Now is the time to replace your FTP with zero trust data access. FTP solutions have compromises and issues such as an increased risk posture, privacy compromise, fragmented data, the need to manage limited subsets, technical complexity, and high cost. There are inherent risks associated with FTP technologies and they do not support a hybrid-IT infrastructure or SharePoint. Zero trust data access technology provides the same productivity benefits as FTP while adding IT governance, superior control over file sharing, collaboration features, vastly superior security, access to all storage – not just subsets and more.
Estimated reading time: 6 minutes
Inherent Risks Associated With Using FTP Technologies to Share Unstructured Data
Business processes are dependent on the ability to share data such as unstructured files. FTP and its successors have attempted to solve several inherent security challenges, such as:
- FTP/FTPS/SFTP requires a significant number of operations to move files in/out of different locations and systems. This creates multiple copies and hence increases the complexity of managing these files
- FTP/FTPS/SFTP systems expose additional attack surface that might be exposed to threat actors looking to exploit vulnerabilities and gain access to both data and systems
- Files are kept on both receiving and sending ends for far longer than might be necessarily required
- FTP in particular is transmitted in the clear both for authentication and content of files
- Legacy requirements encourage little incentive to change or evolve (patching or upgrades)
- Most of these legacy file transfer protocols are unable to detect a brute force or dictionary attack and respond appropriately. Instead, dependency is on external technical controls such as firewalls, IPS and similar devices is required to bridge the gaps.
The above presents an enterprise organization with increased risks associated with their information and system assets requiring efforts and costs in managing legacy protocols that really have no business in an advanced and mature digital organization.
Threat actors approach any target system with a well-defined methodology which includes reconnaissance and enumeration of running services. Hence, these legacy protocols are quickly identified and used in attack vectors in various forms of digital attacks including ransomware.
Why You Need to Replace Your FTP with Zero Trust Data Access
Using the zero-trust architecture of FileFlex Enterprise, files and folders are not synced to an FTP server. Instead, the files and folders are stored in their source locations. To access or share these files, users make a request to a policy server that verifies and authenticates the user and then checks the request against the policies and permissions for that user. The server then contacts a connector agent that takes the request from the server and acts as an intermediary to get the information, encrypt it and send it to the user.
The zero trust data access architecture of FileFlex enterprise also allows it to support and put under a single-pane-of-glass an organization’s entire multi-cloud hybrid-IT storage infrastructure. Files and folders being accessed or shared can be located on on-premises storage, a corporate data center, a remote office, a self-hosted or MS hosted implementation of SharePoint, with an Infrastructure-as-a-Service provider such as MS Azure, Google Cloud, and Amazon S3 or on a public cloud or BOX.
Advantages of FileFlex Enterprise Over FTP
- As opposed to FTP using simple SSL, SSH-based encryption, FileFlex Enterprise uses a zero-trust policy engine and processes that continually authenticates, verifies, and then grants access to information on a per transaction basis via an exchange of anonymous secure tokens. Direct access to resources is not permitted. All access is via the connector agent which acts as a proxy for the user.
- As opposed to a siloed FTP server, FileFlex Enterprise provides single-pane-of-glass access to the entire organization’s multi-cloud hybrid IT environment of IaaS, on-premises, SharePoint and cloud storage such as MS Azure, Amazon S2, Google Cloud, server-attached storage on SAN and DAS, network-attached storage, local PC, self-hosted and MS hosted implementations of SharePoint, and cloud storage such as Dropbox, Google Drive, OneDrive and Box.
- FileFlex Enterprise includes an activity log that monitors data access and sharing across all storage locations and logs all user and administrator activities. The activity log can be imported to the most popular risk management and SIEM systems using common import protocols.
- FileFlex Enterprise includes a management console where IT administrators can set access and sharing policies that can be determined on a user-by-user or group-by-group basis with storage location, folder, or even file-level granularity. Administrators can make selected devices, folders, or files ‘view-only’ with downloading of shared content prohibited, or they can allow access only and prohibit sharing altogether. Unauthorized copying of shared files can be prohibited by both users and administrators to maintain control over the privacy of files shared. FTP lacks this level of granular IT control and administration of organizational data stored on its server.
