As you scout for the most cost-effective way of transmitting files with your business units and trading partners, among the many file sharing solutions that will likely stand out are free FTP servers. Most of these software applications are already bundled (or readily available through repositories) in operating systems like Linux, Mac OS X and Microsoft Windows, so they likely don't require additional costs ... or so it seems.
When you operate on a tight IT budget, costs mean everything. And because these free FTP servers are readily available and, more importantly, require zero upfront costs, they become very attractive from a financial standpoint. However, if you take a closer look at the total cost of ownership (TCO) of these solutions, they're really not as affordable as they initially appear.
The problem is, when organizations see the 'free' price tag of these FTP servers, many of them immediately jump in, pick what they think is the best option and deploy it on their network, only to discover later on that it's more expensive in the long run, especially for ad hoc transfers. Worse, you normally realize the mistake after you've already gone through the trouble of setting up, integrating and transferring a couple of large files with it. When you reach that point, you're forced to either continue using it (in spite of the associated costs) or go back to the drawing board.
In this article, we point out the major hidden costs of free file transfer software so you can avoid the mistakes other businesses have made.
Administrative Overhead
Aside from a few exceptions, free FTP server software only provides basic documentation for installation and deployment. If you need additional information for setting up the server in more specialized configurations (like deploying it behind a DMZ , building a high availability cluster , or adding security functionality ) you'll need to scour the web to get that information. That's going to require a great deal of time.
That's also not counting additional time integrating the server into your business processes, which usually requires sophisticated scripts to automate tasks. The time and skill needed to fully deploy an FTP server for enterprise use can be substantial.
If your undersized IT department or one-person IT team is already overloaded with other administrative and firefighting tasks, this exercise could cost you precious hours and compromise other business-impacting tasks. Worse, if your server admin lacks script-writing skills, you could be forced to hire a third party to help you out.
Third-Party Support
Once you've got everything set up and start sending files, pretty soon you'll encounter problems. It might be connectivity issues related to your firewall settings (FTP is notorious for these types of problems), a capacity-related issue, or perhaps a bug. Once your users are unable to connect, the server becomes unresponsive, or if you encounter some other problem that impacts your operations and your IT staff can't determine the root cause, you'll be forced to seek help from people who are more familiar with your FTP server.
The problem is, free FTP server solutions are rarely backed by comprehensive support services. Sure, most open source FTP solutions are backed by a community. But how fast do you think members of that community would respond? If you're lucky, you might get a response the following day or within the week. But there's no guarantee to that.
If you're encountering a business-critical issue (as most file transfer-related issues go), we're pretty sure you'd want to resolve the issue right away and would prefer support services with much quicker response times, like say within the day or within the hour.
In some cases, you might want to talk to a support engineer over the phone to explain your problem more thoroughly or, better yet, get into a screen sharing session. Sometimes, you might also want assistance during weekends or during the holidays. If you're using a free FTP server, there's practically zero chance you can get this level of support.
One option would be to hire third-party IT support services. But if you do that, that means you'll be incurring additional costs and that free FTP server won't be totally free anymore. Furthermore, these third party support services, especially for one-time jobs, can be very pricey.
We're not saying commercial or proprietary file transfer solutions are devoid of technical issues. But these solutions typically already include basic support services (at no extra cost) in their license agreements. In addition, you can already get a response and probably even resolve the issue in no more than a couple of hours.
Downtime Costs
The biggest consequence of having very limited access to proper support services when encountering issues is downtime. As you struggle to resolve issues on your own, the temporary disruption can cause a domino effect. File transfer servers are vital to business operations. The data they move around are needed to complete business processes. So, if these servers fail, their unavailability can significantly impact other business units and even other organizations.
This, in turn, can lead to lost opportunities and frustration not only for your organization, but also for your trading partners and their own trading partners, especially if you're part of a supply chain. And if these disruptions happen frequently or over extended periods, they could damage business relationships.
