How secure is FTP (file transfer protocol)? Although many business rely solely on an FTP server to quickly share documents with colleagues and clients, this can be troublesome for several reasons. Let's examine the biggest challenges of using FTP and discuss the FTP alternative that can benefit every business.
Three challenges of FTP
Businesses face three major challenges when using FTP: security, reliability and account management.
As the SANS Institute notes, "FTP transfers all data, including usernames and passwords used for authentication, in clear text. This means that anyone with physical access to the LAN or WAN could use network sniffer software (e.g., Ethereal11) or hardware (e.g., Fluke OptiView™ Series III Integrated Network Analyzer12), to intercept or eavesdrop the data transfer.
"As well as gaining free access to data, in instances where user credentials are also obtained, an attacker could use this information to gain further access into a users network profile (e.g., if AD credentials have been specified, the users email and potentially other network data is now at risk as users often use the same password across multiple applications and systems)."
The lack of security offered by FTP sites can leave a business open to a variety of security issues that can cost them a lot of time and money in the long run. In fact, it costs enterprises more than half a million dollars to recover from a security breach and small businesses almost $40,000.
According to an article at Kaspersky Lab, "After the security breach, most businesses try to prevent such incidents from happening in the future. This too requires extra budget, although this cannot be directly attributed to a security breach recovery. Seventy-five percent of security breaches led to these unexpected expenses."
An article published by Security Week goes into more detail about the security downfalls of FTP, noting that "A shortcoming with traditional FTP and even encrypted FTP sessions is that after the data is done moving, it sits on the FTP or SFTP server in plain text. As the FTP or SFTP server is commonly connected to the Internet to allow business partners access to it, the data is at risk of being retrieved and shared.
"FTP passwords can also be susceptible to attack when in clear text as any network sniffer can hijack it. Moreover, FTP technology can slow down business processes, as an organization’s IT team often needs to modify FTP scripts in order to support a new business initiative or bring on a new business partner that needs to exchange sensitive information with the system.
"Furthermore, having the ability to know if the files were transferred correctly and on time is very difficult to do with transfer methods such as FTP."
When businesses use an FTP server to transfer files, there is no way for the sender to know if the file was received by the recipient, and there is no notification system that tells recipients that they have received a file via FTP. On top of that, setting up FTP servers can be a complex, error-prone process that requires significant manual configuration — a nightmare for most businesses, especially those who do not have an in-house team of IT professionals.
FTP has no way of managing users, so identifying active accounts, retrieving lost passwords and monitoring who has accessed a particular file is nearly impossible. Not only does this make it difficult for businesses to hold employees accountable, it can have a negative impact on a company's day-to-day operations.
A more secure FTP alternative for business
As a business, your main goal is to provide your customers with high-quality work and services. In the modern business world, this usually includes sharing and editing documents and collaborating both internally and externally.
With all of FTP's faults, where can businesses turn for a quick, reliable file-sharing solution?
To help counter the security risks and other shortcomings of standard FTP sites, there are SFTP and FTPS, both of which are secure alternatives to traditional FTP. But they have their own drawbacks.
FTPS (FTP-SSL or FTP Secure): FTPS is an extension to standard FTP that exchanges data using two separate channels: the data channel and the command channel. Unfortunately, SFTP often requires the installation of specialized software and can be complicated to set up and maintain.
SFTP (SSH Secure File Transfer Protocol or Secure Transfer Protocol): SFTP was designed as an extension of SSH (secure shell) with the capabilities of an FTP service. Unlike FTPS, SFTP only requires one connection and usually only uses the SSH port for both data and control.
Citrix ShareFile develops a cloud-based FTP alternative that is not only simple to use and implement but also has several security features built in. Some include:
- Firewalls — Our securely configured firewalls effectively control and limit access to network segments to help ensure files are protected during processing.
- File retention — Users have the option to automatically delete files within a certain number of days after upload to support company policies and retention preferences.
- Remote wipe — ShareFile users can remotely wipe or lock data from a lost or stolen device.
