Picture this scenario: Your organization has a signed contractual obligation to provide a set of services to a business partner. As a part of those services, you must deliver a file to your business partner no later than 4 a.m. on Monday morning. The file is produced by a batch process that is generated over the weekend and then copied to your partner using a file transfer script. Monday morning arrives and you receive an angry phone call that the file never made it to your business partner, and now they are threatening to apply the penalties section of your service level agreement.
Nobody wants that phone call. Unfortunately, that situation is possible when using file transfer protocol (FTP).
Organizations using FTP are often drawn in by the allure of an easy, familiar and inexpensive solution. But there are FTP risks. As we prepare to close down another year and ring in 2013, it is a good time to evaluate the past year and look for organizational improvements.
We’ve identified the top four FTP risks of 2012 below:
- Reliability. FTP has been seen to have challenges with large files. Additionally, there is no provision in FTP for determining that an error has occurred in transmission, and alerting an operator that something needs to be done. A more risk-averse approach to mission-critical file transfers is to use a Managed File Transfer (MFT) solution, which can trigger an alert if a problem arises and even retry the file transfer automatically.
- Security. FTP has no encryption. This means that the data in the transferred files is put at risk and open to network sniffing. Beyond that, your login credentials (username and password) are also visible to a network sniffer. Imagine the risk you incur if administrative level access to your FTP server becomes available to malicious operator. By contrast, MFT solutions encrypt files as they are sent and keep login information protected.
- Automation. FTP users run the risk of compromising login information when trying to automate the file transfer process. Automating file transfers with FTP is script-based. The system administrator has to write a script that talks to the FTP server, specifies what files to send, and where they should go on the server; however for simplicity, systems administrators will frequently write an FTP username and password into a script. This creates a notable FTP risk. People sharing scripts are also sharing user credentials. This leaves an organization vulnerable. MFT solutions significantly reduce the need for scripts and offer built-in capabilities for automation. For example, the initiation of the file transfer, the confirmation of the file transfer, the alerting if there are problems with the file transfer, are all done without scripting.
- Auditing and Logging. Another FTP risk comes through in auditing and logging. The challenge with FTP is that it does not provide the level of auditing that organizations need to document compliance with data security regulations. It also does not allow administrators to easily identify when a problem has occurred and help resolve that problem. MFT will help you confirm that a transfer went through and log the details necessary to identify the problem when it doesn’t. This will help you avoid situations like the one described above.
Investing in a more robust solution in the new year could save you and your organization time, money and headaches by avoiding these FTP risks.
What other FTP risks have you identified?