The advantage of commercial or proprietary file transfer solutions is that, if you require more advanced support services (like 24/7 support) to help you deal with business-critical issues, those options are readily available.
Security Gaps
Most of these free FTP servers have only one function. That is, to transfer files from point A to point B. But in the enterprise world, where information exchanges include sensitive data, requirements for file transfer processes are much more stringent. At the minimum, you'll need security features like:
- Detailed logs to provide ample reference for auditing, troubleshooting, and digital forensics purposes
- Encryption to preserve data confidentiality while at rest (stored on the server) or in motion (while traversing the network). For example, support for TLS/SSL and SSH
- Dynamic blocking of IPs or user accounts after too many failed login attempts to prevent hackers from brute forcing their way into the server
- Strong password policies to prevent unauthorized access, particularly via brute force attacks
- Two-factor authentication to counter hackers who might have stolen passwords through social engineering attacks and other methods
Ordinary FTP servers are not equipped with these features. And so, in order to secure your data transfers, you'll need to acquire security solutions that you can integrate with your FTP server. Some of these solutions might have to be purchased. In addition, if you don't have the in-house talent, you'll likely need to hire a third party systems integrator. Again resulting in more additional costs.
Regulatory Compliance Deficiencies
The security deficiencies of FTP can be a hindrance to your regulatory compliance endeavors. Unlike secure file transfer protocols (SFTP or FTPS ), FTP lacks built-in data security functions needed for regulatory compliance. If you review the data transfer-related requirements of regulations like PCI DSS or HIPAA, you'll realize that FTP clients fail to meet many of these requirements.
To avoid regulatory penalties, you might have to replace your FTP client with a more secure alternative, like a SFTP server. But what if you've already invested a lot in setting up and integrating your FTP server? Well, you've got a couple of options:
- You could incorporate security solutions as discussed in the previous section
- You could limit the use of FTP to data transfers that don't involve protected information and then employ a more secure solution like a SFTP server for file transfers that are considered in-scope of the regulation.
Regardless which option you choose (or if you replace your FTP server altogether), you'll need to incur additional costs.
Recommended posts:
Guide to PCI DSS Compliant File Transfers
Guide to HIPAA Compliant File Transfers
If you add up all these additional costs, that free FTP server won't be so free anymore. In fact, it could turn out more expensive than a solution that's purposely built for enterprise-grade file transfers.
How To Use A Free, Secure FTP Server Without Incurring Additional Costs
There are always exceptions to the rule. In this case, it's possible to obtain a secure FTP server that doesn't come with the additional costs mentioned above. For instance, if you download a copy of the JSCAPE MFT Server Starter Edition , you would gain access to a free, fully functional managed file transfer server.
Being a managed file transfer server, JSCAPE MFT Server Starter Edition supports FTP. But in addition to that, it also:
- Supports additional file transfer protocols, including FTPS, SFTP, AS2, HTTPS, WebDAV, and many more
- Features an intuitive user interface that enables scriptless workflow automation capabilities using Triggers
- Contains security features like detailed logging, data-in-motion and data-at-rest encryption, dynamic blocking of IPs or user accounts, multiple password policy options, two factor authentication, data loss prevention and many others
- Provides an extensible API for Trigger actions, functions, report metrics and authentication modules
- Includes the JSCAPE MFT Gateway which is a reverse proxy server that enables users to stream network services without opening inbound ports or storing information in the DMZ
Get Your Free Trial
Would you like to try this yourself? JSCAPE MFT Server is platform-agnostic and can be installed on Microsoft Windows, Linux, Mac OS X and Solaris, and can handle any file transfer protocol as well as multiple protocols from a single server. Additionally, JSCAPE enables you to handle any file type, including batch files and XML. Download your free 7-day trial of JSCAPE MFT Server now.
Related Content
Guide On How To Set Up An SFTP Server
How To Install An SFTP Server On Windows