FTP D-day: Why enterprises need smarter solutions now
Hosted file sharing services are the current personas non grata of the corporate file and internal data sharing sphere. In recent years services like Dropbox and Google Drive (although both of these services do employ a high standard of security) have been targeted by hackers, compromising private and sensitive data. With these nice, highly intuitive and usable solutions no longer deemed safe by those in the know, many businesses are switching back to FTP (File Transfer Protocol), a relatively old solution to businesses’ file sharing needs.
But if your business is moving away from hosted services and picking back up with FTP, be warned: this protocol is no longer as secure (let alone as usable) as a new raft of FTP alternatives delivered by companies like Thruinc.com. While there are a host of benefits attached to FTP, more cutting edge MFT (Managed File Transfer) services offer a comparatively more secure and workable solution.
There are, however, a great many reasons why you may feel loyal to FTP. If you’re considering hanging onto this system, you wouldn’t be without cause. FTP’s a well known protocol. It’s widely used. Most of us in IT are comfortable with FTP clients and have experience setting up and managing them. FTP is stable, it’s familiar, it’s low cost and it’s simple to implement. Unfortunately, it’s also getting on a bit.
While FTP was once the file sharing solution for businesses and enterprises, it’s now getting dated and cracks are starting to show – particularly when viewed in the light of more up-to-date MFT options.
What’s the problem?
At a really basic level, FTP is no longer the thinking IT manager’s system of choice because of two core reasons:
It’s extremely widely used and has been for a long time. This means that the “cat and mouse” game played out by developers, IT security bods and hackers has had longer to play out in the favour of the bad guys. With so many businesses using FTP, sustained effort has gone into finding ways to get into these servers and get hold of valuable data. This makes FTP very vulnerable.
It’s surprisingly simple. This is the pay off for FTP being so easy to use. It’s not actually particularly sophisticated. This isn’t just bad news from a security perspective, it’s also not fantastic for businesses with evolving requirements and demands looking for versatile, tailored solutions to their sharing needs.
The smaller picture
Widespread use and simplicity are the two top level, fundamental issues with FTP, but these concerns translate as numerous smaller scale problems which include:
No strong, in-built authentication
If messages can be sent and received by unauthorised users or it’s impossible to prove that a message has been sent or received, there’s a serious security hole in your FTP system. Unfortunately these are two common problems which stem from FTP’s lack of strong, in-built authentication and non-repudiation functionality.
Minimal delivery controls
A lack of auditing and versioning controls is another big FTP shortfall. These systems would ensure that issues such as data loss can’t happen, simultaneously reducing the risk of data duplication. No such luck with FTP.
Monitoring and proving compliance with data privacy and security policies is not simple with FTP. As mentioned previously, auditing controls are next to non-existent. There are also no available checkpoint functions which ensure and record delivery.
Poor central administration
In a typical large enterprise, a number of different FTP servers handle a vast quantity of diverse transfers and data. Many will serve different OS, different applications, different locations and different users. In many cases they’re even managed by different people. This can lead to a very disjointed system with no overarching security protocol. This results in a very vulnerable system full of potential security holes.
No in-built automation
If you’re looking for speed, dependability and convenience through automated file transfer – look elsewhere. While scripts can be written to automate FTP, they often include usernames and passwords to speed up the process – these scripts are often relatively easy to read, exposing details that will give hackers access to your system.
Are you considering a switch back to FTP or are you still using it? Have you upgraded to MFT? What has been your experience? Share your input with readers below.