- View-only permission — By making a file view-only, other users will not be able to download, print or save the file to their computer.
- HIPAA — ShareFile supports your organization's HIPAA compliance and will sign a HIPAA Business Associate Agreement upon request.
- Redundant storage — Infrastructure-as-a-Service (IaaS) providers ensure high file durability and availability.
- High-grade encryption — ShareFile secures files in transit with no less than 128-bit encryption and protects files at rest using AES 256-bit encryption — the same protocol used by the U.S. government to keep highly classified files secure.According to an article at Tech Target, "In June 2003, the U.S. government announced that AES could be used to protect classified information, and it soon became the default encryption algorithm for protecting classified information as well as the first publicly accessible and open cipher approved by the NSA for top-secret information. AES is one of the Suite B cryptographic algorithms used by NSA's Information Assurance Directorate in technology approved for protecting national security systems."
The ShareFile Plugin for Microsoft Outlook allows you to send files securely directly from Microsoft Outlook email messages. The ShareFile plugin now offers the ability to encrypt your email message, providing users with industry standard encryption that ensures your message and files are sent securely.
How to send an encrypted email
Once the encrypted email feature has been enabled for your account and you have installed the ShareFile Plugin for Microsoft Outlook, compose a new Outlook message as you normally would. You may encrypt your email before or after you finish composing your message. The encrypted email feature will encrypt the body of your email message as well as any files attached to it, via the ShareFile Plugin for Microsoft Outlook.
Locate the plugin buttons and select Attach files to attach files from your ShareFile account or your PC. Keep in mind that until you have encrypted and sent your email message, the body of your message will not reflect what your recipient will see upon receiving the email.
Now that you have finished composing your message, click the encryption button. Your message is set for encryption when the lock icon is closed. Encryption is set to "on," and your send button changes to Send secure.
You can use the drop-down menu to send your email with customized encryption settings. Click the Send secure button to send your message.
It is important to note that this feature is available for select ShareFile accounts. Currently, our business plan is the only ShareFile plan that includes the encrypted email feature.
Plans and pricing
We have a variety of plans to meet the needs of businesses across several verticals. No matter which ShareFile plan you choose, you will receive:
- Unlimited client users
- 24/7 customer support
- Custom branding
- Activity logs
- Desktop widget
- Mobile apps
- Multi-factor authentication
Below are more details about each of our plans.
Our personal plan provides small businesses with the essential tools needed to share and store files. Along with the features listed above, our personal plan includes one employee account, a max file size limit of 10 GB and 100 GB storage for $16 per month.
Our team plan is perfect for growing businesses who need full file sharing and storage functionality. For $60 per month, you will receive five employee accounts, a max file size limit of 10 GB and 1 TB storage. You will also receive several features not available with the personal plan, including:
- Mobile editing
- Email plugin
- Third party integrations
Our business plan is our most popular plan and is the perfect solution for large- to mid-sized businesses that need maximum storage and sharing capabilities. For $100 per month, you will receive five employee accounts, a max file size limit of 100 GB and unlimited storage. You will also receive several features not offered by our team and personal plans, including:
- Encrypted email
- Device security
- User management tool
- Full text search
- File check-in/check-out
- Folder Q&A
- Folder templates and invitations
- File drop
Virtual Data Room
ShareFile Virtual Data Room (VDR) is a cloud-based solution for your most confidential business deals. For $295 per month, you will receive most of the features of the ShareFile business plan as well as:
- Click trails
- Dynamic watermarking
- Folder invitations
Signing up for ShareFile
If you are looking for a secure FTP alternative, ShareFile is one of the hardest working solutions on the market. You can even try out ShareFile before you buy! Simply fill out this form, follow the prompts on your screen and start sharing!
Once you are registered and signed in to your new ShareFile account, browse our video library. Here, you can find training videos to help walk you through the entire ShareFile process—from uploading and sharing files to creating folders and adding client users. Even if you don't find our videos helpful and need more one-on-one assistance, our customer care team is available 24/7 to help you! Call us anytime!