Saving Money With SFTP
By Ian Kilpatrick, Chairman Wick Hill Group `
Everyone is looking to cut costs in the recession, but there is one solution which many companies don't realise has the potential to save money for minimal investment and minimal disruption, which also can provide fast ROI.
A lot of organisations still have legacy systems and are happy to live with them, given the huge upheaval and potential expense which replacement would mean. But those legacy systems have some costly aspects to them, which can easily be improved and which offer the potential for savings.
FTP file transfer from legacy systems normally goes on in the background without anyone paying too much attention to it. It's the part of legacy systems which is below the surface and which gets taken for granted.
Many companies rely on FTP for file transfer, however there are a number of issues which make FTP ripe for improvement and offer companies the potential to cut costs and gain ROI. The solution to the problems of FTP is to use SFTP (secure file transfer protocol) instead.
The problems with FTP
Built in the 1970s, FTP has become an auditor's nightmare and a major security loophole due to clear text authentication and data transmission, anonymous access, bounce attack, use of ephemeral ports and lack of host identification.
- you can't use strong authentication
- you can't use strong encryption
- it lacks data integrity
SFTP is a strongly encrypted file transfer protocol that easily traverses firewalls and authenticates the host and the client.
Performance with FTP is poor, especially with ever-increasing file sizes and an ever-increasing number of files to be transferred, resulting in too much server time being taken up and too many valuable staff tied up with file transfer administration.
Performance can be greatly enhanced with the right SFTP solution.
Server capacity and management time are crucial considerations in a recession. Because of SFTP's potentially superior performance over FTP, you don't need as much server capacity to do file transfers, resulting in cost savings; and you need less valuable staff to administer file transfers, again resulting in cost benefits.
As your security is improved, you won't be at such risk of the financial consequences of security problems such as data leakage; and you will be able to avoid any financial consequences of non-compliance.
If you've got multiple legacy systems, then consolidating into one SFTP supplier will cut down on your maintenance and other work around those legacy systems.
The past ten years have seen regulations and industry standards becoming increasingly important. SFTP helps organisations achieve their compliance objectives by improving security to the standards required today. It protects mission-critical information in transit, guaranteeing its integrity and preventing unauthorised access.
Switching to SFTP, or from one SFTP supplier to another, is not just about saving money. It's also about improving infrastructure efficiency. Replacing FTP with an efficient SFTP solution will ensure enterprises are compliant with security requirements and will at the same provide much improved performance and scalability, together with good management and reporting.
All SFTP solutions are not created equal
It's crucial to review the choices in SFTP systems because there are huge differences in performance, which can affect the ability to gain ROI on investment.
Recent tests (December 2008) by Tolly reviewed three leading secure shell solutions
- Open Text Connectivity Secure Server 1.0
- Attachmate Corp. Reflection for Secure IT Server 6.1
- SSH Communications Tectia Server 6.0
Key findings were:
- Open Text delivered the highest performance and maximum scalability of the three secure server products tested.
- In tests, transferring a 36 Mb file from a server to a requesting client, Open Text Connectivity Secure Server completed the task 10x faster than Tectia Server and 24 times faster than Attachmate's Reflection for Secure IT Server. In single session and multi-session tests, Open Text Connectivity Secure Server routinely outperformed the two other products tested.
- Open Text costs up to 12x less to support 1,000 concurrent FSTP connections than the other two solutions tested.
- Open Text completed 1,000 SFTP file transfer sessions from four PC clients on a single server while Attachmate and SSH Tectia servers failed to scale properly
- Open Text imposed less overhead on host server CPU than the other products tested
- Open Text used 9x less CPU memory than the other two solutions to complete a 36 Mb file transfer to client
Open Text was the only product to scale successfully to 1024 sessions. This means it can be deployed on just a single server, saving on hardware costs, space, and associated deployment and ongoing support costs.
Tolly concluded that users would spend
- 5,600$ to support 1000 sessions with Open Text
- 14,000$ for SSH
- 60,000$ for Attachmate
Open Text Connectivity Secure Server 1.0
Connectivity Secure Server 1.0 is a state of the art Secure Shell solution from Hummingbird, The Open Text Connectivity Solutions Group. Hummingbird was the creator of Exceed and Exceed on Demand, and the industry choice for UNIX-based applications remote access. It plugs into any TCP/IP network and offers strong authentication mechanisms, government grade encryption algorithms, and content integrity protection methods for data in transit.
Connectivity Secure Server provides -
- faster file transfer
- better up-time
- smaller memory and CPU consumption
- support for a higher number of simultaneous user sessions
- time-saving central administration console
Complete point-to-point security solution
Connectivity Secure Server can be used in conjunction with other Open Text (formerly Hummingbird) security products: Connectivity Secure Shell, the Secure Shell add-on for Exceed and Host Explorer; or Connectivity SecureTerm, the only web and desktop based stand alone Secure Shell client on the market. All products include FIPS 140-2 certified Hummingbird Cryptographic Module for increased security.
Ian Kilpatrick, the author, is chairman of Wick Hill Group plc, specialists in secure infrastructure solutions for ebusiness. Kilpatrick has been involved with the Group for over 30 years and is the moving force behind its dynamic growth. Wick Hill is an international organisation supplying most of the Times Top 1000 companies through a network of accredited resellers.
Kilpatrick has an in-depth experience of computing with a strong vision of the future in IT. He looks at computing from a business point-of-view and his approach reflects his philosophy that business benefits and ease-of-use are key factors in IT. He has had numerous articles published in the UK and oveseas press, as well as being a regular speaker at IT exhibitions.
CRN 2008 channel awards winnder of '
Channel Personality of the Year', he is never afraid to voice his opinions on all aspects of the industry and on IT security issues in particular. He has an in-depth experience of computing with an excellent understanding of the industry from the vendor, distributor, reseller and end user point-of-view.
He has a strong vision of the future in IT and IT security. His approach reflects his philosophy that business benefits and ease-of-use are key to successful infrastructure deployment.
Please contact Wick Hill on +44 (0)1483 227600, web www.wickhill.com.