SlideShare a Scribd company logo
1 of 15
Download to read offline
AS2 vs. SFTP
for secure document exchange
AS2 stands for Applicability Statement 2. Originally, Applicability Statement was
created in the 1990s as AS1.
It was later upgraded when Walmart adopted and required their suppliers and
other third-party vendors to use it in 2002.
The upgrade included the encryption of messages, known as AS2 messages,
that were exchanged with trading partners, vendors, and remote systems.
What is AS2?
SFTP (Secure File Transfer Protocol) is built on the SSH (Secure Shell) network
security protocol.
It is designed to allow for the secure transfer of files between users (from a SFTP
client to a SFTP server, and vice versa).
Primary functionality of SFTP is generally similar to standard FTP (File Transfer
Protocol); however, there is no direct relationship between the two.
What is SFTP?
Why do I need AS2?
Once you send files over the Internet, you'll be exposing them to various
network-based threats. Malicious individuals can intercept your message and then
steal whatever sensitive information you have in there.
AS2 protocol, allows you to securely transfer your data by encrypting your
payload.
Since AS2 protocol itself make sure your data is encrypted in transit, you do not
need to depend on the TCP level security measurement.
You can safely transfer your data over even HTTP protocol without compromising
security.
In Transit Encryption
Digital signature is a key feature of AS2 because they help enforce authentication,
data integrity, and non-repudiation, which are essential in maintaining the integrity
of business transactions. When you apply digital signatures, you'll be able to:
● Ascertain that the trading partner who sent you a message or file is in fact the
entity it claims to be (authentication)
● Verify whether the message received by the recipient is in fact the message
sent by the sender and not altered along the way (data integrity)
● Prevent a sender from disowning/refuting a transmission sent in the past
(non-repudiation)
Digital Signature
Before you carry out a transaction, it's important to make sure the entity you're
about to transact with is in fact the one whom you intended to transact with.
There are some cases where cyber criminals can spoof a trading partner's host and
participate in the transactions in their stead.
AS2's certificate-based authentication can minimize this risk.
Certificate Based Authentication
Once you shared your data with your trading partner, there should be a
confirmation whether they received/accepted the content you send.
AS2 protocol have a option to request an electronic receipt from the recipient
confirming message delivery status.
This receipt is known as MDN (Message Disposition Notification).
Message sender can also request from the recipient to add their digital signature to
the MDN, eliminating the chance of MDN spoofing and preserving the end-to-end
integrity of the overall transaction.
Electronic Receipts (MDN)
Message Disposition Notification includes a Message Integrity Check (MIC)
computed by your trading partner, based on the payload they received.
When compared with the MIC computed for the initial payload at your (sender's)
end, will stand as strong proof that the content integrity was preserved.
Message Integrity Check (MIC)
If you wish to utilize these integrity and non-repudiation features under SFTP, you
and your partner would need to implement an additional protocol layer on top of
SFTP and explicitly adhere to it.
However, AS2 is a standardized protocol that already includes all these features,
with a strong track record from leading B2B giants like Walmart, Amazon and
Target Corporation.
Unlike SFTP which operates over the SSH port - and hence requires need to
expose that (generally administrative) port for outside access, AS2 operates over
standard HTTP/HTTPS. So it is compatible with any generic network, safer, and
more firewall-friendly.
Why MFT Gateway?
MFT Gateway is a SaaS (Software as a Service) application for Managed File
Transfer, over AS2 protocol, developed on top of Amazon Web Service
infrastructure.
Since MFT Gateway is implemented using cloud native architecture, we deliver high
availability and rapid scalability for our clients.
Hare are the AWS services that MFT Gateway uses for the core functionality of the
application.
● User Management: Amazon Cognito
● Database: Amazon DynamoDB
● Content Store: Dedicated Amazon S3 bucket for each client
● Processing: AWS lambda
Cloud Native Architecture
● AS2/Web app traffic receive interface: API Gateway
● Internal signalling: Amazon SNS
● Email notifications: Amazon SES
● Recording message statistics: Amazon TimeStream
● Deployment aspect: CloudFormation
MFT Gateway allows you to automate your message flows through multiple
integrations.
● S3: S3 integration allows you to directly access your dedicated S3 bucket and
send and receive messages using it, by uploading attachments to S3 bucket.
● SFTP: You can also send and receive messages through SFTP by enabling
SFTP integration.
● Webhook: MFT Gateway allows you to configure multiple webhook endpoints
to receive notifications for incoming AS2 messages, and message send
failures.
● REST API: You can use use the REST API for sending messages and
downloading received content.
Integration Support

More Related Content

What's hot

SOA Fundamentals
SOA  FundamentalsSOA  Fundamentals
SOA Fundamentals
abhi1112
 

What's hot (20)

SOA Fundamentals
SOA  FundamentalsSOA  Fundamentals
SOA Fundamentals
 
DSS
DSSDSS
DSS
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and Practices
 
To SDK or not to SDK?
To SDK or not to SDK?To SDK or not to SDK?
To SDK or not to SDK?
 
