It may be obvious to some that FTP (File Transfer Protocol) is an insecure protocol; and that its continued use for transferring sensitive or personal is inappropriate. Yet, its use for that very purpose still continues according to Rapid7, creating an unnecessary risk.
The well-known IT security vendors third annual National Exposure Index report has found via an automated scan of the internet that there are roughly 21 million FTP servers still in operation. Tod Beardsley, the principle security research manager at Rapid7 said "I'm worried about all of the personally identifying information that's going to be lurking in all of these FTP servers that are easy to comprise".
The File Transfer Protocol has been around for longer than most of us have been working in IT or IT security. In its earlier days, it was simply a way to move files from one computer or server to another. With hindsight, it is clear that its creators never envisioned today's security threats and data protection regulation environment.
As a result, FTP has been enhanced with added SSH and SSL capabilities along the way. Yet, there remains a large portion of organisations who remain on legacy and insecure FTP servers. For those that routinely transfer sensitive documents containing proprietary or regulated data and find themselves in his situation, FTP servers have become a compliance liability and a heightened risk.
There are a number of security issues with FTP:
As opposed to FTP being a server model, a Managed File Transfer system can be thought of as a fully featured and centralised file transfer system. It supports more secure transfer protocols such as SFTP (SSH/Secure File Transfer Protocol) and FTPS (FTP Secure). Tt provides better visibility, reporting, logging and tracking capabilities; as well as failover or high availability options to ensure the availability of systems and guaranteed delivery/receipt of files.
Managed file transfer solutions are enterprise-class solutions upon which core processes, like invoicing and payment systems, can be built. For instance, a single implementation may include multiple transfer servers, workflow automation and cloud integrations, all from one centralised interface.
These systems are also designed to assure data security, especially for those who require data transfer systems for sensitive files or personal data. This could be in accordance with ISO 27001, PCI-DSS, HIPAA or GDPR (General Data Protection Regulation).
Some of the more valuable features of MFT, in this case, are integration with pre-existing security infrastructure such as anti-virus, DLP and access control systems. Another key feature of many MFT systems in centralised logging and compliance reporting.
Ipswitch have been helping organisations with secure and managed file transfer transfer requirements for over fifteen years. Recognised as an industry leader in this space and with one of the most impressive list of existing customer, containing household names and national governments, Ipswitch MOVEit can achieve everything in the blog and more.
Advanced Cyber Solutions are specialists in Ipswitch solutions and managed file transfer. We are the Ipswitch Partner of the Year for Northern Europe; hold accreditations for professional services and training; and have managed file transfer customers in seven countries.
Take a look at our Ipswitch MOVEit Transfer page for more information.