End to end encrypted file transfer

iWeb FTP has a great security track record, encourages TLS and SSL transport encryption and has regular vulnerability scans performed against it. All of your data is stored encrypted at rest on our servers, including on backup devices.

However, sometimes customers transfer data which is especially sensitive, or that they have a duty-of-care over, and for that there is no better option than encrypting their files before uploading them.

Encryption in Flight

Transport layer security or TLS refers to a suite of encryption and authentication standards which can be added to existing protocols to make them more secure. The most well known use is in the HTTPS protocol, the secure protocol used by web sites when requesting personal or payment information; this is the protocol that causes the secure lock symbol to appear on most browsers.

iWeb FTP automatically uses TLS to secure all access via the web, from the moment you sign up for your account, as we've purchased a secure certificate for *.iweb-storage.com. Unfortunately the same protection can't be afforded if customers choose to use a custom domain name.

Even if you use a custom domain name for your account, you can still use https://youraccountname.iweb-storage.com to access your files securely through the web.

TLS is also supported by our FTP service (running on port 21). This way, if you're using an FTP client you can make sure that your username and password and your files are encrypted while they are transferred.

Similar (but not identical) encryption runs on our SFTP service (on port 22).

We refer to this as encryption in flight - your files are unencrypted on your computer, and unencrypted on the destination computer when downloaded, but encrypted on their way to and from iWeb FTP. Wikipedia calls this data in motion

If someone was listening in on your network connection (perhaps if you were using public Wi-Fi), they wouldn't be able to gain access to your files. We prefer the AES-256 cipher, which is the strongest symmetric cipher in general use.

However, for maximum compatibility, iWeb FTP also allows access via unencrypted FTP. If you or your recipient does not use the TLS/SSL features we provide, then this is not able to help to protect your files. Additionally, some clients will negotiate lower levels of security, for example if they don't support AES-256, or the software is being used in a country where strong cryptography is restricted.

Encryption at Rest

While your files are stored on our servers, the disks which they are stored on contain encrypted file-systems. This protects against theft by physical access: even if someone stole one of our servers they couldn't get at your data without the decryption keys.

These keys are known only by our senior system administrators, and they are manually entered every time a server is rebooted.

With this said, encryption at rest protects against physical access but does require you to trust our system administrators (who have direct, audited access).

End-to-End Encryption

The gold-standard for sending sensitive data from A to B is end-to-end encryption. What this means is that you encrypt your files before uploading them, and then the recipient decrypts them.

With this in place, you gain all of the security advantages above, and can be sure that no one else, no matter how trusted, can access your files.

Improved security comes at a price: you will need some software for encrypting your files and your recipients will need the same software to decrypt them. You will also need to give them the password separately, for example over the phone, as sending the password with the files would undermine the security.

Luckily; some suitable software is easy to use and freely available. Our guide to using 7-Zip for encryption is available here.