Guest Columnist: Daniel Greenberg of Tumbleweed
Exposing the Dangers of FTP
Several classified military and government documents were recently found and accessible to anyone with an Internet connection—in this case, by a journalist with a major news organization. What happened? They were posted carelessly to outdated FTP servers used by government agencies and contractors who wanted to share the documents online.
As illustrated by this incident, more and more file transfer breaches underscore the need for better management and security in file exchange. Transferring large, sophisticated files efficiently, securely and rapidly to internal and external partners is essential to remaining both productive and competitive. Yet in the case of FTP, data is frequently accessible by unintended audiences.
Addressing Security Risks
The rudimentary and ubiquitous FTP servers and clients that have been in use since 1971 fall short of the security needed. Not just by governmental and military bodies, but in the private sector as well. From customer cardholder data and personnel files, to trade secrets and intellectual property, these files regularly contain highly sensitive information. Unlike the malicious and calculated data leaks by the rogue employee, well-intentioned employees in the normal course of business cause these leaks. While IT groups invest significant amounts of time and resource into protecting assets, FTP is presenting a new Achilles heel in messaging security.
But new managed file transfer technologies, based on established FTP protocols, yet built with new levels of security, control and reporting are being adopted by the most security-conscious companies. These new technologies take into account a myriad of issues that current FTP solutions do not—including security, centralized management, notifications, data recovery, and automation. For example, newer technologies do not represent user names and passwords in unencrypted clear text like FTP. Further, they are capable of guaranteeing file receipt or providing automatic checkpoint/restart to transmissions that might have failed in the transfer process. Encryption, now considered a best practice when exchanging files, is seldom available for basic FTP, but is a feature integrated into the more sophisticated managed file transfer technologies. Many older file transfer solutions also store sensitive and unencrypted information as it moves between organizations—an enormous threat. New technologies address this with granular data access restrictions and two factor authentication to eliminate all FTP security threats.
Managing FTP
To guarantee secure transfers and reduce the risk of technical outages, current best practices for deployment typically encourage having dedicated servers and secure client software as part of an integrated package. Further, leading managed file transfer solutions also offer a dashboard-style management console. This provides a visible audit system for tracking the data exchange of critical files and enabling administrators to understand when, where and how they have been transferred—while maintaining controls that meet regulatory and legal compliance requirements.
Business communications on the Internet are central to productivity. However, with so many rogue FTP servers in use today, the next big security leak is just on the horizon—it's not a matter of if but when. This dual reality is pushing managed file transfer to the forefront as a critical function for IT organizations. DG/TMP