HTTPS
HTTPSHTTPS
HTTPS
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
Sharepoint Overview
Sharepoint OverviewSharepoint Overview
Sharepoint Overview
 
Microservices in Node.js: Patterns and techniques
Microservices in Node.js: Patterns and techniquesMicroservices in Node.js: Patterns and techniques
Microservices in Node.js: Patterns and techniques
 
Microservices With Node.js
Microservices With Node.jsMicroservices With Node.js
Microservices With Node.js
 
Amazon GuardDuty Lab
Amazon GuardDuty LabAmazon GuardDuty Lab
Amazon GuardDuty Lab
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
 
Overview of Microsoft Exchange Online
Overview of Microsoft Exchange OnlineOverview of Microsoft Exchange Online
Overview of Microsoft Exchange Online
 
Domain Driven Design - Strategic Patterns and Microservices
Domain Driven Design - Strategic Patterns and MicroservicesDomain Driven Design - Strategic Patterns and Microservices
Domain Driven Design - Strategic Patterns and Microservices
 
Developing Event-driven Microservices with Event Sourcing & CQRS (gotoams)
Developing Event-driven Microservices with Event Sourcing & CQRS (gotoams)Developing Event-driven Microservices with Event Sourcing & CQRS (gotoams)
Developing Event-driven Microservices with Event Sourcing & CQRS (gotoams)
 
Business Case for SharePoint and Office 365
Business Case for SharePoint and Office 365Business Case for SharePoint and Office 365
Business Case for SharePoint and Office 365
 
Cloud Computing - Introduction
Cloud Computing - IntroductionCloud Computing - Introduction
Cloud Computing - Introduction
 
IBM Aspera - Moving the world’s data at maximum speed
IBM Aspera - Moving the world’s data at maximum speedIBM Aspera - Moving the world’s data at maximum speed
IBM Aspera - Moving the world’s data at maximum speed
 
Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?
 
Serverless Application Development with SAM
Serverless Application Development with SAMServerless Application Development with SAM
Serverless Application Development with SAM
 

Similar to AS2 vs. SFTP

SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
Ahmed Elnaggar
 

Similar to AS2 vs. SFTP (20)

Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommerce
 
Ecommerce final ppt
Ecommerce final pptEcommerce final ppt
Ecommerce final ppt
 
Module 2.Cryptography and Cryptanalysis
Module 2.Cryptography and CryptanalysisModule 2.Cryptography and Cryptanalysis
Module 2.Cryptography and Cryptanalysis
 
Module 2.pdf
Module 2.pdfModule 2.pdf
Module 2.pdf
 
VULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLVULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOL
 
Vulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS ProtocolVulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS Protocol
 
Communications Technologies
Communications TechnologiesCommunications Technologies
Communications Technologies
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptx
 
IT8005_EC_Unit_III_Securing_Communication_Channels
IT8005_EC_Unit_III_Securing_Communication_ChannelsIT8005_EC_Unit_III_Securing_Communication_Channels
IT8005_EC_Unit_III_Securing_Communication_Channels
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
 
Unit 6
Unit 6Unit 6
Unit 6
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configuration
 
Cloud Computing Assignment 3
Cloud Computing Assignment 3Cloud Computing Assignment 3
Cloud Computing Assignment 3
 
Securing mule
Securing   muleSecuring   mule
Securing mule
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network)
 
Lecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLSLecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLS
 
Identifying How WAP Can Be Used For Secure mBusiness
Identifying How WAP Can Be Used For Secure mBusinessIdentifying How WAP Can Be Used For Secure mBusiness
Identifying How WAP Can Be Used For Secure mBusiness
 
application layer
application layerapplication layer
application layer
 

Recently uploaded

Recently uploaded (20)

WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
Evolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI EraEvolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI Era
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
 
Effective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConEffective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeCon
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
Novo Nordisk: When Knowledge Graphs meet LLMs
Novo Nordisk: When Knowledge Graphs meet LLMsNovo Nordisk: When Knowledge Graphs meet LLMs
Novo Nordisk: When Knowledge Graphs meet LLMs
 
WSO2Con2024 - Low-Code Integration Tooling
WSO2Con2024 - Low-Code Integration ToolingWSO2Con2024 - Low-Code Integration Tooling
WSO2Con2024 - Low-Code Integration Tooling
 
