As organizations look for better, easier ways to exchange files with customers, partners and colleagues, they often turn to FTP (literally “File Transfer Protocol”). FTP has been used by network engineers and systems administrators since the early days of the Internet to send files back and forth between remote computer systems. And because FTP is widely available for "free", it's found its way into organizations of every size and type.
But FTP was not designed to be an end-user application, nor was it designed with security as a prime objective. And organizations that build out an FTP server infrastructure soon find out that its not really "free" either. As a result, there are some significant limitations on the use of FTP, and many organizations disallow its use altogether.
FTP Is Complex To Use and Manage
Because of the amount of on-going administration, user provisioning, support and maintenance required, most IT organizations resist setting up FTP servers and accounts for non-technical business users:
- Complex installation - Setting up FTP servers is a complex, error prone process, and most FTP servers require significant manual configuration to fit into an IT organizations infrastructure and to plug many of the well-known security holes inherent in default server configurations
- Manual account creation - Requests to enable a new FTP account often puts extra demand on system administrators and sometimes takes days for the request to be fulfilled - an unacceptable delay for time sensitive transfers
- No user management - FTP has no way to manage users, often depending on the underlying operating system for this capability. As a result, there is no easy way to do basic things like retrieve forgotten passwords, identify who has active accounts, and find out who has accessed a particular file.
- No guarantee of file delivery - FTP is often referred to as a “send and pray” system, because there is no guarantee that a file that was sent got delivered. If it did NOT get delivered for some reason, there is no notification to the sender of this failure, and there is no mechanism to automatically re-send the file. One of the most difficult trouble-shooting issues facing FTP administrators is finding “lost files”.
- No recipient notification of file delivery - There is no notification system that tells recipients that they have received a file via FTP – the sender has to remember to phone or email the recipient that a file was sent
- Manual storage management - FTP has no storage management capabilities, and no mechanism to “clean up” the file system and delete files after transfers are completed. As a result, IT administrators are left responsible for creating and deleting accounts and files, an important but tedious and error-prone process.
- Too technical for business users - Training non-technical users how to transfer files using FTP is challenging and expensive, and trouble-shooting problems they inevitably end up having is time consuming
The result of this complexity is, of course, high costs. For every "free" piece of FTP server software in use, there is significant cost overhead from the operating system, server hardware, data center rackspace, Internet bandwidth, and system administration that is needed to support it.
FTP Is A Security Nightmare
FTP was invented back in the 1970’s, in a time when users were all part of a trusted government or university network. It was not built for the modern Internet with the need to protect sensitive information and systems from malicious hackers and information thieves.
- No encryption - The FTP specification is an inherently unsecure method of transferring files because there is no method specified for transferring data in an encrypted fashion. This means that under most network configurations, user names, passwords, FTP commands and transferred files can be captured by anyone on the same network using a packet sniffer.
- Anonymous FTP – By default, most FTP servers are configured to allow “anonymous” users to log in to the system to upload and download files. While an anonymous FTP server can be a valuable asset for distributing information, most FTP servers “out-of-the-box” are inherently insecure which can cause a site to be vulnerable to malicious users. For example, an FTP server could be turned into a repository of illicit material or could be used to attack other machines on the Internet.
- Forgotten data - FTP is a manual process and files placed on an FTP server stay there until manually deleted. The security risk of this situation was recently highlighted by a survey of FTP servers run by the Associated Press on agencies or companies involved with the U.S. military and the wars in Iraq and Afghanistan. The Associated Press found dozens of highly sensitive documents openly available for download containing “need to know” information that would pose a direct threat to U.S. troops if it were to fall into the hands of terrorists.
- No guarantee of file delivery - FTP has no mechanisms to verify if a transfer is complete and the receiver has no mechanism to determine the integrity of the file received.
- Unsecure configurations - FTP servers themselves are often not secure, enabling users access to data not intended for them. Default installation configurations are notorious for the security holes they create, and patching these holes on initial installation is a critical job for IT.
- Forgotten processes - FTP is often embedded in scripts that run automatically within a company, but thousands of file transfers continue to happen daily in legacy IT environments that have simply lost track of these processes.
- No user management - Many companies deal with FTP's lack of user management by simply creating one user account that they share with all clients, allowing all clients to view and download each other's data.
How Neovan Helps
Neovan CloudFile provides a secure large file transfer capability that users can access from their Web browser or an email client plugin. This easy-to-use system enables users to exchange files with customers, partners and colleagues without having to resort to out-of-band file transfer alternatives. And Neovan is easy to use and manage, backed up by enterprise-class network and information security.
See for yourself how easy it is to send large files securely with Neovan. Sign up for a Free Trial now!