SC Magazine just published a short article titled “FTP described as unsecure and generally unmonitored”.
In the article, fellow Managed File Transfer (MFT) vendor Axway correctly points out that “usernames, passwords, commands and data can be easily intercepted and read while files transferred via FTP are uploaded or downloaded without any encryption.”
Not to overstate the obvious, but I wholeheartedly agree (and this should come as no surprise to our avid blog readers). The FTP protocol turned 40 years old in 2011 and although still functional, it was not designed to provide any encryption or guaranteed delivery. Unfortunately, many organizations are still relying on outmoded homegrown FTP scripts or have deployed basic FTP servers scattered throughout their organization – all lacking basic security measures, not to mention important visibility, management and enforcement capabilities.
Today, the 40-year old FTP protocol proudly serves as the foundation for the majority of data transfer and application integration technologies that organizations rely on so heavily. But luckily for us all, modern file transfer solutions deliver much more than basic FTP:
- VISIBILITY capabilities such as logging; reporting; alerts; notifications; chain-of-custody and file life cycle tracking
- MANAGEMENT capabilities such as workflows and scheduling of file related processes; person-to-person file transfer; integration with systems/applications; data transformation; high availability; virtualized platform support
- ENFORCEMENT capabilities such as user provisioning; password policies; encryption requirements (for example, requiring 256-bit AES encryption over FTPS or SFTP protocols); file integrity checking; non repudiation
Now is the time to replace old and often insecure point FTP solutions and hard-to-maintain scripts with technology that includes the benefits of a modern MFT solution.