- FileFlex Enterprise includes optional double encryption where transmitted data is encrypted from sender to receiver (P2P) addressing threats such as man-in-the-middle, snooping and intercept.
- FileFlex Enterprise does not generate encryption keys in system memory where they can be potentially discovered by malicious actors. Instead, encryption keys are generated in the included PKI server that is controlled by the client organization. New encryption keys are generated for every session and tokens are available only per session.
- FileFlex Enterprise leverages existing servers and storage so that there is no duplication and no additional hardware investment is required.
- With FileFlex Enterprise no files are duplicated to a redundant server thereby reducing the organization’s threat surface.
- FileFlex Enterprise has all the security features you would expect such as SSO, MFA, device fingerprinting, U2F device support, AD and LDAP policy enforcement
- FileFlex Enterprise enables large data lift-and-shift scenarios between secure servers, from on-prem to cloud to hybrid.
- FileFlex is very user-friendly and supports Windows, Mac, Android, Linux and iOS devices.
Other Key Enablers of FileFlex Enterprise Over FTP
- File-sharing of large files and collaboration: End-users can easily share access to large unstructured files and folders along with options to view/stream them directly from source locations without having to move any data. In addition, shareable access can be extended to external guest users and groups.
- Creation of virtual data rooms: Users can set up as many rooms with as many users as they need, and IT can set permissions on a user-by-user basis at no additional costs. In addition, the rooms can be facilitated from any repository, and all user activity is logged for analytics, monitoring, and alerts.
- Access to specific files and folders controlled: Users and or user groups can be set to access data only as permitted by IT. Share recipients can only access files and folders shared with them. Access is abstracted from the infrastructure and the infrastructure stays dark to users accessing the data through the FileFlex Server. In addition, no special file movement needs to take place to facilitate secure data sharing, as access to the source data is facilitated through FileFlex Enterprise by way of secured proxied connectors that exist within source networks that contain the data.
- No duplication, no storage costs: This is critical for what that does is leverage an organization’s existing investments in storage and servers and share and access data from original locations.
- Facilitates user to user, user to server, and server to server sharing, access, and file transfer: Data lift and shifts between servers, timed windows of access for users, both between themselves and to the servers that they are discretely assigned access to. All scenarios are covered.
- Lowers cost and is easier to maintain: Flat fixed pricing with no cost creep. Easy to maintain and in most cases, no additional investment in manpower, servers or storage is required.
Selected as a Red Herring Top 100 Global winner for disruptive technology, FileFlex Enterprise is the world’s first overlay service that unifies remote access, sharing, and governance of unstructured data storage across multiple environments using a Zero Trust Architecture.
The zero trust data access architecture, support for a hybrid-IT infrastructure including support for SharePoint, support for Infrastructure-as-a-Service (IaaS) providers and other cloud providers differentiate FileFlex Enterprise from FTP which requires uploading and duplication to a redundant server.
The FTP solutions have compromises and issues such as an increased risk posture, privacy compromise, fragmented data, the need to manage limited subsets, technical complexity, and high cost.
FTP inherently lacks zero trust security and cannot support a hybrid-IT infrastructure or SharePoint. Because of productivity benefits when originally introduced, the market has accepted these compromises. However, the zero-trust, hybrid-IT architecture of FileFlex Enterprise allows it to provide the same productivity benefits while addressing the compromises and issues inherent to FTP at a lower cost. It adds IT governance and administration over access to unstructured data, superior control over file sharing with permissions, collaboration features, the ability to create virtual data rooms, and more. It vastly improves the organization’s security posture, allows access to all storage – not just subsets, – ensures privacy, keeps the management of organizational files under organizational control, accelerates compliance with privacy regulations such as GDPR and HIPAA, and leverages the organization’s existing storage infrastructure to produce a disruptive low-cost model that can be applied to all storage.
That is critical and as the above points prove there is one reality that simply can not be disputed: The time has come to replace FTP with a secure platform based on a Zero Trust architecture for all remote, internal and B2B upload and download requirements.
For more information on the advantages of using a zero trust data access platform see ZTNA, ZTAA and ZTDA – A Deep Dive and Accelerating Digital Transformation Leveraging Zero Trust Data Access (ZTDA) in a Microsoft Ecosystem.