There has been a lot of talk in various online and face to face forums about the need for increased security for EDI data transfer. While there is certainly a place for this, it should not be viewed as a panacea. To give the other side it’s due, let’s consider the argument for the basic file transfer protocol (FTP). First, FTP is easy to install and configure. Second, it is inexpensive. These are two simple, yet compelling reasons to use it. But there is more.
FTP offers a solution when encryption is not that important. The question must be asked, “how much risk is involved if this data is compromised?” To provide a very common example from the trucking industry, let’s assume a hacker has found the contents of a transportation order which contains dates and locations regarding a shipment. If the manifest details (shipment contents) are not included in the data, which quite often they are not, then what can be learned? At best, it will be when and where the shipment is picked up and delivered.
But the routing details of the sending and receiving entities of the data would have to be recognized in order to understand where and when the vehicle in question will be moving. This is not easily done. Sender and receiver IDs are not easily encoded as they are not obtainable via a simple browser search. Even then, the ID’s may represent a logistics operation whose logo will not appear on the delivery truck. In short, it’s a lot of work to go to in order to find some very mundane data that is light on content intelligence.
But even where the transmitting parties want to keep some kind of security in the transmission method, with FTP it is possible to authenticate the IP address of the FTP client on the FTP server. This does require the client party to obtain a static IP address, but this is not difficult to do. By doing so, the server can allow only authenticated clients to delivery their data. While this does not suffice for highly sensitive data, it is very useful for relatively non sensitive data. The short answer on why FTP is still so common is that it works when a more elegant solution is not a requirement for the trading relationship. One more case where the answer is, “it depends”.