Given FTP is ‘free’ it was also widely adopted by businesses in the past. Today, many businesses still use FTP to exchange files with contractors, customers, etc. Where FTP software might be free, and cheap storage can be used in-house or in the public cloud, the consequences of a lack of security can be very, very vast.
We have 5 tips for companies that are still doing FTP today to increase protection to a ‘basic’ level:
- Disable standard FTP and move to FTPS and/or SFTP: in the 21st century, using a solution without decent privacy and integrity means putting the door wide open for hackers to access and modify your data.
- Use the most recent encryption: if you’re already running FTPS or SFTP, make sure that you are using a recent encryption cypher solution such as AES. Don’t rely on old solutions like Blowfish or DES which can be easily hacked
- Implement IP black- and whitelists: an IP blacklist denies a range of IP addresses from accessing the system, either temporarily or permanently. For example, you may want to block certain countries from access. This can also protect you (partially) from distributed DoS attacks
- Use an FTP Gateway: typically, FTP servers used to be placed in the DMZ. Doing so limits the risks or exposure to the private network. However, given the DMZ is facing the public internet, it is also a segment that is very vulnerable to attack. Therefore, FTP gateways or reverse proxies can be used, as they offer a special control channel into the private network
- Implement file and folder security: contractors, customers, employees, etc. should only have access to data they are allowed to see
Clearly, adding the (still) basic security layers increases the complexity for the admin, and will increase the cost of the setup. But let’s not forget the end-user impact. They will very often still need to install and setup a local FTP client. This becomes especially tricky (and support-intensive!) when the users are spread across many contractors and customers.
Let’s face it, FTP (even FTPS or SFTP) are not giving businesses the required level of protection, ease-of-use or manageability. Above the surface they are cheap (or free), but below the surface a whole range of risks and costs arise.
Awingu can be the modern alternative to FTP. Awingu is a browser-based “Unified Workspace” solution. It gives access to apps and files from a browser. Architecturally, Awingu is a virtual appliance that acts as a gateway on top of a WebDAV or CIFS file share (something you probably already have in-house).
Awingu will give users access to documents, the ability to download or upload, and even the ability to ‘share’ documents. All of this happens within the framework of a browser of your choice. That is nice and easy for the admin: he or she doesn’t need to manage anything on the end-user’s device.
‘Files’ section in the Awingu workspace: access, download, upload or share documents
In terms of security, Awingu will add a whole lot: authentication runs via the built-in multi-factor authentication solution, and everything is encrypted and runs in HTTPS. The access rights in Active Directory and the file server will apply, so there’s no need to set up a separate rights management. Finally, everything is fully audited and enriched with anomaly detection to assure compliancy (e.g. for GDPR purposes).
Use Awingu’s built-in ‘One Time Password’ solution together with
Google Authenticator for secure authentication
Use Awingu’s built-in usage audit log gives full insight into who opened, deleted, uploaded, etc. what document and more
Oh, and we almost forget about the coolest thing: Awingu is a ‘workspace’. This means that you don’t need to limit yourself to files. You can run your legacy Windows, Linux or web applications and desktops in that same browser-based workspace!
Run applications and desktops in your browser with Awingu