IT Security News & Blog

Five Things to Consider When Replacing an SFTP or FTP Server

Posted: 13 September 2019

When it comes to old technology lurking around in your network, there is as good a chance as any other that an FTP or SFTP server is part, having been a staple of most IT teams for a very long time.

So true is this statement that we are often working with customers who are replacing or removing old data transfer servers because they are hosted on old and obsolete operating systems, have been replaced by something more modern or no longer meet the organisations evolving requirements.

There is no doubt that aged solution need replacing, as they might pose a security risk. But how easy is a replacement of something which has been so critical to operations for all these years?

We have come up with five key areas to consider before you start.

 

1. Migrating User Accounts

The number one concern for most migrations is to ensure that those using the solution have a seamless switch from one to the other. In most cases, the focal point for this concern is on two specific items: user accounts and the data store.

In an ideal environment users should be able to use the same username and password combination on new and older systems without any change. However, depending on how the old system has been set up, this can be a challenge.

Modern SFTP and FTP servers can utilise third-party user repositories via protocols such as LDAP or SAML v2. Where this is the case, the migration from one solution to the other is simple, with the two even potentially being run in parallel.

Where accounts are local, or stored within the older servers application. A seamless user account migration is only going to be possible if there is an export function.

 

2. Copying the Data Store

Second on the list for most IT teams is the preservation of data held on the older SFTP and FTP server. In such cases we always recommend that migration be used as an opportunity to prune that data being held.

Often, old servers contain data going back many years that hasn't been accessed and is no longer required. In fact, we more often than not do not recommend the migration of old data stores.

On older servers, the issue of data build up is very common, users of SFTP and FTP services are very good at uploading and downloading files but rarely clean up after themselves.

Newer file transfer servers tend to contain features which permit the automatic clean up of folders when a file reaches a particular age. This means that data stores are kept lean and where cloud storage is in place, cost is reduced.

Take a look at Ipswitch WS_FTP Server, the world's most popular SFTP and FTP solution.

 

3. Usage of New Protocols

While SFTP and FTP are very popular protocols, they are not exactly known as being user friendly among those without IT expertise. Having to use an SFTP/FTP client and possibly authenticating user a client and server key are all outside of most users base-level capabilities.

In newer server software, additional protocols are usually on offer - in particular, protocols such as HTTPS.

Being able to access files and upload files in a web-browser is something which most users are comfortable with, something we can thank the likes of DropBox for normalising.

When we speak to our customers we recommend three actions:

  • Decommission the usage of FTP as a protocol - it is insecure and poses a threat to interception.
  • Promote the use of SFTP with key authentication as a protocol for automated file transfer workflows.
  • Promote the use of HTTPS where human users are uploading and downloading files from the service.

In some system, FTP can be phased out using IP address and username filters which permit only very specific accounts to use this protocol.

 

4. Enhancing Audit Logging

The collection of audit logs in older SFTP and FTP servers was woefully bad, if it even existed at all. With both protocols being conceived in the early days of the internet, there was little worry about security, hence very little being accommodated.

Where there was auditability, you might be sifting through Microsoft Windows event logs or tailing an unformatted file in Linux to try and find what you are looking for.

When we help customers to replace their older systems, we recommend that they look at auditability as one of their key requirements. You should be getting a filtering system, colour-coded logging and an ability to link logs together for context.

 

5. Possible Cloud Hosting

Very much a modern requirement, a day doesn't go by where we are not asked about the ability to host such solutions in a cloud provider tenant such as Microsoft Azure or AWS.

Some modern solutions have templates ready to go in the cloud-providers marketplaces; others even operate full SaaS models - which is very attractive for some.

In any case, we ask our customers to consider the flexibility of the solution they choose. Today's choice is often not the same as tomorrows; and putting yourself into a situation where your options are limited later is essentially where you are today with your old SFTP or FTP server.

Future-proof file transfer systems will not only have options for all three deployment models, but will have clear pathways for migrating between each of them.

Everything discussed in this blog is achievable using Ipswitch WS_FTP Server - a modern, cost-effective and very popular SFTP/FTP server. If you would like to learn more about WS_FTP Server, why not book a call with one of our solution specialists.

 

HERES THE INSIDE STORY

Topics: Managed File Transfer, File Transfer, WS_FTP, sftp

Chris Payne

Written by Chris Payne

Managing Director - Advanced Cyber Solutions