I won’t call it evil but I will say FTP just isn’t any good. It’s slow, it’s unreliable and well… it’s dangerous.
FTP has been around for a very long time and really hasn’t been improved since the RFC was published back in the seventies and things have definitely changed since then.
Any company, financial, medical or otherwise that handles any personal or private information should flat out ban the use of FTP anywhere; and that basically means just about any company today.
Regardless, FTP is still the number one transfer method used around the world and here are the top 10 reasons why.
- It has always been done this way here and it works fine.
- There are thousands of internal mainframe and midrange processes moving data around the organization and it will simply cost too much to change them all to a more secured method.
- We looked at alternatives but the cost to replace such a simple protocol just couldn’t be justified.
- We have files that don’t get transferred occasionally but we don’t think it’s FTP’s fault.
- It’s being used for internal transfers only and there’s really not much risk there, right?
- Most of the file transfers are relatively small and FTP handles them just fine.
- It’s simple to use and it’s free.
- I thought FTP was secure.
- We don’t talk about it.
- Really? I didn’t know we were still using FTP.
Not a single one of these reasons is a justification the continued use of FTP. Yes, it’s simple and it’s basically free (until you calculate the negative impact on slow or failed deliveries and the time wasted by your support staff).
You connect, put your ID and password in and put or get a file; however, with this simplicity comes an inherent risk. Logging in and transferring any data with FTP is transmitted in clear text. Any network analyzer will reveal both your password and the contents of your data.
In some cases, your company may configure a secure VPN connection with an external partner to enable more secure transfers but even then, the risk is only minimized, not eliminated. SFTP is a bit better security-wise but the performance is much worse.
The best approach is to use applications specifically designed for the purpose of managing, securing, accelerating and validating your file transfers. In most cases, depending on the FTP process you are replacing, the solution will only be marginally more complex to configure but will be both secure and significantly faster than any typical file transfer method.