional firm, a mid sized engineering company or a global enterprise. Cryptshare scales with you.
The File Transfer Protocol (FTP) is one of the oldest protocols of the Internet and was already defined in 1985 in RFC 959. Accordingly, this free standard for transferring files is still widely used in companies today.
Fortunately, nowadays there is a secure, user-friendly alternative available. Welcome to Cryptshare.
First of all, FTP is an abbreviation and means File Transfer Protocol. Protocols are definitions on how exactly communication between endpoints needs to be done. FTP was developed specifically for the transfer of files in a network and was already used for this purpose in 1974. However, the actual "FTP" standard was not defined until 1985 in RFC 959.
With the help of FTP, entire folder structures can be created, edited and deleted on so-called FTP servers. Files can first be uploaded and then downloaded. To be able to use FTP, the command line of the desired operating system is sufficient. However, there are also numerous user-friendly alternatives in the form of graphical FTP clients such as WinSCP or FileZilla.
Thanks to FTP, files can be made available to other participants in a network in a simple and inexpensive way.
No. The File Transfer Protocol (FTP) was initially developed without any significant security mechanisms, because the Internet was still small at the time and cybercrime was practically non-existent. Therefore, with the original FTP, all information is transmitted in plain text.
Since FTP transmits both the access data when logging in and the files when uploading and downloading in unencrypted form, they can be sniffed in so-called man-in-the-middle attacks.
Once an attacker has obtained the access data from the FTP server, he can easily access the server and then download or delete data or even replace provided files as well as entire Internet pages with compromised material.
In this way, an Internet site can quickly become a virus distributor and damage the company's reputation.
Some web hosts offer their customers the option of allowing FTP access only to individual IP addresses. This actually makes it more difficult fo attackers to access the FTP server. But the data is still transferred insecurely and the concept remains insecure.
Over the years, two secure alternatives to FTP have been developed. The Secure File Transfer Protocol (SFTP) and the SSH File Transfer Protocol (FTPS).
In both cases, communication takes place encrypted, whereby FTPS secures communication using Secure Socket Layers (SSL) or Transport Layer Security (TLS) and SFTP uses the Secure Shell (SSH) for secure transmission.
With SFTP and FTPS, data transmission is therefore secure. However, it is important to note that only the data transfer is secured. At the storage location itself, the files are still available for retrieval unencrypted.
Confidential data in the sense of the GDPR and business secrets should not be stored on an (S)FTP server.
In the past, FTP servers were often used as an emergency solution. If a file was too large to be sent as an email attachment, the IT or marketing department uploaded it to the FTP server and copy it into the email as a download link.
In some organisations, this option was used so much that the IT department released specially created network drives to the staff. All folders and the files in them were then synchronised to the public FTP server on an event- or time-triggered basis, for example via rsync scripts.
As practical and established as such processes may be, they are also problematic.
FTP does have user names and passwords; in the above example, however, HTTP links were usually issued to recipients so that they did not have to overcome any further technical hurdles.
This results in a serious data security problem; since the recipient was already made aware of the folder structure and any file name conventions on the FTP server by simply looking at the HTTP link, he or she could change the link and gain access to further documents by simply trying around.
Who accessed a file and when? Access to files is not logged by default.
Experience over the past decades has shown that files are not deleted "just like that". Who in the company is supposed to keep track of which files can be deleted and when? If you do delete a file, the phone is sure to ring after a few hours because it is needed. The result is a real "data graveyard".
From time to time, external communication partners such as customers, suppliers or partners want to send larger files to a company. In the past, separate users and exclusive folders were set up on the company's own FTP server so that the company could retain "data sovereignty".
However, this means that the IT department is even busier with the administration of user accounts. The credentials for these must be communicated to the end users in each case - and in the worst case, the users must even be trained in the use of FTP.
How long these accounts will be needed and how long the data will be kept in the directories has not yet been clarified. Furthermore, FTP does not automatically notify users when data have been uploaded. After the upload, you have to send an email to the recipient yourself to let him know.
All in all, the handling of data transfers via FTP proves to be very inefficient and time-consuming. Precious time that employees would be better off dedicating to their main activities.
Data room providers use to advertise that sophisticated user and rights management can solve the problems of FTP. In some respects this is certainly the case. However, the concept can also be viewed critically.
For although data room solutions initially transfer the data in encrypted form (often, even end-to-end encrypted) and protect it from unauthorised access, here, too, overly granular access and rights management poses the challenge of who is to keep track in the long term.
For the reasons mentioned above, Cryptshare takes a different approach; with Cryptshare, data is not permanently provided on an additional storage location or access is granted to a file in the file system.
With Cryptshare, files are only provided temporarily and highly encrypted on a secure server and are automatically deleted from the server again after a set period of time, for example 21 days. After deletion from the Cryptshare server, the sender receives a summary of which recipient(s) accessed the provided data and when.