Ericka Chickowski did a nice job in her Dark Reading article on how old-fashioned FTP introduces unnecessarily levels of compliance and security risks to organizations. And here’s an alarming data point from Harris Interactive – approximately 50% of organizations are currently using the FTP protocol to send and exchange files and data.
Talk of security concerns with FTP is certainly not new. FTP was never designed to provide any type of encryption, making it possible for data to be compromised while in-transit. A common answer for this is to use encrypted standards-based protocols such as SSL/FTPS and SSH/SFTP.
Luckily, modern managed file transfer solutions deliver not only the security you know your business requires, but also the visibility and control that IT needs to properly govern company information.
Ipswitch’s Greg Faubert offers his thoughts in the Dark Reading article:
“While FTP is a ubiquitous protocol, depending on it as a standard architecture for file exchange is a bad strategy…. The PCI standards look specifically at the security surrounding your FTP environment. It is a significant area of focus for auditors, and they will fail companies in their PCI audits for a lack of adequate controls.”
And yet, somehow, many organizations continue to rely on unencrypted FTP to transport mission-critical or sensitive information. For those guilty, here are a few steps to help you get started in migrating away from antiquated FTP. And don’t worry, it won’t be painful.