It’s the end of an era for the internet.
Firefox,1 Chrome2 and Microsoft Edge3 have stopped supporting FTP (File Transfer Protocol) connections within their browsers — and they won’t change their minds. Invented in 1971,4 FTP used to be the most popular way to transfer files online. Now, it’s relegated to external applications.
Why is FTP being phased out? And what protocols should you use instead?
What is FTP?
FTP is an unencrypted file transfer protocol, meaning that it sends data, usernames and passwords in plaintext.5 In the ‘70s and ‘80s, when employees were transferring files behind firewalls,6 this wasn’t an issue.
In the past 40 years, file transfers have changed and cybercriminals have become more sophisticated. Confidential files are sent outside companies’ firewalls and can be read if they’re sent with FTP. To avoid these security issues, companies choose SFTP, FTPS or HTTPS to transfer files.
SFTP (SSH File Transfer Protocol)
SFTP is an encrypted protocol that uses Secure Shell, or SSH. SSH works by creating an encrypted connection between a client and a server.7 Companies prefer SFTP because it requires credentials (a username and password) before the user is allowed to connect to an SFTP client.8
FTPS (File Transfer Protocol over SSL)
Often mistaken with SFTP, FTPS is an extension to FTP. FTPS adds support for Transport Layer Security (TLS) encryption, which was formerly known as SSL.9
TLS uses public and private keys to encrypt communications. The public key is available to everyone who requests information from the server10 and it encrypts information before transfer.11 The private key is only available to the owner of the server12 and it decrypts information after transfer.13
HTTPS (Hypertext Transfer Protocol Secure)
HTTPS is an encrypted protocol that also uses TLS to encrypt data. It’s often used by website browsers (clients) to connect to websites (servers). Many websites used to use HTTP (Hypertext Transfer Protocol), but HTTP sends requests and responses in plaintext. This puts users’ confidential information (including passwords, addresses and credit card numbers) at risk.14
Why Replace FTP Servers?
Without additional software, you have multiple deployments and no centralized place to manage them. This leads to many challenges that aren’t visible at first.
Here are some reasons to replace FTP:
- No Security – When confidential files are sent unencrypted, there’s a high risk that attackers will intercept, steal and sell the data. The risk isn’t worth the temporary “reward” of saving money.
- No Visibility – When sending files via FTP, the sender has no way to verify whether the recipient received or downloaded the file. If an error occurs, the sender won’t be notified. Also, since FTP doesn’t maintain an audit trail of system actions such as who downloaded or transferred files, organizations don’t have detailed proof of user actions.
- Storage Overhead – FTP doesn’t allow senders to automatically expire or delete files. Files sit on the FTP server until IT admins delete it, consuming significant storage space and incurring unnecessary costs.
- Cumbersome Workflow – Managing FTP is far from user-friendly. To send a file to a new contact, a new FTP account needs to be set up — which puts additional overhead on IT administrators to create and manage user accounts. Since users don’t have access to the FTP server, they rely on an IT administrator to create new accounts, retrieve forgotten passwords and remove accounts.
What is Managed File Transfer (MFT)?
Managed file transfer (MFT) secures and simplifies the process of exchanging files. MFT lets businesses replace FTP servers and continue using secure protocols.
- Security and Auditing – Remain compliant with strict regulations by monitoring user actions, regulating access and securing corporate data. All data in transit and at rest is protected with encryption and antivirus scanning.
- Visibility – Understand which files have and haven’t been delivered, and automatically receive alerts by text or email when there are issues.
- Automation – Reduce the time needed to design, deploy and monitor complex file transfer environments. By choosing an automated file transfer solution, you can simplify workflows and tailor them to your use cases.
- Ease of Management – Multiple FTP deployments can be cumbersome and difficult to manage. MFT solutions support multiple protocols for organizations to manage all file transfers from a centralized place. MFT is the most flexible alternative to FTP servers in terms of deployment, integration and overall functionality. It empowers your organization with simplified, secure file transfers from anywhere.
To further evaluate MFT to replace your FTP servers, read our MFT Buyer’s Guide.
[Note: This post was updated from a post originally authored April 22, 2015]