As you scout for the most cost-effective way of transmitting files with your business units and trading partners, among the many solutions that will likely stand out are free FTP servers. Most of these sofware applications are already bundled (or readily available through repositories) in operating systems like Linux, older versions of Mac OS X, and even Windows, so they likely don't require additional costs ... or so it seems.
When you operate on a tight IT budget, costs mean everything. And because these free FTP servers are readily available and, more importantly, require zero upfront costs, they become very attractive from a financial standpoint. However, if you take a closer look at the total cost of ownership (TCO) of these solutions, they're really not as affordable as they initially appear.
The problem is, when organizations see the 'free' price tag of these FTP servers, many of them immediately jump in, pick what they think is the best and deploy it on their network; only to discover later on that it's actually more expensive in the long run. Worse, you normally realize the mistake after you've already gone through all the trouble of setting up, integrating, and even transfer a couple of files with it. So, when you reach that point, you're then forced to either continue using it (in spite of the associated costs) or go back to the drawing board.
In this article, we point out the major hidden costs of free FTP servers that you might not be aware of and help you avoid the mistakes other businesses have made.
Aside from a few exceptions, many of these free FTP servers only provide basic documentation for installation and deployment. If you need additional information for setting up the server in more specialized configurations (like deploying it behind a DMZ, building a high availability cluster, or adding security functionality) you'll need to scour the web to get that information. That's going to require a great deal of time.
That's not yet counting additional time for integrating the server into your business processes, which usually requires sophisticated scripts to automate tasks. The time and skill needed to fully deploy an FTP server for enterprise use can be substantial.
If your undersized IT department or one-man IT guy is already overloaded with other administrative and firefighting tasks, this exercise could cost you precious man hours and compromise other business-impacting tasks. Worse, if your server admin lacks script-writing skills, you could be forced to hire a third party to help you out.
Third party support
Once you've got everything set up and start sending files, pretty soon you'll encounter problems. It might be connectivity issues related to your firewall settings (FTP is very notorious for these types of problems), a capacity-related issue, or perhaps a bug. Once your users are unable to connect, the server becomes unresponsive, or if you encounter some other problem that impacts your operations and your IT staff can't determine the root cause, you'll be forced to seek help from people who are more familiar with your FTP server.
The problem is, free FTP server solutions are rarely backed by a comprehensive suite of support services. Sure, most open source FTP solutions are backed by a community. But how fast do you think members of that community would respond? If you're lucky, you might get a response the following day or within the week. But there's no guarantee to that.
If you're encountering a business-critical issue (as most file transfer-related issues go), we're pretty sure you'd want to resolve the issue right away and would prefer support services with much quicker response times, like say within the day or within the hour.
In some cases, you might want to talk to a support engineer over the phone to explain your problem more thoroughly or, better yet, get into a screen sharing session over Webex or GoToMeeting. Sometimes, you might also want assistance during weekends or during the Holidays. If you're using a free FTP server, there's practically zero chance you can get this level of support.
One option would be to hire third party IT support services. But if you do that, that means you'll be incurring additional costs and that free FTP server won't be totally free anymore. Furthermore, these third party support services, especially for one-time jobs, can be very pricey.
We're not saying commercial or proprietary file transfer solutions are devoid of technical issues. But these solutions typically already include basic support services (at no extra cost) in their license agreements. In addition, you can already get a response and probably even resolve the issue no more than a couple of hours.
The biggest consequence of having very limited access to proper support services when encountering issues is downtime. As you struggle to resolve issues on your own, the temporary disruption can cause a domino effect. File transfer servers are usually vital to business operations. The data they move around are needed to complete business processes. So, if these servers fail, their unavailability can significantly impact other business units and even other organizations.
This, in turn, can lead to lost opportunities and discontent not only for your organization, but also for your trading partners and their own trading partners, especially if you're part of a supply chain. And if these disruptions happen frequently or over extended periods, they could eventually damage business relationships. You certainly can't afford that to happen.
The advantage of commerical or proprietary file transfer solutions is that, if you require more advanced support services (like 24/7 support) to help you deal with business-critical issues, those options are readily available.
Most of these free FTP servers have only one function. That is, to transfer files from point A to point B. But in the enterprise world, where information exchanges can include sensitive data, file transfer requirements are normally much more stringent. At the minimum, you'll need security features like:
- Detailed logs - to provide ample reference for auditing, troubleshooting, and digital forensics purposes;
- Encryption - to preserve data confidentiality while at rest (stored on the server) or in motion (while traversing the network);
- Dynamic blocking of IP or user account - to block clients after too many failed login attempts and prevent hackers from brute forcing their way into the server.
- Implementing strong password policies - to prevent unauthorized access, particularly via brute force attacks.
- Two-factor authentication - to counter hackers who might have stolen passwords through social engineering attacks and other methods.
Ordinary FTP servers are not equipped with these features. And so, in order to secure your data transfers, you'll need to acquire security solutions that you can integrate with your FTP server. Some of these solutions might have to be purchased. In addition, if you don't have the in-house talent, you'll likely need to hire a third party systems integrator. Again, more additional costs.
Regulatory compliance deficiencies
The security deficiencies of FTP can be a hindrance to your regulatory compliance endeavors. Unlike secure file transfer protocols like SFTP or FTPS, FTP lacks built-in security functions needed for regulatory compliance. If you review the data transfer-related requirements of regulations like PCI DSS or HIPAA, you'll realize that FTP servers fail to meet many of these requirements.
So, to avoid regulatory penalties, you might have to replace your FTP server with a more secure alternative, like say an SFTP server. But what if you've already invested so much in setting up and integrating your FTP server? Well, you've got a couple of options.
- You could incorporate security solutions as discussed in the previous section, or
- You could limit the use of FTP to data transfers that don't involve protected information and then employ a more secure solution like a SFTP server for file transfers that are considered in-scope of the regulation.
Regardless which option you choose (or if you replace your FTP server altogether), you'll need to incur additional costs.
If you add up all these additional costs, that free FTP server won't be so free anymore. In fact, it could turn out more expensive than a solution that's purposely built for enterprise-grade file transfers.
How to use a free, secure FTP server whithout incurring additional costs
There are always exceptions to the rule. In this case, it's possible to obtain a secure FTP server that doesn't come with the additional costs mentioned above. For instance, if you download a copy of the JSCAPE MFT Server Starter Edition, you would already gain access to a free, fully-functional managed file transfer server.
Being a managed file transfer server, JSCAPE MFT Server Starter Edition already supports FTP. But in addition to that, it also:
- Supports several other file transfer protocols like FTPS, SFTP, AS2, HTTPS, WebDAV, and many others;
- Enables scriptless, GUI-based automation capabilities through Triggers;
- Is loaded with security features like detailed logging, data-in-motion and data-at-rest encryption, dynamic blocking of IPs or user accounts, mulitple password policy options, two factor authentication, data loss prevention, and many others; and
- Features an extensible API for Trigger actions, functions, report metrics and authentication modules.
The Starter Edition already comes with free technical support for the first 60 days, so (combined with all those built-in capabilities) it practically eliminates the costs associated with administrative overhead, third party support, downtime, security gaps, and regulatory compliance deficiencies.
JSCAPE MFT Server Starter Edition is perfect for entry level users who want to experience the benefits of using a managed file transfer server for free.
Want to try it out now?
Download JSCAPE MFT Server Starter Edition now.
Want to be updated on posts like this? Connect with us...