In the tech world, FTP has almost become the Kleenex of file transfer. With its roots in the earliest days of networked computing where a handful of government and university researchers explored the value of connecting computers together, the FTP protocol was created to facilitate the movement of files across this nascent network.
Why is FTP still used by so many people these days? It’s well established and embedded in most operating systems today. It’s also freely available. But that doesn’t mean it’s absent of costs. The time spent by IT teams to manage and care for FTP servers and its users can be excessive– and that’s time taken away from more important IT projects and initiatives. While many business processes have been built up around this old protocol– collaboration utilities, nightly batch file transfers, and uploading files to web sites, it may just be plain old inertia that keeps FTP around.
Much has changed in the 45 years since FTP was invented—especially concerns about security and confidentiality. Predating the Internet as we know it today, FTP was not designed to transfer files securely—and when companies use it to send files that contain Personally Identifiable Information (PII) or patient data, compliance goes out the window. Some processes have been around so long, they too predate the rise of industry compliance requirements. But FTP is open to many types of attacks, and with username and password credentials sent in clear text, it’s not difficult for a hacker to extract that information and get access to an entire server filled with corporate data. It is difficult to blame FTP for this oversight, however—in 1971, two computers communicating was an incredible feat in itself and security was most likely not top of mind.
Ease of Use
FTP is primarily an IT tool. Many IT pros still like to run FTP in command line mode—and they take pride in managing their servers through text commands—but for the average knowledge worker, FTP can be overly technical and cumbersome to use. FTP client software can help—but it’s simply an overlay that simplifies usability but doesn’t increase the security or reduce the manual management of an FTP server. An oft-heard complaint by FTP administrators is managing users and their credentials as well as knowing which files should be saved on the server and which files can be deleted. This leads to extremely bloated FTP servers that get worse over time. As people come and go, files on the FTP server continue to accumulate.
An additional concern with FTP and its difficulty for end users is the likelihood that people will look for something simpler—a consumer file-sharing service for example—that does not meet their company’s compliance requirements. As end users demand better and easier tools, the challenge companies will face is the ability to provide a simple and secure solution.
A Modern Approach
Today’s file transfer capabilities have leapfrogged FTP several times over, providing encrypted communication, reporting and tracking capabilities, supporting automation and workflows, integrating with enterprise applications, and simply being more intuitive. With interfaces similar to email, today’s Secure File Transfer (SFT) solutions support today’s elevated security needs and provide a much-needed alternative to FTP. The primary obstacle is changing an existing process that in some cases has been around for decades. I think it’s high time to retire the venerable but outdated FTP protocol in favor of a more modern and more capable solution. Switching over all file transfer in one fell swoop may be overwhelming. A better solution may be to ease SFT into an organization—start with a small group or with a few processes and migrate them over. In time, your company will benefit from additional visibility into data and file transfers, operate within compliance guidelines, and be more productive when FTP is finally laid to a well-deserved rest.