TL;DR: Legacy FTP transmits usernames, passwords, and file contents in plain text, leaving sessions exposed to interception and brute-force abuse while SecurityScorecard’s article recommends encrypted alternatives such as SFTP, FTPS, and managed file transfer controls. Plaintext file transfer is now a governance problem, not just a protocol flaw, because exposed transfer paths can become an identity and data exfiltration entry point.
At a glance
What this is: This is an analysis of why legacy FTP remains risky, with the central finding that unencrypted file transfers expose credentials and file contents to interception.
Why it matters: It matters because FTP usage often intersects with service accounts, third-party access, and data movement controls that IAM, PAM, and security teams must govern together.
By the numbers:
- A 2025 Verizon Data Breach Investigations Report found that network protocol vulnerabilities, including those in legacy file transfer systems, remain a significant attack vector for cybercriminals.
👉 Read SecurityScorecard's analysis of FTP vulnerabilities and secure transfer alternatives
Context
FTP is a legacy file transfer protocol that was built for connectivity, not confidentiality, so usernames, passwords, and file payloads can traverse the network without encryption. In modern environments, that makes file transfer a governance issue as much as a transport issue, because exposed transfer channels can carry credentials, sensitive records, and third-party data.
The article’s underlying point is that secure file transfer cannot be treated as a narrow infrastructure choice. Where FTP is still embedded in vendor integrations or service workflows, the identity layer becomes part of the risk picture because access control, authentication strength, and secret handling determine whether transfer activity is merely inefficient or materially dangerous.
Key questions
Q: What breaks when organisations keep using plaintext FTP for sensitive transfers?
A: Plaintext FTP breaks confidentiality and weakens accountability at the same time. Attackers who can observe the network may capture credentials, session commands, and file contents, then reuse those secrets for broader access. It also creates hidden dependencies on service accounts and vendor integrations that security teams may not be reviewing as part of normal identity governance.
Q: Why do legacy file transfer protocols increase identity risk in enterprise environments?
A: Legacy file transfer protocols increase identity risk because they often rely on reusable credentials, shared accounts, and broad permissions to keep workflows simple. Once those credentials are exposed, the attacker usually gains a legitimate login path rather than a noisy exploit. That is why transfer systems should be treated as part of the identity attack surface.
Q: How do security teams know whether FTP has become a hidden control gap?
A: Look for repeated use of older transfer protocols, service accounts with broad file permissions, and partner connections that lack encryption or strong authentication. If those flows are not in your identity lifecycle, access review, and logging processes, the gap is already operational. Discovery plus control mapping is the clearest signal of exposure.
Q: Should organisations prioritise FTP replacement before adding more monitoring around it?
A: Yes, when the transfer involves sensitive data or credentials. Monitoring can help with detection, but it does not remove plaintext exposure or weak authentication. The better sequence is to identify every FTP dependency, migrate high-risk flows to encrypted alternatives, and then keep monitoring for any residual use that should be retired.
Technical breakdown
Why plaintext FTP sessions are easy to intercept
Traditional FTP separates control traffic and data traffic, but neither channel is encrypted by default. That means login credentials, directory commands, and file contents can be captured by anyone able to observe the network path, including insiders, compromised hosts, or an attacker positioned for packet capture. The protocol’s age is the issue: it predates modern assumptions about hostile networks, so confidentiality and integrity are left to external controls rather than built into the session.
Practical implication: treat any remaining FTP flow as exposed data movement unless encryption is enforced at the protocol or network layer.
Authentication weakness in legacy FTP access
FTP commonly relies on reusable usernames and passwords, often without certificate-based authentication or multi-factor verification. That makes it vulnerable to brute force attempts, credential stuffing, and reuse of stolen secrets from other systems. In practice, FTP accounts are often over-permissioned because they are created for operational convenience, which turns a simple login compromise into broad file system exposure. The control problem is not just authentication strength, but also the scope of what that authentication unlocks.
Practical implication: bind FTP access to strong authentication, minimal privileges, and tightly scoped accounts rather than shared credentials.
SFTP, FTPS, and managed file transfer as control replacements
SFTP replaces FTP’s plaintext session with SSH encryption and a single secure channel. FTPS adds TLS protection to FTP workflows, while managed file transfer platforms add logging, automation, and policy controls around the transfer process. These alternatives matter because they address different failure points: transport confidentiality, authentication assurance, and operational visibility. None of them is purely a technical swap. Migration also needs workflow mapping, third-party coordination, and monitoring so that hidden FTP dependencies do not survive under a new label.
Practical implication: inventory all FTP integrations before migration so that replacement controls cover every workflow, not only the obvious servers.
NHI Mgmt Group analysis
FTP insecurity is really an identity and access problem disguised as a transport protocol issue. Plaintext transfer exposes both authentication material and content, so an attacker who can observe traffic may gain valid access rather than merely steal data in transit. That makes FTP relevant to IAM and PAM teams because the security failure often begins with how credentials are issued, reused, and scoped across service workflows. Practitioner conclusion: legacy transfer protocols should be governed as access pathways, not just network services.
Legacy file transfer creates a standing-secret exposure window that modern controls are expected to close. FTP’s design leaves little room for enforced confidentiality, and many organisations compensate with weak passwords, shared accounts, or indirect network segmentation. Those compensating controls do not eliminate the exposure created by persistent credentials and unencrypted sessions. Practitioner conclusion: remove standing credentials from file transfer paths wherever possible and treat residual FTP as a temporary exception.
