FTP Replacement May Be Essential to Securing Content Supply Chains

A large city at night with 4 spaceships hovering over it and one of them is destroying the buildings below it with a laser.

For decades, FTP has been used in the Media & Entertainment industry to move files between servers and for distributing them around the world. And for just as long, cybersecurity experts have been warning of its potential threat to network security, intellectual property and privacy. Nevertheless, FTP has persisted.

Security reports continue to warn about FTP

A 2015 study called FTP: The Forgotten Cloud conducted by the University of Michigan revealed more than 13 million FTP servers in use, with 1 million configured to allow anonymous access, potentially exposing sensitive files and network access. And that number has only grown over the years.

A 2019 report by Digital Shadows’ Photon Research Team examined data exposure on the most common file sharing services across the Internet. They found 750 million more files exposed than last year, representing more than a 50% annual increase. FTP services accounted for 20% of the total.

“Our research shows that in a GDPR world, the implications of inadvertently exposed data are even more significant. Countries within the European Union are collectively exposing over one billion files – nearly 50% of the total we looked at globally – some 262 million more than when we looked at last year,” said Harrison Van Riper, a Photon Research analyst.

Considering the proliferation of FTP throughout the media, loads of that data are probably high-value media assets. We all probably recall the 2017 HBO, Netflix and Disney security breaches. According to Alex Heid, Chief Research Officer at Security Scorecard, those can likely be traced to hackers exploiting FTP used by third-party post-production companies.

“A lot of the time the people doing the editing have access to confidential, highly secure information just so they can access files they need quickly,” said Heid in an interview with Polygon. “The hacker underground has figured out how these transfers are being done and how to get into a company’s main database through that.”

“Using an FTP goes back to the beginning of the internet,” Heid continues. “It’s not a very secure method… There may not be any password in place. But once an attacker has that, they can essentially log in to the entire network.”

Industry leaders push for higher security and performance standards

In response to all of this, some major media enterprises have completely replaced FTP internally and refuse to work with partners who use it, insisting that all media providers use secure, accelerated transfer solutions. They know that the media industry’s content supply chain is inherently interconnected, and they are not alone in that understanding.

Pushing for higher security and performance standards across the industry in Europe, the DPP is one example of a regulatory agency that is taking on the problem. The newly formed Trusted Partner Network (TPN), a joint venture between the Motion Picture Association of America (MPAA) and the Content Delivery & Security Association (CDSA), is another.

In order to stop what Alex Heid called an ongoing series of “repeatable attack scenarios,” security needs to be everyone’s concern and that very well may hinge on a secure FTP replacement. 

Suggested Content

The Best FTP Alternative for Secure Enterprise File Transfers 

Seeking a secure FTP alternative? Discover modern, encrypted fast file transfer protocols to protect your data from hackers. Explore...

The Signiant Platform enables easy content access from within an Adobe Panel

Enhance Adobe workflows with Signiant Media Engine. Seamlessly search, preview, and import assets directly into Premiere Pro, Photoshop, and...
Chain of Custody tag with blue background

Metadata Everywhere: Chain of Custody

In this final piece of Signiant’s Metadata Everywhere series, we look at chain of custody. Chain of custody provides...