WSO2Con2024 - Software Delivery in Hybrid Environments
WSO2Con2024 - Software Delivery in Hybrid EnvironmentsWSO2Con2024 - Software Delivery in Hybrid Environments
WSO2Con2024 - Software Delivery in Hybrid Environments
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
WSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAMWSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAM
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
 
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 

AS2 vs. SFTP

  • 1. AS2 vs. SFTP for secure document exchange
  • 2. AS2 stands for Applicability Statement 2. Originally, Applicability Statement was created in the 1990s as AS1. It was later upgraded when Walmart adopted and required their suppliers and other third-party vendors to use it in 2002. The upgrade included the encryption of messages, known as AS2 messages, that were exchanged with trading partners, vendors, and remote systems. What is AS2?
  • 3. SFTP (Secure File Transfer Protocol) is built on the SSH (Secure Shell) network security protocol. It is designed to allow for the secure transfer of files between users (from a SFTP client to a SFTP server, and vice versa). Primary functionality of SFTP is generally similar to standard FTP (File Transfer Protocol); however, there is no direct relationship between the two. What is SFTP?
  • 4. Why do I need AS2?
  • 5. Once you send files over the Internet, you'll be exposing them to various network-based threats. Malicious individuals can intercept your message and then steal whatever sensitive information you have in there. AS2 protocol, allows you to securely transfer your data by encrypting your payload. Since AS2 protocol itself make sure your data is encrypted in transit, you do not need to depend on the TCP level security measurement. You can safely transfer your data over even HTTP protocol without compromising security. In Transit Encryption
  • 6. Digital signature is a key feature of AS2 because they help enforce authentication, data integrity, and non-repudiation, which are essential in maintaining the integrity of business transactions. When you apply digital signatures, you'll be able to: ● Ascertain that the trading partner who sent you a message or file is in fact the entity it claims to be (authentication) ● Verify whether the message received by the recipient is in fact the message sent by the sender and not altered along the way (data integrity) ● Prevent a sender from disowning/refuting a transmission sent in the past (non-repudiation) Digital Signature
  • 7. Before you carry out a transaction, it's important to make sure the entity you're about to transact with is in fact the one whom you intended to transact with. There are some cases where cyber criminals can spoof a trading partner's host and participate in the transactions in their stead. AS2's certificate-based authentication can minimize this risk. Certificate Based Authentication
  • 8. Once you shared your data with your trading partner, there should be a confirmation whether they received/accepted the content you send. AS2 protocol have a option to request an electronic receipt from the recipient confirming message delivery status. This receipt is known as MDN (Message Disposition Notification). Message sender can also request from the recipient to add their digital signature to the MDN, eliminating the chance of MDN spoofing and preserving the end-to-end integrity of the overall transaction. Electronic Receipts (MDN)
  • 9. Message Disposition Notification includes a Message Integrity Check (MIC) computed by your trading partner, based on the payload they received. When compared with the MIC computed for the initial payload at your (sender's) end, will stand as strong proof that the content integrity was preserved. Message Integrity Check (MIC)
  • 10. If you wish to utilize these integrity and non-repudiation features under SFTP, you and your partner would need to implement an additional protocol layer on top of SFTP and explicitly adhere to it. However, AS2 is a standardized protocol that already includes all these features, with a strong track record from leading B2B giants like Walmart, Amazon and Target Corporation. Unlike SFTP which operates over the SSH port - and hence requires need to expose that (generally administrative) port for outside access, AS2 operates over standard HTTP/HTTPS. So it is compatible with any generic network, safer, and more firewall-friendly.
  • 12. MFT Gateway is a SaaS (Software as a Service) application for Managed File Transfer, over AS2 protocol, developed on top of Amazon Web Service infrastructure.
  • 13. Since MFT Gateway is implemented using cloud native architecture, we deliver high availability and rapid scalability for our clients. Hare are the AWS services that MFT Gateway uses for the core functionality of the application. ● User Management: Amazon Cognito ● Database: Amazon DynamoDB ● Content Store: Dedicated Amazon S3 bucket for each client ● Processing: AWS lambda Cloud Native Architecture
  • 14. ● AS2/Web app traffic receive interface: API Gateway ● Internal signalling: Amazon SNS ● Email notifications: Amazon SES ● Recording message statistics: Amazon TimeStream ● Deployment aspect: CloudFormation
  • 15. MFT Gateway allows you to automate your message flows through multiple integrations. ● S3: S3 integration allows you to directly access your dedicated S3 bucket and send and receive messages using it, by uploading attachments to S3 bucket. ● SFTP: You can also send and receive messages through SFTP by enabling SFTP integration. ● Webhook: MFT Gateway allows you to configure multiple webhook endpoints to receive notifications for incoming AS2 messages, and message send failures. ● REST API: You can use use the REST API for sending messages and downloading received content. Integration Support