Secure transfer migration is now part of third-party and machine identity governance. The article points to vendor and partner connections that may use FTP without the security team’s visibility, which is exactly where NHI governance becomes relevant. Service accounts, integration tokens, and automated transfer jobs can outlive their original justification and remain hard to inventory. Practitioner conclusion: include file transfer endpoints in identity lifecycle reviews and third-party access governance, not only in network hardening.
File transfer protocols need policy, logging, and asset discovery before they need more user awareness. Organizations rarely break FTP risk by asking users to be careful; they reduce it by discovering every transfer path, defining approved alternatives, and monitoring for legacy protocol drift. That is where NIST-CSF, NIST SP 800-53, and OWASP-NHI align with operational reality. Practitioner conclusion: focus first on discovery and enforcement, then on migration.
What this signals
Legacy transfer protocols expose the same governance gap that underpins many machine identity failures: credentials outlive the controls meant to protect them. When file transfer jobs still depend on plaintext authentication or shared service accounts, the programme inherits a standing-exposure problem rather than a pure technology problem. Teams should fold those transfers into identity lifecycle and third-party access reviews, not leave them in infrastructure backlog.
The practical signal is that file transfer modernisation should be treated as an access redesign exercise. If a vendor or automation path still requires FTP, the question is not only whether the traffic is encrypted, but whether the associated identity can be scoped, rotated, logged, and retired cleanly. That is the control boundary practitioners should tighten.
As more organisations rationalise machine-to-machine connectivity, legacy protocols become an indicator of wider governance debt. Discovery, least privilege, and auditability need to be applied consistently across service accounts and partner integrations, or the weakest transfer path will remain the easiest path into sensitive data.
For practitioners
- Inventory all active FTP dependencies Map every server, vendor integration, automation job, and service account that still uses FTP, then classify each one by data sensitivity and business criticality. Include hidden dependencies in third-party workflows and scheduled transfer jobs, not just known infrastructure endpoints.
- Replace plaintext transfer with encrypted alternatives Move sensitive workflows to SFTP, FTPS, or managed file transfer platforms, and confirm that encryption covers both authentication and payloads. Validate that the chosen alternative supports the operational pattern in use, including batch jobs, partner exchanges, and automation accounts.
- Tighten account scope for transfer services Use dedicated, minimal-privilege accounts for transfer activity and remove shared logins wherever possible. Pair that with credential rotation, non-default passwords, and explicit offboarding for vendor or automation accounts that no longer need transfer access.
- Add detection for legacy protocol traffic Monitor for FTP sessions, repeated failed logins, and unexpected file movement so that residual use is visible before it becomes an incident. Correlate transfer logs with identity and endpoint telemetry to spot abuse patterns that single-control monitoring would miss.
Key takeaways
- FTP remains risky because it exposes credentials and file contents in transit, turning a transport choice into an access-control problem.
- The real operational weakness is not only plaintext traffic, but also the shared accounts, weak passwords, and over-broad permissions that often surround it.
- The most durable fix is to inventory every FTP dependency, replace high-risk flows with encrypted alternatives, and bring transfer accounts into normal identity governance.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and MITRE ATT&CK address the attack and risk surface, while NIST CSF 2.0, NIST SP 800-53 Rev 5 and CIS Controls v8 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Legacy FTP often depends on unmanaged service credentials and weak rotation practices. |
| NIST CSF 2.0 | PR.AC-1 | FTP risk hinges on who can access transfer paths and how that access is governed. |
| NIST SP 800-53 Rev 5 | IA-5 | FTP commonly relies on reusable secrets that need stronger authenticator management. |
| CIS Controls v8 | CIS-5 , Account Management | FTP exposure often persists because transfer accounts are not lifecycle-managed. |
| MITRE ATT&CK | TA0006 , Credential Access; TA0008 , Lateral Movement | Interception of FTP credentials can lead directly to credential abuse and wider movement. |
Inventory file-transfer accounts under NHI-03 and replace any standing credentials with managed alternatives.
Key terms
- File Transfer Protocol: File Transfer Protocol is a legacy network protocol used to upload, download, and manage files between systems. In security terms, its main weakness is that classic implementations do not encrypt credentials or payloads, which makes intercepted traffic immediately useful to attackers.
- Plaintext Transfer: Plaintext transfer means data is sent across the network without encryption. For identity and data security teams, that creates exposure of usernames, passwords, commands, and file contents to anyone who can observe the traffic path, whether on the endpoint, network, or a compromised intermediary.
- Managed File Transfer Gateway: A managed file transfer gateway is a system that brokers file exchange between internal and external parties under controlled policy. Because it often handles sensitive data and runs with elevated privileges, it becomes a high-value identity and segmentation target when administrative access is not tightly governed.
What's in the full article
SecurityScorecard's full article covers the operational detail this post intentionally leaves for the source:
- A step-by-step breakdown of FTP server configuration choices and the controls that reduce exposure.
- Specific guidance on SFTP and FTPS migration paths for teams replacing legacy transfer workflows.
- Operational detail on monitoring, logging, and event correlation for transfer activity.
- Examples of managed file transfer capabilities that support encryption, auditability, and compliance reporting.
Deepen your knowledge
NHI Mgmt Group covers identity security, NHI governance, and agentic AI through independent research, practitioner guides, and the NHI Foundation Level course. Explore nhimg.org for resources that connect identity governance to the broader security disciplines your programme depends on.
Published by the NHIMG editorial team on July 12, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org