Compare Secure File Transfer Protocols

Understanding file transfer protocols for B2B and EDI

What is a messaging protocol?

File transfer protocols, sometimes referred to as EDI messaging protocols, act to transfer files both internally and externally to business customers, suppliers, vendors, and other B2B trading partners.

What does a file transfer protocol standardize?

  • Content
  • Format

Secure transfer protocols enable data transport by outlining a standard procedure for regulating the data exchange between businesses. The standard procedure, as defined by the file transfer protocol, acts as a set of rules that enable businesses to connect and share data.


What are the benefits?

The main advantages of sending and receiving files over a secure communications protocol are the ability to:

  • Transfer data internally, to and from point-to-point solutions, and to entities outside the firewall
  • Automate transactions and eliminate errors
  • Increase reliability and scalability
  • Securely share business intelligence
  • Meet compliance and SLA requirements for trading

What are the challenges?

Not every business requires or even uses the same protocols.

While protocols are a set of rules, the rules defining which “set of rules” to use are determined by individual organizations, based on their own industry and compliance needs. This implies that there is not one, but rather, many file transfer protocols that are used to communicate today.

Gain Competitive Business Advantage with Protocol Connectivity

See How

Cleo File Transfer and Data Integration

Protocol Flexibility to Support Business Growth

Protocol flexibility becomes increasingly important as your network of trading partners and customers grows. Depending on your business needs and trading partner requirements, one or many protocols may be appropriate for you.

File Transfer Protocol Comparison

Comparing the functional elements of security, including privacy, authentication, integrity, and non-repudiation are at the core of evolving protocols and the business expectation for heightened security around the data transfer.

Developer-Friendly Integration


Protocol Connectors

Understanding your current and future file transfer needs — including file sizes, volumes, frequency, and security requirements — will help your organization select the best protocols for your business.

Standard Protocols

Applicability Statement Protocols

AS2: Applicability Statement 2 is a standard by which users transfer EDI or other data, such as XML or plain text documents, over the Internet using HTTP and HTTPs. AS2 offers increased verification and security achieved through the use of receipts, digital signatures, and file encryption. Its transactions and acknowledgments occur in real time, increasing the efficiency of document exchanges.

AS3: Applicability Statement 3 enables software applications to systematically communicate data, including EDI and XML, over the Internet using file transfer protocol (FTP). AS3 is not the next version of AS2 as it offers its own unique features and provides security for the transport payload through digital signatures and data encryption. AS3 may be particularly well-suited for FTP-centric businesses that have a significant investment in FTP scripting, applications, or security.

ebXML Messaging Service Protocol

ebMS 2.0: EbMS, or ebXML Messaging Service, is the messaging layer of the ebXML framework. EbMS specifies how messages are sent and received over the Internet, including features for security, digital signatures, non-repudiation and reliability. Privacy is achieved through the encryption of the message, and authentication is achieved through the exchange of digital certificates to verify the identity of the sender and receiver.

File Transfer Protocols

FTP: FTP, or File Transfer Protocol, is an application protocol that uses the TCP/IP protocols. FTP is commonly used to transfer webpage files from their creator to the computer that acts as their server for everyone on the Internet. It’s also used to download programs and other files to your computer from other servers. However, FTP does not include any options for encrypting data in transit and is generally considered unsecure.

FTPs: FTPs (FTP over SSL) adds a secure encryption layer (Secure Sockets Layer) around the FTP protocol to secure the commands and data that are being transferred between the client and the server.

SFTP: Secure Shell File Transfer Protocol (Secure FTP) uses SSH to transfer files and requires that the client be authenticated by the server. Commands and data are encrypted to prevent passwords and other sensitive information from being exposed to the network in plain text. Unlike FTP, SFTP protects data while it is being transmitted and does not use separate command and data channels. Both data and commands are transferred in formatted packets via a single secure connection.

Hypertext Transfer Protocols

HTTP/HTTPs (Hypertext Transfer Protocol/Secure or HTTP over SSL): The foundation of data communication for the Internet, the HTTP application protocol is the one to exchange or transfer hypertext. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers take in response to various commands. HTTPs is a secure version of HTTP and it allows secure e-commerce transactions. Using HTTPs, computers agree on a code between them over SSL, and then they scramble the messages using that code so that no one in between can read them.

Minimal Lower Layer Protocol

MLLP (Minimal Lower Layer Protocol): Commonly used within the HL7 (Health Level Seven) community for transferring HL7 messages, MLLP provides a minimalistic session-layer framing protocol. MLLP supports only direct connections between a sender and a receiver, and there is no authentication process.

Odette File Transfer Protocols

OFTP/OFTP2 (Odette File Transfer Protocol/2): Established by Odette, the European automotive standards body, OFTP is the most prolific protocol inside Europe for the exchange of EDI data, in particular for the automotive industry, and was initially designed to work over an X.25 network. OFTP2 is an advanced version of OFTP that’s mainly intended for secure data exchange over the Internet, where security is enhanced by the use of encryption methods and digital certificates.


RNIF (RosettaNet Implementation Framework): This protocol defines how systems transport a RosettaNet message. RosettaNet is a set of XML standards for integrating business processes between companies, and RNIF is a robust transfer, routing, packaging, and security standard.

Simple Mail Transfer Protocols

SMTP/SMTPs (Simple Mail Transfer Protocol/Secure or SMTP over SSL): This a protocol for sending email messages between servers. Most email systems that send mail over the Internet use SMTP to send messages from one server to another; the messages can then be retrieved with an e-mail client. SMTPs is a method for securing SMTP with transport layer security. It is intended to provide authentication of the communication partners. SMTPs is not an extension of SMTP; it is a way to secure SMTP at the transport layer.

Web Services

WS (Web Services): Web services are XML-based information exchange systems that use the Internet for direct application-to-application interaction. These systems can include programs, objects, messages, or documents. Additionally, Web Services are not tied to any one operating system or programming language.

High-Speed File Transfer Protocols

Cleo Jetsonic®: Cleo’s high-speed file transfer solution enables customers to achieve high-speed transfers using proprietary Cleo technology based on parallel TCP. Based on the core Cleo technology stack, this solution enables the fastest transfer times in the industry — of any TCP- or UDP-based technology — for any size of file with a high level of security. With the ability to deliver more than 2 terabytes an hour, Cleo’s accelerated file transfer protocol is designed to meet ever-shrinking SLA windows and arms your enterprise with checkpoint restart so you don’t have to waste time resending the entire file.

fasp: Aspera Software’s high-speed file transfer protocol is a patented UDP-based transfer technology that achieves speeds faster than conventional protocols like FTP/HTTP and enables large-data transfers across long distances.


IBM® MQ: IBM’s proprietary technology is a robust messaging middleware that simplifies and accelerates the integration of diverse applications and business data across multiple platforms.

Go Deeper

For additional information including side-by-side comparisons of protocol security features, standards, and other considerations, download the Protocol Comparison Guide.

Talk to us about your file transfer integration requirements
Contact Cleo
See the Cleo Integration Cloud in Action
Request Demo
From the Blog

Measuring the Value of Your iPaaS in Ecosystems

Published December 13, 2018

Read the Blog

Entry-Level Sales Representative

Cleo is looking for passionate, motivated self-starters who aspire to be successful business leaders to join our Sales Development team.

See All Openings