FTP replacement may be the only way to secure content supply chains

For decades, FTP (File Transfer Protocol) has been used in the Media & Entertainment industry to move files between servers and for distributing them around the world. And for just as long, cybersecurity experts have been warning of its potential threat to network security, intellectual property and privacy. Nevertheless, FTP has persisted.

A 2015 study called FTP: The Forgotten Cloud conducted by the University of Michigan revealed more than 13 million FTP servers in use, with 1 million configured to allow anonymous access, potentially exposing sensitive files and network access. And that number has likely only grown over the last few years.

In a recent research report examining the most common file sharing services across the Internet, Digital Shadows found over 3 petabytes of data exposed through FTP servers. Considering the proliferation of FTP throughout the media industry content supply chain, loads of that data are probably high-value media assets.

In fact, just last year HBO, Netflix and Disney dealt with security breaches that, according Alex Heid, Chief Research Officer at Security Scorecard, can likely be traced to hackers exploiting FTP used by third-party post-production companies.

“A lot of the time the people doing the editing have access to confidential, highly secure information just so they can access files they need quickly,” said Heid in an interview with Polygon. “The hacker underground has figured out how these transfers are being done and how to get into a company’s main database through that.”

“Using an FTP goes back to the beginning of the internet,” Heid continues. “It’s not a very secure method… There may not be any password in place. But once an attacker has that, they can essentially log in to the entire network.”

In response to all of this, some major media enterprises are banning FTP, insisting that all media providers use secure accelerated transfer solutions like Signiant’s. And they are not alone in the understanding of the interconnected nature of the media industry’s digital content supply chains, or the need for more advanced technology (both in terms of speed-of-delivery and security).

Pushing for higher security standards across the industry in Europe, the DPP is one example of a regulatory agency that is taking on the problem. Launched in October 2017, the DPP’s Committed to Security Programme offers a common framework for addressing cybersecurity to help suppliers demonstrate their commitment to security best practice. Signiant was one of the first 20 companies to receive a DPP Committed to Security Mark in both production and broadcast.

In order to stop what Alex Heid called an ongoing series of “repeatable attack scenarios,” security needs to be everyone’s concern and that very well may hinge on a secure FTP replacement. 

Learn more about Signiant's secure file acceleration technology