Resources

All about SFTP

Secure file transfer poses a constant challenge to individuals in many industries. The delivery of good service—be it care or counsel—requires coordination among a number of different entities, but the sensitive nature of much business and customer information means that any method has to be secure, and in some cases, compliant. More often than not, security comes at the expense of convenience—even when SFTP is concerned. 

SFTP stands for SSH File Transfer Protocol, and SFTP refers to the popular—and more secure—method of transferring files between two systems. SFTP is vastly preferable to the run-of-the-mill FTP, because it encrypts both commands and data to protect passwords and sensitive information. You might already know that FTP is insecure and should only be used in limited cases or on networks you trust. With FTP, all data—including your username, password, and file data—shared between the computer and server is unencrypted. But SFTP is quickly catching up to its older cousin in terms of lack of reliability.

Once upon a time, SFTP was the preferred method for sending and receiving large files. That time predated the dawn of the cloud, but followed the similarly low-tech but HIPAA compliant fax, which has continued to show remarkable staying power. But SFTP has fallen out of favor among many because it can’t compete with the convenience of the cloud. What’s more, while it might be technically HIPAA-compliant, it’s not terribly secure. Additionally, SFTP doesn’t integrate into other elements of the workflow, like document storage or collaboration. Yet you’ll continue to see it in healthcare organizations sharing information among providers and patients, practices and labs, offices and billing and insurance companies, and in financial institutions working with sensitive customer information.

With SFTP, data is transferred through SSH, a network protocol that allows data to be exchanged using a secure channel. SFTP therefore requires authentication of the client by the server. But this security, too, is only minimal, because it can compromise both your data’s confidentiality and integrity. (A quick note: SFTP isn’t the same as FTPS, another FTP extension that supports TLS and SSL protocols.)

The solution to protecting and transferring sensitive data securely is Sookasa. Let’s unpack how and why the combination of Sookasa plus Dropbox is a substitute for SFTP—and a superior one at that.

What are the issues with SFTP?

  • SFTP Security.
    • Files are protected in transit, and mostly protected from unauthorized access by the recipient, but the files aren’t encrypted at rest.
    • It’s not great for accessing files from personal devices. It’s also incompatible with certain operating systems.
    • The SSH keys used by SFTP are harder to manage and validate, and SFTP doesn’t take advantage of modern security standards and methodology like SSL encryption
    • Especially important for those with compliance needs, there is no easy audit process built in to the SFTP options.
  • SFTP Data Integrity.
    • SFTP can have some issues with file corruption. For example, users might open a file to discover certain characters have been replaced, which looks like gibberish. It usually occurs with text files, which SFTP can have a hard time handling. If you need to work with files other than PDFs, as most organizations do, then SFTP might not be for you.
  • SFTP Convenience.
    • People have to be invited to use the system
    • SFTP is often slow, or doesn’t successfully go through. Even in such cases, though, there isn’t an adequate feedback system to alert you of message failures, requiring communication between senders and recipients to piece together what went wrong.

If SFTP is so bad, why is it so common?

SFTP has benefited from a general inertia among many entities, especially in healthcare, to embrace new technologies. It’s also long been a challenge to send large files, and many are slowly awakening to the use of the cloud for this type of workflow.

So what’s different about Sookasa?

Sookasa provides a transparent layer of encryption to Dropbox, making the cloud safer than ever. Sookasa even brings HIPAA compliance to Dropbox. The advantages to the cloud are manifold: First, it integrates your data storage and collaboration solutions, making work as convenient as it should be. Second, Sookasa provides three key ways to exchange and collaborate on information. Sookasa preserves Dropbox’s shared folders feature, whereby users can collaborate on and share information saved in a Dropbox folder. With our proprietary File Delivery platform, Sookasa also enables users to send and receive information securely from people who don’t have either service, without requiring non-users to download or register for a thing. With Sookasa, sharing is simple—just as it should be.