The company I work for regularly exchanges sensitive files (personal info) with clients in a production environment (i.e. files are sent and received via scheduled batch jobs). To prevent Internet eavesdroppers from intercepting our data, we use dial-up, but it is cumbersome. FTP would be far more convenient, but FTP data is clear text.
My suggestion is to PGP encrypt the data, then use FTP, but the IT department is concerned that although the data would be safe, the FTP IDs and passwords themselves pass unencrypted through the Internet, which they do not find acceptable. I believe that this can be a minimal issue as long as the ID has access to only a single folder, containing only encrypted files.
Is it true that FTP sends the logon ID and password as clear text? If so, are there any alternate, non-proprietary solutions? Our IT group wants to rely on proprietary end-to-end encryption. (As I remember, the term is "tunneling," or something like a VPN). I feel proprietary solutions are undesirable because they require special software installed on all client sites.
Thanks in advance,