The SendSafely Team Blog

Cloud security, privacy and compliance


Reasons why your business needs a secure FTP alternative

FTP_Alternative.png

The File Transfer Protocol (FTP) has been around for a very long time. In fact, for years FTP has been the go-to network protocol for transfering large files. While many business users have come to know and love the simplicity and ease of use of FTP, changes in the security landscape are causing more and more businesses to abandon this tried-and-true protocol for a more flexible alternative. Even its more secure older brother, SFTP, comes with its fair share of issues. Here are just a few reasons you should condider a more secure alternative to FTP for business file exchange.  

 

FTP Lacks Encryption 

The biggest "gotcha" of FTP is its lack of a vital security feature in todays world: encryption. With FTP, the files you transfer are exposed to network sniffing. This means that anyone on the network can intercept and view the contents of each file.  Even worse, the FTP user-id and password you use may also be exposed to sniffing, resulting in total account takeover.  

 

Most Companies Block FTP 

Another big caveat with FTP is that most companies no longer allow FTP access out to the internet. Its lack of encryption, combined with the growing threat from malware-based attacks, have led to most companies implimenting tight restrictions on the types of traffic they allow in and out of their network.  If you rely on FTP to transfer files with others, you will often find that the person you want to send or recieve a file from won't be able to connect using FTP from their company's network.  

 

Secure FTP (SFTP) is Hard to Use

While there is an encrypted version of FTP (known as Secure FTP, or SFTP), the ability for non-technical users to leverage it is somewhat limited. Most SFTP programs are command-line driven, making  them only suitable for technical users. In fact, Microsoft Windows doesn't even come with built-in SFTP support, so Windows users need third party software to use SFTP.  

Another big caveat of SFTP is that the additional layer of encryption it provides only protects your files while they travel between the user and the server. SFTP's built-in encryption doesn't help protect your files at rest, which means anyone that gains access to the server can access your files. Only a solution that provides true end-to-end encryption can adequately protect your files from unauthorized access at rest.  

 

Administrative Overhead 

One thing you may not have thought of is how cumbersome it is to manage FTP account, especially when using FTP for one-off file exchanges with people outside of your organization.  For cases where you need to quickly share a large file with someone, the time required to get them set up with an FTP username and password often results in a huge amount of lost time and productivity.  You'll also want to make sure that files get deleted soon after they are no longer needed, which is an easy thing to forget and often results in old files piling up on the server. 

 

Choosing the Right Alternative

Thankfully there are a number of well known file sharing sites that can provide a great alternative to FTP.  Box and Dropbox are two of the most common "public cloud" providers, but business users should be careful when choosing which platform to use. While Dropbox may be suitable for storing things like your marketing flyers and your company's holiday party menu, you'll want to avoid using them to store sensitive customer or employee data. The last thing any business needs is a lawsuite due to a data breach of a public cloud storage provider.  The best way to mitigate this threat is to use provider that offers end-to-end encryption.  

With end-to-end encryption, files are encrypted before they leave your machine and are only decrypted on the recipient's machine after they download them. This means that nobody other than the sender and recipient can ever decrypt the file. SendSafely is one of the few platforms today that provides true end-to-end encryption without the need for senders or recipients to have any special software installed.  

Regardless of which platform you use, always be sure to consider the technical security mechisms they have in place to protect your files from unauthorized disclosure.  The most important question you can ask is "Can they (the service provider) view my files?".  If the answer is yes, then you may want to think twice.  

 


 

SendSafely: Simple to Use End-to-end Encrypted File Transfer 

If you are a looking for a simple to use FTP alternative that provides end-to-end encrypton, consider taking a look at SendSafely. SendSafely lets you transfer files of any size with no extra software to install. Nobody can view your files other than you and the people you share with...not even us.

Find out more about SendSafely