System iNetwork

January 22, 2008

FTP for President!

Probably one of the most popular types of software among end users across all industries is file transfer utilities. Although there are many ways to electronically move files from one computer system to another, the File Transfer Protocol (FTP) is the most common method. Some public figures might envy FTP. Maybe they should.

"In this era of fractured political preferences, at least here in the U.S., perhaps it's time to pay attention to one solution that actually unites this country." This what we might hear if FTP had a press secretary. Fortunately for all of us, in computer rooms across this nation, we instead simply hear the voice of the people (computer operators, mostly) saying, "It's running." Aren't we glad?

This popularity with users remains despite FTP's known security hazards. For example, there's really no control over the use of FTP in many environments, which lets users wittingly, or sometimes accidentally, send confidential information to someone who shouldn't have it. Sometimes the information is going to a proper recipient but it's via unencrypted means that can let other people who shouldn't have that information intercept it. More subtle problems, such as vulnerabilities created by program exit points to call FTP, also exist. As it is with some faults dogging some politicians, however, the end-user electorate largely doesn't seem to care. Style winning over substance? I'll let you decide.

People have made many efforts to address this problem both on and off the System i. Older methods involve such means as controlling System i authorities, encrypting the data being sent, and third-party FTP solutions that offer these or other protections. However, all such solutions require at least two prerequisites on the part of persons in a position of authority in an IT department, namely recognition that FTP security is a problem and the willingness to do something about it. Recognition is usually not the dilemma because FTP problems are getting to be a familiar cautionary tale. Doing something about it requires both the realization that "data theft can happen here" and the determination to install some sort of FTP solution that at least tracks FTP activity, if not actually securing it. Often, the real problem is that any protection scheme might complicate the lives of end users who want to use FTP, and some of those users may considerably outrank the IT person coping with the issue. Such software changes can be unpopular, and therefore it becomes easy to put off "reform efforts" in light of more urgent IT tasks. End users like their FTP too much to take any perceived interference with it lightly.

If you were one of those hoping that the logic of protecting corporate information assets would eventually prevail over end-user ease-of-use preferences, that hope has been dealt a nasty blow by the release of recent results of a Hilty Moore & Associates study of FTP use commissioned by Sterling Commerce. That survey shows that end-user preference for FTP use is at an all-time high (up 64 percent in 2007 over 2006 according to survey respondents) despite the fact that 93 percent of respondents experienced delivery stoppages or incomplete transmission as often as 20 percent of the time. In other words, end users love their FTP more than ever even though it doesn't always work reliably! Security concerns are just an also-ran.

The survey queried end users at more than 100 enterprises in such fields as diverse as financial services, health care, retail, manufacturing, and government. The one piece of good news is that 84 percent of respondents have "the same or an increased level of concern" about FTP security compared to 2006, and 60 percent say they are "in the process of stepping up their encryption efforts" with plans to encrypt 80 percent of their file transfers by the end of 2008. (I've heard of "Just in Time" as a concept in manufacturing, but this apparently doesn't apply to file transfer.)

If you're an IT person without an FTP solution, there are a wide range of products for i5/OS (dare I call it "The FTP Platform" in this context?) that can offer a specific remedy. "In the interest of equal time," I list them here alphabetically by product name for your convenience. Not all of them include built-in security, and some are terminal emulation products with inherent FTP capabilities. I have excluded those requiring the Java Virtual Machine. Vote wisely.

Alliance FTP Manager (Patrick Townsend & Associates),
Blue Zone Secure FTP (Seagull Software),
BOSaNOVA and BOSaNOVA TCP/IP (BOSaNOVA),
BOS Safe-T (Better On-Line Solutions),
ComMa2/400 (Fortech Italia),
Covast ODETTE File Transfer Protocol Adapter for IBM WebSphere (Covast),
CyberFusion Integration Suite (Proginet),
EASYVIEW (Help/Systems),
Envision Universal FTP (Surround Technologies),
ESEND (Help/Systems),
ETU File Transfer Utility (NLynx),
FileSWEEP/Rapid (Core Technology),
FileXfer3X400/370 (Broderick Data Systems),
FTP/400 (RJS Software Systems),
FTP/Client (INPRO International),
HTP-Link iSeries (RTC Group),
HostExplorer (Hummingbird),
OnWeb Web-to-Host (NetManage),
PASSPORT (Zephyr),
REDOC (Redoc),
Reflection for the Multi-Host Enterprise (AttachmateWRQ),
Remote Software Facility (Bug Busters Software Engineering),
RUMBA FTP (NetManage),
Robot/CLIENT (Help/Systems),
SSH Tectia Server (SSH Communications Security),
Surveyor/400 and Transfer Anywhere (Linoma Software),
TinyTERM Plus (Century Software),
truExchange FTP (nuBridges), and
Z/SCOPE (Cybele Software).

Posted by at January 22, 2008 1:09 PM