SALES: 978-367-3655 SUPPORT: 978-250-8355 [email protected]

Staring at the sun is unsafe. Running with scissors is unsafe. Now, Google (Alphabet) has determined that using FTP sites is unsafe. In fact, Google has made it so that if you surf to an FTP site in Chrome, it will tell you it’s “Not Secure.” When speaking of the change, Google security team member Mike West explained, “Its security properties are marginally worse than HTTP.”

Now let’s remember that FTP (File Transfer Protocol) was developed in 1971 as a means of moving files around ARPANet (pre-internet). At the time, there were no tools to move files electronically over a network, so FTP was created. It was built to transfer files, it was not built to be secure, or handle large transfer volumes, or scale – basically it was not built to support an enterprise.

But because it was the first solution, it was widely deployed. And as the need to transfer electronic files exploded, so did the deployment of FTP. As email became ubiquitous, it became the workhorse of sending files around the internet. But it was widely known that email was not secure and had restrictive file size limitations, so FTP continued to be used for many ‘secure’ file transfer needs. FTP Secure was created by using TLS/SSL but most major browsers don’t support FTPS. The “Not Secure” label has been a long time coming.

FTP was not designed to be a business application that would be used extensively by non-IT employees. As such, the interface and user experience is highly technical and overly complex. This taxes IT resources, as they need to be involved with many transfers.

To replace FTP, users should consider a managed file transfer (MFT) or secure file transfer (SFT) solution, like Biscom SFT. Our secure FTP alternative uses full encryption (in transit and at rest), can be integrated into your email client or business applications, has no file size limits, and can be rolled-out using AD/LDAP credentials. All without involving IT.

So it’s not surprising that Google has labeled FTP as “Not Secure,” what is surprising is that major enterprises continue to use it today.