FTP: Loose and Simple however Problematic
Table of Contents
It happens in organizations daily: Someone on the team hits a roadblock: That large file sent by email won’t go through. Or a team member starts to send an account number or password via email and realizes maybe, just maybe that method of delivery is not secure enough.
Another colleague suggests sending that large file or sensitive personal information via FTP, praising the host of “free” tools that can be downloaded easily, as well as a couple of cloud-based solutions. In desperation (and often ignorance), the well-intentioned but misguided advice is taken, and a new FTP fan is born. Hopefully, this situation is on the decline. It should be.
FTP, or “file transfer protocol,” is a solution that’s been available for nearly 40 years. With so many free or inexpensive FTP tools still available after all this time, it’s easy to assume that FTP is a reliable and secure solution. But is it? No. Not at all.
The Downsides of FTP
While FTP may be able to send large files, standard FTP, like email, is not secure and is therefore vulnerable to hackers or human error. In fact, FTP even retains a user’s login credentials “in the clear,” presenting an easy way for hackers to lift information from an organization.
E-book: How to Think Like a Hacker and Secure Your Data
You’ve got options – more secure file transfer options like SFTP, FTPS, AS2, AS3, AS4, HTTPS, and MFT.
Rogue FTP tools, like those free tools that may be sprinkled on employees’ PCs or personal devices, are a liability to an organization, both financially and in terms of reputation and credibility.
Remote or Hybrid Workplaces Need Secure File Transfer Options
Operating with FTP tools may likely mean no one has a comprehensive view of the flow of data in and out of your organization. It’s impossible to know who is sending what to whom, and who is receiving files from where. Centralization of collaboration tools is more important than ever before with the growing number of remote or hybrid work environments.
Related Reading: Benefits of a Content Collaboration Platform
State and Federal laws require that data which contains personally identifiable information or payment card information (PCI) must be encrypted and secured. Multiple processes make locking down this information next to impossible.
Also, because FTP is not secure, organizations are a much higher risk for a costly, reputation-ruining data breach.
Related Reading: Are You Next in Line for a Data Breach?
FTP Alternatives
As mentioned earlier, options to risky FTP are numerous.
- SFTP: SFTP (short for SSH File Transfer Protocol) is a network protocol organizations can use to secure and send file transfers over secure shell (SSH).
- FTPS: For organizations that need to secure file transfers with trading partners and enterprise servers, there’s FTPS (FTP over SSL/TLS) protocol. With this protocol, passwords, client certificates, and server certificates are supported for authentication.
- AS2, AS3, or AS4: Applicability statement protocols transfer information securely via encryption. Depending on file type, size, or EDI requirements, you can choose from among these three secure protocol.
- MFT: Managed file transfer (MFT) is a secure solution that helps organizations meet all aspects of inbound and outbound file transfer. “Managed” describes one of the main draws of managed file transfer solutions: its ability to automate, simplify, and streamline data transfers, whether across your organization, within a private network, or to external users.
In addition to choosing from the above options, establishing smart file transfer policies and procedures with employees is vital. Promote clear expectations, provide easy-to-use transfer solutions and consequences regarding the protection of data.
Most employees want to do the right thing but may not understand the implications of sending sensitive data through the easiest means or grow frustrated with a process that’s not automated or intuitive.
Implementing a secure file transfer solution, such as managed file transfer (MFT), that can be configured to allow users to send and receive large files (including through email) and also send sensitive information within their daily workflow without unnecessary workflow blocks, but with administrative control and much greater security.
See how easy replacing FTP with MFT can be
A 15-, 30-, or 60-minute demonstration can quickly show you how replacing outdated FTP with secure, automated and user-friendly MFT can ramp up your organization’s security and productivity around file transfer tasks.
