Security and Compliance Risks with FTP

by Sam Morris on May 2, 2012

We’ve previously written about the shortcomings of file transfer protocol (FTP) and how organizations using FTP are putting themselves at risk for security and compliance issues. Though FTP is convenient and inexpensive, it can carry devastating consequences.

Despite the warnings, 51 percent of organizations use FTP sites to send and exchange large files.

I recently spoke with Ericka Chickowski for a Dark Reading article, “FTP Ubiquitous and Dangerously Noncompliant,” to comment on security and audit issues with FTP, and shared it is not uncommon for our team to receive requests  from IT managers for a solution to lock down an FTP environment very quickly in response to failed audits. Chickowski writes about how organizations are now subject to audits when using FTP because of some high profile examples where companies have exposed sensitive data.

Chickowski used an example from Yale University where by failing to lock down a database server stored on an FTP server that was found by Google’s search spiders, 43,000 people’s data was left exposed. Acer, a hardware and electronics company, had a similar situation where a hacker accessed information stored on a company FTP, exposing 40,000 customer’s information.

Failed audits, security breaches and unreliability are just a few of the reasons why organizations are realizing the need for a managed file transfer solution (MFT). In the article, Chickowski points to a Forrester report written by Ken Vollmer that suggests the managed file transfer industry is reaping the benefits, “the managed file transfer (MFT) industry measured up to $1.4 billion. As more organizations face the compliance realities of sticking with the old FTP model, that number looks to grow in the coming years.”

For the complete article, read, “FTP Ubiquitous And Dangerously Noncompliant.”

Previous post:

Next post: