The File Transfer Protocol (FTP) is a network protocol businesses use to transfer files from one server to another. People use FTP for a wide variety of reasons apart from EDI exchange, but for the sake of this article, we are going to focus on its use as a secure network for B2B communication.
FTP and its variants are among the most commonly used EDI protocols. In fact, the specifications for FTP were written all the way back in 1970, and earlier versions of FTP were in active use throughout the 1980s.
If you are trying to decide whether FTP is the protocol of choice for your business, or you simply want to learn more about FTP, keep reading to discover everything you need to know about the FTP protocol for EDI.
WHAT IS THE FTP PROTOCOL?
“Protocols” are sets of rules that dictate how computers communicate back and forth when connected to the same network. You can think of a protocol as a language. FTP is a protocol for computers connected through a TCP/IP network, such as the internet, to securely transfer files between each other.
FTP uses a client-server model with separate control and data connections linking the client and the server. Each trading partner uses a clear-text sign-in protocol to authenticate themselves – except when connecting anonymously under certain circumstances.
FTP secures the EDI transaction by protecting the username and password of each trading partner and encrypting the data within the message. Users can secure FTP with SSL or TLS as well.
3 TYPES OF FTP PROTOCOLS
Several versions evolved from the original FTP protocol as technology has advanced. While the general process remains the same, the newer protocols are more secure than their predecessor.
FTP is still a popular choice for businesses. However, most organizations only use FTP for transferring files within their organization.
The following EDI protocols are better options for communication between different businesses.
FTP WITH VPN
FTP alone is not secure enough for internet transactions by today’s standards. What you see most often is businesses connecting FTP through a virtual private network (VPN). With a VPN, your transactions benefit from an extra layer of security that isn’t available with FTP by itself.
However, FTP with VPN still has its vulnerabilities. The biggest concern users have is the lack of non-repudiation, which not only verifies the identity of each party but also prevents the receiver from denying the receipt of a transaction from a verified sender.
Secure File Transfer Protocol (SFTP) is essentially FTP with a different security layer originally developed by the Internet Engineering Task Force (IETF). This security layer encrypts the message while in transit and decrypts the message upon arrival.
Similar to FTP with VPN, SFTP also does not provide non-repudiation.
File Transfer Protocol Secure (FTPS) is similar to SFTP, except the only major difference is that the additional security layer for FTPS was developed by Netscape (the internet browser company) instead of the IETF. Both FTPS and SFTP function in the same manner and share the same setbacks, such as lack of non-repudiation or message management.
WHY FTP ISN’T ENOUGH FOR EDI COMMUNICATION
The various FTP protocols certainly get the job done, but they do not make your life any easier in the process.
For example, one of the biggest hassles is the issue of interoperability – meaning you and your trading partners usually need to get FTP software from the same vendor to avoid compatibility problems. Plus, FTP does not provide any sort of message management for your transactions. Then there is also the lack of non-repudiation as mentioned previously.
The most convenient way to solve all of these problems is to use an EDI value-added network (VAN) service, such as BOLD VAN. With BOLD VAN, you can use any EDI protocol, including the FTP protocols, AS2, and many others.
BOLD VAN provides secure message management through the BOLD Portal. You also get the added security of non-repudiation, as well as compatibility with any other VAN no matter the vendor.
All you need to get started is an email address and an internet connection.