Posted on July 8, 2016
by Brian Pick
| Categories: FTP
Today's data-driven world is demanding, requiring accuracy, speed, integrity and above all -- security. It's a tall order to fill, and in the past, many organizations relied heavily on the legacy FTP protocol to transmit files. But over time, FTP alternatives have become necessary as the security of this method has been tested by hackers.
For example, a serious breach occurred at Yale University in 2001, when more than 43,000 user IDs were exposed and all data was carefully harvested from an FTP server. Acer customer details were stolen in a similar fashion the same year. And most recently, 7,000 FTP sites had their credentials circulated in underground forums, including an FTP server run by The New York Times.
Security and file transfers are a significant concern for IT security professionals, but what is the best way to safeguard your company's data?
Leveraging More Secure Options
As many organizations have evolved past traditional FTP, they are opting for modern and secure FTP alternatives for transmitting data, including:
#1 - SFTP
Also known as FTP over SSH, SFTP brings down the risk during data exchange by using a secure channel between computer systems to prevent unauthorized disclosures during transactions. Authentication of an SFTP connection involves a user id and password, SSH keys, or using both. It is also firewall friendly, only needing a single port number to be opened.
#2 - HTTPS
Many sites are gravitating to HTTPS instead of the traditional HTTP, but what are the major differences? For starters, traditional HTTP doesn't encrypt traffic to your browser, which poses a security risk. In contrast, HTTPS provides an added encryption layer using Transport Layer Security (TLS). This creates a secure channel so the integrity of the data is not changed without your knowledge. HTTPS is ideally suited for file transfers where a trading partner requires a simple, browser-based interface for uploading data.
#3 - AS2
This is a popular method for transporting EDI data safely and reliably over the Internet. The AS2 generates an "envelope" for the data, allowing it to be sent using digital certifications and encryption. For example, Walmart has become well known for using EDI through AS2 and has played an important role in driving adoption in the retail industry.
#4 - MFT
A method that supports the above options and makes FTP more secure is managed file transfer (MFT). This secure option streamlines the exchange of data between systems, employees, and customers. Numerous protocols and encryption standards are supported, and MFT provides extensive security features that meet strict security policies to comply with PCI DSS, HIPAA, GLBA, and other regulatory requirements.
MFT solutions provide advanced authentication and data encryption to provide secure and reliable file transfers. You can also track user access and transfer activity through reporting features.
More so, managed file transfer can meet other problems or headaches you might have, including the need for automatic file encryption, workflow and project automation, file transfer monitoring and notifications, and easy, secure file sharing with third-party vendors and trading partners.
Overall, managed file transfer offers the best option as a secure FTP alternative for managing the transfer of data quickly, efficiently with detailed audit trails. It's preventive, rather than reactive, which is what security professionals in today's environment need most. And it is supported on many platforms, including on-premises (Windows and Linux ), in the cloud (Azure and AWS), and within hybrid environments, so you can securely transmit files from anywhere at any time.
Click to learn more about each of the four options below: