FTP comes of age, as considerations made on how practicality is over-riding security

Opinion by Dan Raywood

Tomorrow marks the 40th anniversary of the file transfer protocol (FTP) and as attention has occasionally moved to secure file transfer, there is some concern about the continued use of the protocol.

Tomorrow marks the 40th anniversary of the file transfer protocol (FTP) and as attention has occasionally moved to secure file transfer, there is some concern about the continued use of the protocol.

FTP was written by Abhay Bhushan on the 16th April 1971 and published as RFC 114, it was later revised in 1980 and 1985, while security extensions were proposed for RFC 2228 in June 1997.

My own personal dealings with FTP are very limited and have not been needed for some time. However Frank Kenney, vice president of global strategy at Ipswitch File Transfer, said that despite it being the 40th anniversary it is still misunderstood.

He said: “The deployment of file transfer on FTP is still growing, yet users are still vague on how companies and service providers tie together and are still using this protocol.

“What is disheartening is that FTP is used with no considerations for security and management. People are quite unaware that FTP has no provision for governance and it was never meant to. Why it has lasted and works so well is because it appeals to the lowest common denominator when moving files.

“What do we do? How do we connect if we use FTP along with something else in the configuration, we make the decision not to. The build has not changed and nor does it have to, there is plenty of technology that gives a capability to better manage connections and that is why it does not have to change, but it has to be made in conjunction with the protocol.”

He continued to claim that FTP did serve a strong purpose in the mid-to-late-1990s as game files were downloaded from websites via FTP servers and there were vendors using FTP in combination with SSL/SSH to download fixes. The beauty of FTP is that it can be embedded in the page.

Although not completely critical, Kenney said that there are still things with FTP that are useful, but he said he does not see adoption rates changing anytime soon.

“What will change is what kind of technologies people will use in conjunction with FTP. The ease of use of the technologies could cause security nightmares and headaches as you are dealing with technology that is 40 years old or custom scripts that were created 25 years ago, so when it does come time to enhance communications,” he said.

Stuart Feargrieve, managing director of Axway UK, said that he still sees ‘security savvy' people using FTP and its unreliability lies in part in not being able to track or see something until there is a problem.

He said: “There is a four per cent loss in FTP traffic and exploring this can turn into millions of pounds of loss for the provider. Somewhere in the chain the provider is on an FTP and with managed file transfer they can be certain it will get to the other end.”

Tony Pepper, CEO at Egress Software Technologies, agreed with these perspectives, saying that he sees FTP as nothing other than an internal business solution to sharing large files rather than a mechanism to easily allow external parties to access confidential information that is perhaps too large to send by email.

“Evidence of this is the proliferation of hosted file transfer services. However there are real security concerns surrounding many of these 'point' solutions which offer no consideration to information security and invariably help fuel the argument that cloud services cannot be trusted,” he said.

“Here at Egress we believe that sharing large files is one element of a broader collaborative data security strategy and as such buying disjoined solutions that only address elements of business process will not last either. Remember, over 70 per cent of our customers buy Egress Switch to cater for email encryption requirements as well as secure large file transfer and this popular trend is gaining increased momentum throughout public and private sector markets.”

For some FTP is enough and that is why its use has persisted, however it is hard to look past the security arguments and considerations and wonder if this is a time for stronger technology use. Either way, happy coming of age FTP.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events