Best Practices

SFTP Server

SFTP (Secure File Transfer Protocol) is a file transfer protocol that leverages a set of utilities that provide secure access to a remote computer to deliver secure communications. It is considered by many to be the optimal method for secure file transfer. It leverages SSH (Secure Socket Shell or Secure Shell) and is frequently also referred to as ‘Secure Shell File Transfer Protocol‘.

SFTP server and client diagram


FTP (File Transfer Protocol) is a client/server network protocol used to transfer files over the Internet. FTP clients are used to send and retrieve files to and from servers which store files and respond to requests from clients.

Historically, FTP has been a popular means of moving large files between systems or between desktops and systems. FTP is also a common means of sharing a file that is too large for an email attachment by uploading it to a neutral location for access by other systems, software or individuals. Ipswitch's WS_FTP Professional Client was developed in 1994 as one of the first commercially-available FTP clients. Developed in a time simpler time, the FTP protocol does not provide the security or file management features that are often now required for the exchange of business data.


Secure FTP arose to meet the needs for enhanced security with tunneling. It uses Secure Shell 2 (SSH2), a secure tunneling protocol, to emulate an FTP connection and provides a firewall friendly and encrypted channel for file transfers using the well-known TCP port 22. SSH offers enhanced security by having the entire file transfer session, including all session control commands, entirely encrypted at all times while only requiring a single port be opened on your firewall versus the two ports that need to be opened for FTP and SSL connections.

As an added feature, Secure FTP also compresses all data during the transmission, which can result in faster file transfers. Furthermore, it allows for cross-platform IT standardization, which ensures consistent, strong security policy enforcement and simpler administration.

Where Can I Find SFTP software?

If you are in need of an effective SFTP Client for Windows, Ipswitch offers the world's most popular commercial client, WS_FTP Professional. It supports SSH transfers, 256-bit AES encryption, FIPS 140-2 validated cryptography, and OpenPGP file encryption and checks file integrity using SHA-256 and SHA-512 to guarantee delivery and validate that transferred files have not been compromised in any way.  

If you are in need of a business-grade Secure FTP server based on Windows, you would do well to consider WS_FTP Server.

If, however, your organization needs to move large volumes of data on a routine basis, especially if that data is sensitive or protected by regulations, you may want to consider a Managed File Transfer (MFT) solution such as MOVEit. MFT goes well beyond SFTP to provide file encryption at rest and during transfer, robust management and user access capabilities, workflow automation and cyber security.

Other Uses Clients

The FTP client can also allow you to manipulate the files, such as listing, renaming, or moving them into new directories. Savvy IT pros use scripting languages such as PowerShell to automate repetitive file-based workflows.

Secure File Transfer through Encryption

It is best practice to ensure that any files containing sensitive data or that are covered by regulations like HIPAA, SOX or PCI, are encrypted in place and when they are moved from one server to another. That way if a hacker sniffs your network while the files are in transit, or even manages to break into one of your servers, none of the sensitive data will fall into the wrong hands.

When your files are in transit, whether through your own networks or over the internet, there are a set of server-side secure protocols that you can use to access and exchange files over an encrypted link including:

  • Secure FTP over SSL (FTPS)
  • Secure file transfer over HTTP (HTTPS)
  • Secure FTP over SSH (SFTP)
  • Secure file transfer over AS2 (HTTPS)
  • Secure file transfer over AS3 (FTP)

In a client/server architecture both the client and the server applications need to support encryption. For transfer encryption on the server side you will need to use an FTP client that supports one of the above protocols to achieve end-to-end file encryption.

It is surprising how many secure file transfer servers lack secure file storage and/or safeguards. When your files are at rest, files are vulnerable to unauthorized access when stored on Internet-accessible secure file transfer servers (whether they are located in a DMZ or within a trusted network). For this reason, all files need need to be securely stored using strong encryption. It's also important that file encryption/decryption be done in pieces so the whole file is never exposed, and that each file has its own password, which is also encrypted. These safeguards guarantee that hackers cannot read the files stored on the server.

FTP Server Software
Try WS_FTP® Server Free for 30 Days