Managing and integrating your business data is a critical part of effective reporting, analysis and insight gathering. The Extract, Transform and Load (ETL) process is a way of gathering data from a range of disparate services and ensuring it all ends up in one secure destination, usually a data warehouse of some description.
There are a number of ways to transfer data across networks, and SFTP has been an industry standard solution for over two decades. But when it comes to protecting your business data, just how secure is SFTP? Xplenty explores what SFTP is and if it's really the secure solution many businesses believe it to be.
Enjoying This Article?
Receive great content weekly with the Xplenty Newsletter!
Table of Contents
- What is SFTP?
- Advantages of SFTP
- How Secure is SFTP? The Secure File Transfer Protocol
- SFTP and ETL
- How Xplenty Can Help
What is SFTP?
SFTP is the sleeker, more secure descendant of FTP. FTP stands for "File Transfer Protocol," and from the 1970s to the 1990s, it was the standard way to move files between clients and servers. Conceived in the 1990s, the “S” in SFTP stands for “Secure” and refers to the encryption used during every single transfer process — more on that below.
SFTP runs over the SSH protocol. This protocol supports secure remote login, helping to ensure secure file transfers by providing a variety of alternatives for strong authentication during digital communication or data transfer. Therefore, while FTP may still be used between machines on the same network, SFTP is a more secure option for cross-network communication.
Recommended Reading: What is the Difference Between FTP and SFTP?
Advantages of SFTP
Using a more secure protocol helps protect business data and the integrity of your company. Depending on who you partner with and the type of data you manage, you may have compliance standards to achieve, in which case SFTP may be one of the required minimum ways to ensure this. Your chief information security officer (CISO) or similar should be able to advise further on the data security requirements and obligations of your organization. The technical advantages of SFTP include:
- SFTP uses a single channel for digital communication whereas other protocols use multiple channels
- The underlying SSH protocol includes layers of different types of security
- These layers include data encryption, data integrity protective services, and server authentication
- Authentication can occur via user-defined private security keys or alphanumeric usernames and passwords
- There is wide support across operating systems and apps for SFTP
- SFTP meets most data governance and regulatory compliance requirements
SFTP is the preferred data transfer protocol for many reasons. Wholesalers and retailers can safely transfer whole swathes of information about shipping and purchase orders using SFTP. SaaS applications often transfer information between one another via SFTP. And, as we’ll see later on, SFTP can be an integral part of an ETL solution to merge and integrate data effectively while keeping it encrypted and secure.
Integrate Your Data Today!
Try Xplenty free for 14 days. No credit card required.
How Secure is SFTP? The Secure File Transfer Protocol:
We know that SFTP gets its name because it’s secure. But just how secure is SFTP in real terms? The answer is — thankfully — very secure.
If a cybercriminal intercepts data that is being transferred by SFTP, it won’t do them any good. The layered encryption on the data will render it virtually useless. SFTP, or more accurately the SSH protocol beneath, uses the Advanced Encryption Standard, or AES, to encrypt your data. This symmetrical block cipher uses a mathematical process involving prime numbers to encrypt data with a specific key. The goal is that the system only provides the correct key once the data is safely in the hands of the intended recipient.
SFTP also has a way to ensure data integrity, or more reassuringly, to alert data recipients if external interference has altered the data in any way. A hashing algorithm called SHA-2, also provided by SSH, processes the data in such a way that it creates a particular letter/number combination called a "hash." Once a successful data transfer has occurred, the hashing algorithm runs again, and the recipient should see that the system produces exactly the same hash. If a different hash appears, it indicates that something happened to the data during its journey.
SFTP users can also set their own usernames and passwords or particular security keys. These only work, of course, if companies train their employees not to disclose passwords or write them down, or even store them on a shared computer. It's also crucial to ensure that employees and data managers use strong passwords, and that they change these passwords regularly or assign them a single-time use.
Companies should also avoid default passwords and adopt a password centralization process that allows data managers to adjust passwords as necessary — for example, when an employee leaves the company or changes roles. Human interaction with data is a primary factor in keeping it as secure as possible. In fact, it’s this human interaction that causes most of the potential security concerns when it comes to the question: How secure is SFTP?
If someone takes the transferred data and moves it forward again, SFTP can’t prevent this — but nor can any other file transfer security protocol. Some companies may need additional data security features in place to prevent the unauthorized transfer of files, especially if they need to comply with stringent data security regulations such as Europe's General Data Protection Regulation (GDPR). Keeping manual logs of data transfers may also be necessary, as SFTP doesn't automatically log a central document of every transfer on a particular network.
SFTP also only encrypts data in transit, so data managers and engineers must ensure that stored sensitive data, such as personally identifiable information (PII) has the relevant encryption required to meet industry regulations. This would be necessary regardless of the data transfer protocol used, or even if the data were static.
SFTP and ETL
It’s fairly clear, we hope, that when you’re transferring data across networks, SFTP is a simple and secure solution. That’s what makes it such a useful tool for effective data integration. Merging all your business’s data into a single destination allows you to generate the fastest and most operational analysis and reports, so it’s critical that you can connect — without drama — to a range of data sources.
Many of these sources will have other connectors, such as APIs, that allow your ETL tool to communicate and draw out the data required with ease. Examples of these services include Salesforce and other CRM services, or marketing services such as Google Ads or Facebook Ads. But not all data sources come with pre-built connectors or APIs.
With SFTP, this isn’t an issue. For companies that don’t currently have a service that provides SFTP connections, it’s possible to set up your own SFTP server, then run commands to tell the server exactly what to connect to and what data you need. Whatever connections you make, you'll have peace of mind from knowing that all your business data is coming together and is always secure in transit.
How Xplenty Can Help
Enjoying This Article?
Receive great content weekly with the Xplenty Newsletter!
Xplenty is a no-code, cloud-based ETL solution that’s completely scalable and elastic. Xplenty includes full support for SFTP, allowing you to use one of the securest file transfer protocols to manage and merge your business-critical data. Xplenty also offers out-of-the-box connections to over 100 data stores and SaaS applications, so you can create exactly the data pipelines you need to leverage your business’s data.
Contact us to find out more and to try our 14-day demo.