The Business Problem of Using File Transfer Protocol (FTP)

File transfer protocol (FTP) provides an unsophisticated way to move files to and from remote platforms

Today’s world functions on data – facts, statistics, trends, values, measurements. That means your business functions on data. Gathering, analyzing, and moving it. If that data fails to get where it’s supposed to be, the consequences can have a ripple effect on your business and beyond. How you manage the flow of data drives the success of your business, and the old methods for managing this critical information just aren’t cutting it anymore.

Reliable transfer of data across your internal network, as well as with partners and customers outside the corporate walls, necessitates reliable solutions. File transfer protocol (FTP) provides an unsophisticated way to move files to and from remote platforms, but its simplicity of operation often comes at a high cost.

It is estimated that FTP fails 8 percent of the time, even under regular loads, and does not scale well beyond 30 connections.

File Transfer Protocol Definition

File transfer protocol is a standard network protocol that was developed in 1971 and used to transfer data from one host to another via computers or networks, namely the Internet. FTP was not designed to be a secure protocol—especially by today’s standards.

FTP solutions are ideal for small to medium-size business data movement requirements and meeting with basic file transfer needs. However, FTP servers were never intended to address enterprise-level requirements, such as high-volume, mission-critical file transfers. Additionally, FTP was not built with security in mind.

The Problem with FTP

While FTP solutions appear to be cheap, and often free, the simplicity of FTP and similar single-purpose utilities can actually inflate the total cost of ownership (TCO). These “point-to-point” transfers require additional code and the creation of scripts or events to send notifications, clean up files, or process incoming data. Over time, these customizations require a massive effort to maintain.

Some other FTP shortcomings include:

  • Lack of security: An employee-managed system often operates without IT oversight. FTP systems are at risk because they are not properly managed and because most FTP systems cannot encrypt the data.
  • Lack of control: The sender loses control of data sent via FTP, with little say in who accesses the content and how long files are usable.
  • Lack of reporting: FTP does not provide any status information about files sent or received and does not provide notification upon the receipt or transmission of data.
  • Lack of automation: Standard FTP servers don’t provide automation, requiring manual processes and wasting valuable time.

The litany of concerns over reliance on FTP as the primary mode of data transfer means that over the years, integration and business security experts are finding ways to make FTP more secure, or simply replace it.

The Secure Alternatives to FTP

SFTP

SFTP, or secure FTP, is a program that uses Secure Shell (SSH) to transfer files. The encryption used by SFTP is intended to provide confidentiality and integrity of data over an unsecured network, like the Internet, which prevents passwords and other sensitive information from being openly transmitted. Standard FTP clients, however, cannot be used to talk to an SFTP server, nor can one connect to an FTP server with a client that supports only SFTP.

Some problems this protocol poses:

  • SFTP requires either working with the command line or installing an SFTP program.
  • SFTP requires an anonymous FTP, and you can’t password-protect a file with anonymous FTP.
  • Many people are unfamiliar with SFTP.

Active FTP vs. Passive FTP

To make an FTP connection, the server needs to know on which port to talk to your computer. This requires setup to be in active or passive mode.

Active FTP: The FTP server attempts to make connections to random high ports on the client, which would almost certainly be blocked by a firewall on the client side. This method is beneficial to the FTP server administrator but is an access risk for the client.

Enabling active mode means there’s a chance no connection would be made at all, and enabling passive mode opens up your system to attacks.

Passive FTP: The client will make both connections to the server, but one will be to a random high port, which would almost certainly be blocked by a firewall on the server side. Enabling passive mode on your server means that clients who are behind a firewall can easily connect.

Managed File Transfer (MFT)

Many companies end up realizing they have a “free for all” of FTP solutions throughout their organization and even across their global network, making the most basic compliance and governance nearly impossible. That’s not to say FTP systems don’t have a place in the world, but when it comes to securely moving large amounts of critical data, FTP is no longer seen as a viable option to transfer files inside or outside your business.

Managed File Transfer (MFT) is one option for companies looking to evolve away from standard FTP processes and moving toward a more secure, modern solution. A managed file transfer solution ensures a secure connection is achieved every time without leaving the business network vulnerable.

Organizations that understand the importance of on-time, predictable, and secure data movement select solutions that fit their performance and security requirements. MFT is designed to overcome all FTP’s shortcomings and provide data stability. Implementing an MFT solution enables an organization to reduce risk data transfer methods and take complete control of critical business data processes, internally and beyond the walls of the enterprise.