Why FTP Is Dead
FTP, like fax, is dead. However, many still have not received the message. Just as fax machines do, FTP servers remain online at more companies than would care to admit it. There are still an estimated 21 million FTP servers in use. Despite these numbers, FTP is, without a doubt, dead tech walking.
FTP’s Fatal Lack of Security
FTP is inherently not a secure way to transfer data. It was not designed to be a secure protocol, which puts data stored and shared with FTP at extreme risk. Hackers know this and target FTP servers to gain access to sensitive files and folders, often using a simple packet tracer or standard protocol analyzer.
When a file is sent using the FTP protocol, the data, username, password, and commands are shared between the client and server in plain text, leaving it vulnerable to sniffer attacks. Because FTP alone does not provide encryption, hackers can easily intercept transferred data with little to no effort.
In addition, the FTP protocol uses an outdated user-password scheme for authenticating users to the server. This weak authentication method puts data at risk if credentials are compromised, because unauthorized users can easily access the FTP account.
FTP servers are also subject to common hacker tactics, such as brute force attacks or spoofing attacks. Hackers use brute force attacks to break into the FTP server using a trial-and-error approach, systematically guessing login info, credentials, and encryption keys. The attacker submits combinations of usernames and passwords automatically generated by a tool until they finally find valid credentials. With spoofing attacks, the hacker poses as a legitimate user or device on the network. A common spoofing tactic is a man-in-the-middle attack where a hacker poses as the network and intercepts data transferred with FTP.
Additional Causes of FTP’s Demise
Cost
FTP requires organizations to purchase and maintain a dedicated file server. In addition, professionals must be hired or retained to set up and administer the system, which has clunky access controls and supports teams using multiple operating systems. This is reported to take up anywhere from 10-20 hours of sysadmins’ time each week, much of which is due to helpdesk tickets.
Difficult to monitor activity
FTP lacks the auditing and activity alerts as well as the granular user roles and file permissions needed to control access effectively. With FTP, tracking what has been uploaded on a remote system or enforcing file-sharing rules and processes is difficult. If files are mishandled, or a data breach occurs, finding the source of the issue becomes a problem.
Inefficient
The FTP protocol is slow compared to other modern file transfer protocols, making it less than ideal for quickly sending files over the internet. The system hogs bandwidth when files are uploaded and served, especially when they are large files, such as videos. In addition, FTP server lags occur when too many users upload files at the same time. In this case, users can be blocked from accessing their files.
Lack of support for compliance requirements
Compliance should be a cause of concern when using FTP to send files. This is because FTP’s inadequate security can put organizations at risk of noncompliance fines or worse. If compliance with regulations, such as HIPAA, ITAR, PCI-DSS, SOX, or GLBA, is a requirement, FTP should not be used for file transfers. The security issues noted above make clear the security limitations of FTP for organizations subject to government and industry regulations.
Poor collaboration
Using FTP for collaboration is tedious and time-consuming at best. First, users must be set up with usernames, passwords, and settings for the FTP server. Then, access controls on specific folders need to be put into place. After this, there is a poor user experience. Because FTP was not designed for multiple people uploading and downloading files at the same time, connections often time out with partial transfers, requiring users to delete files and resend them. In addition, keeping track of files and when they were modified is a headache. Either the users need to be messaged letting them know that there was a change, or they have to compare file sizes and modified dates to determine if there is a new version of a file. And, there is everyone’s favorite error message, “This file is already in use.”
Unreliable synchronization
FTP does not provide built-in synchronization between the server and the local directories. Instead, FTP requires a manual process to upload files from one directory on the server to another.
Rest in Peace FTP
Created in 1971 by Abhay Bhushan, a master’s student at MIT, FTP had a good long run. But, into its 50s, FTP needs to be laid to rest. There are generations of file transfer solutions that are full of life and vigor. And, these solutions were purpose-built to take full advantage of modern tech to meet the requirements of today’s organizations.