You Down with FTP?
File Transfer Protocol (or FTP) was a revolutionary development when it was first introduced in the 1970s. It was the answer to moving information across the Internet at a time before HTTP was developed. Within the last 40+ years, FTP has served as the foundation for various methods of sending data; however, as a standalone technology, it is largely outdated and insecure. Despite FTP’s maturity, there are many organizations still using it, whether due to previous employees who embedded the technology into business-critical processes, or fears about the cost to switch to a more reliable option.
How did we get here? How does FTP still maintain a hold as a useful technology and where is it now?
The Evolution of FTP
FTP was originally published in the 1970s as a response for comment during a MIT project, attributed to developer Abhay Bhushan. The protocol allowed users to send or receive files before computers had graphical interfaces. Over the years, FTP evolved to use different technical methods to move information from computer to computer. It wasn’t until the late 1990s when more secure methods of FTP were introduced. Around the mid-2000s, what’s now known as Secure File Transfer Protocol (SFTP) and Managed File Transfer (MFT) was created.
Over the course of the last 20 years, more security elements were added to FTP, but the protocol was never initially developed with security in mind.
In addition, since the 1970s, the amount and size of data has grown exponentially. Data has become so valuable that a recent study by security firm Gemalto estimated around 1.4 billion records had been stolen in 2016 alone. That is an 86 percent increase compared to 2015.
FTP vs MFT
There are a number of differences between FTP technology and a secure MFT platform.
Transparency & Reporting
FTP can move a simple file from point A to point B effectively. However, if there’s a disruption in sending or receiving a file, FTP cannot provide details of the problem nor the root cause of the issue.
MFT can provide details on what went wrong, and can be configured so that you could attempt to send the file a certain number of times before it notifies you of an issue, in the event the problem is related to bandwidth or latency on the part of the receiver.
A number of organizations need to guarantee delivery of certain information or notices within a specific amount of time of a file being sent—or ensure that data is delivered at the same time every month. These service level agreements (SLAs) can be set up with automation to ensure delivery or receipt. Similarly, automation can eliminate or reduce the amount of human error associated with data delivery.
When FTP is only the mechanism to move the file, it does not have automation capabilities. MFT provides robust automation features that can be customized to the needs of your customers, employees, or partners.
As data has become more of a precious commodity, industry organizations and government associations have developed regulations to help protect that sensitive information. Meeting compliance mandates like the Health Insurance Portability and Accountability Act of 1996 (HIPAA) or Payment Card Industry Data Security Standard (PCI DSS) can be complex and time consuming. Organizations who fail to meet these requirements are faced with steep fines.
MFT provides a secure framework and reporting that can meet even the most rigorous compliance mandates. FTP can’t facilitate compliance.
An essential part of MFT is ensuring that sensitive information is protected. MFT platforms can also work well with other cybersecurity environment tools like data loss protection (DLP), antivirus software, endpoint protection, etc.
FTP wasn’t developed with security considerations in mind and, on its own, is not secure. Data is sent "in the clear" (unencrypted) making it more vulnerable to interception.
While there are a number of add-ons that have been developed for FTP to help organizations overcome its shortfalls, the technology proves to be especially troublesome in today’s business environment. Recently, the FBI issued a warning to healthcare organizations using anonymous FTP servers, as they were targets for cyberattacks.
MFT is a product of FTP, but MFT platforms provide more granular control, data transfer automation features, compliance assistance, and robust data security features that go far beyond standard FTP servers, not to mention, MFT also can provide support for disaster recovery, fast file transfers, and operational efficiency savings.
If you are considering making a switch from FTP to MFT, call the experts at Globalscape today. They can evaluate your current system, provide recommendations based on your needs and help implement a secure, efficient, and compliant system, while causing minimum business disruption.