Looking for an FTP alternative?
If you’re looking for an FTP alternative, you’re not alone or at least you shouldn’t be. Over the past year or so, major browsers including Chrome, Safari and (just yesterday) Firefox have begun blocking FTP subresources from loading inside HTTP and HTTPS pages or labeling FTP sites as insecure.
Yet, security experts have long known about FTP’s potential security issues, and were recommending a switch to SFTP (secure file transfer protocol) starting in the late ‘90s. Since then, FTP security has only gotten worse. Without support for modern encryption techniques, FTP has become a primary target for malicious hackers and malware distributors.
So, why the sudden rush to find FTP alternatives and plug security holes caused by FTP, a protocol that’s been around since the 1970s?
Network security experts’ recommendations and public demand have rarely been in sync, and FTP has managed to fly below the radar of business leader concerns for decades. And it’s no wonder. FTP was designed before the Internet as we know it, before every computer running in a business was connected to a global communication and information exchange network.
Starting as a basic protocol for Internet file transfers when few people had access to the Internet and even fewer had the skills to be dangerous, FTP became entrenched in many company’s technology infrastructures when security threats were mostly theoretical.
Today, it’s hard to imagine a world without the web, but it was only in 1993, when CERN donated its World Wide Web technology to the public domain, that we began this wild era of human hyperconnection. In many ways, it’s been amazing, creating new opportunities for education, business, altruism and social progress. So much has happened in the past 25 years that it’s easy to understand why worrying about a basic Internet protocol hasn’t been top of mind for enterprise leaders.
However, as I write this, the Zuckerberg Senate Hearing is live streaming, topping off a few years of regular high-profile hackings that have threatened individual privacy, business intellectual property and more.
Suddenly, we are all a lot more sober about Internet privacy and security. Perhaps, we’re ready to listen to the research and advice of security experts. Here’s some from Digital Shadows, whose security analysts monitor digital risk across a range of data sources within the open, deep, and dark web.
In a recent research report examining the most common file sharing services across the Internet, Digital Shadows found over 12 petabytes of data exposed through FTP servers, SMB, rsync and open Amazon S3 buckets. (Note that Amazon now sets S3 buckets as private by default).
Highlights from the report:
- Over 95% of the countries in the world were affected, but the United States has the most exposed data, at 239,607,590 files.
- Older, yet still widely used, technologies – such as FTP (26 percent), rsync (28 percent) and SMB (33 percent) – contributed to the most exposure.
- Sensitive data is a major cause for concern, including exposure of personal information, intellectual property, and security assessments.
- Third parties and contractors were among the most common sources of sensitive data exposure.
Exposed, not (yet) hacked or sold
It’s important to note that the 12 petabytes of exposed data found by Digital Shadows (26% through FTP) isn’t data that has been accessed by malicious hackers intruding on a network or by phishing campaigns tricking employees or through corporate espionage. This is data that is unprotected and publicly available to anyone (or any bot) with will to do harm. But there is some good news, maybe.
“The good news is, since most of these protocols pre-date many of today’s security practitioners, there is a wealth of direction on how to mitigate the risks associated with them. Sadly, as the 12 petabytes of exposed sensitive data demonstrates, much of this mitigation advice has fallen upon deaf ears.”
Perhaps people are starting to listen. At Signiant, we’ve seen a wave of companies looking for secure FTP alternatives, particularly from industries experiencing a surge in data and file size growth, such as higher resolution media and video files, which FTP also struggles with.
Signiant solutions can either work as an FTP replacement or along side current FTP systems, taking away the pain of ripping out FTP, while preserving file structures and providing an FTP alternative that is fast, secure and light years beyond in user experience design.
Security is a new driver to find FTP alternatives
Historically, FTP alternatives were primarily sought out because files sizes had exceeded what FTP could handle. Anything above a few gigabytes becomes difficult to move with FTP, especially over distance. Signiant’s accelerated file transfer software is needed to move large files faster, particularly for companies that have globally distributed teams and tight deadlines like in media production.
However, we are seeing a shift in concern. People still come to us primarily to solve challenges with transferring large files quickly, but we’re getting a lot more questions about security as well. Which is great, since security is core to what we do. It has to be. We are responsible for the intellectual property of our customers, include some of the largest media companies in the world, and we often move films with budgets in the billions.