How secure is SFTP?
Very secure. Here are some measures we take to ensure that your SFTP file transfer remains secure and confidential:
- We use the standard SFTP file transfer protocol based on SSH, using a keypair for authentication, as a solid foundation for authentication and transport encryption
- We carefully lock down access to the SFTP server such that in the event of the leak of a private key (held by the customer), no data can be downloaded
- We encrypt all uploaded data
- After ingestion, uploaded files are immediately deleted
SSH key pairs
An SSH key pair will ensure the SFTP connection via your client/HRIS is unique and secure. An SSH key pair is a pair of unique keys that are generated by you and saved on your computer. There's a private key which should only be used by you (or very carefully within your own organisation), and there's a public key which can safely be shared outside your organisation. The integration uses the combination of the two keys to verify the security of the connection.
Note: Our SFTP only supports openSSH key pairs, not SSH2. If your HRIS or command line tool generates keys in SSH2 format, you can convert them to openSSH using the instructions in the guide below.
Do you have a test server where we can test our SFTP integration?
We do not provide a test server for SFTP uploads. However, Culture Amp Product Support will be happy to assist you in testing your SFTP connection and ensuring it is working correctly.
SFTP doesn't work for us. Do you have a web service for uploading employee data?
Yes! If an SFTP file transfer isn't appropriate, you can also manually import your data via our Import Data workflow.