Is it time to replace FileZilla?

Why FileZilla isn't right for your business anymore...


If you say 'FTP' to anyone in tech, the first two applications that come to mind are FileZilla and WinSCP. FileZilla has been around for 22 years and is a staple of any tech administrator's arsenal. However, in a world where there is a cyber-attack every 39 seconds (according to Cobalt labs), can we continue to take the risk on applications we think of as “Old Faithful”? 

Time and time again, in our interactions with customers, we see FileZilla deployed as a tactical solution by technical teams—often as a rapid response to a specific issue or as a piece of the organization's legacy technology, implemented by an individual or a team with little knowledge of the business. Considering the evolving landscape of threats to business data and associated risks, the days of relying on free tools are numbered.

This isn’t to say FileZilla server doesn’t have a lot to offer, as it does, you can be up and running with the free edition of FileZilla server in under 10 minutes, and with zero application costs, anyone can understand why so many companies are drawn towards it. For this article, we're going to be focusing on the free edition of FileZilla, but we will cover the differences between the free edition and the pro enterprise version later on.

So, is it worth putting your business reputation in the hands of a free tool? In the early stages of any business, the goal is to keep costs low and profits high, making options like FileZilla appear as a dream come true. However, unfortunately, that age-old saying “If it ain’t broke” pops up, and systems that run like workhorses without any breaks or issues get forgotten about because they do what you need them to do in that moment in time. As the hands of the clock move forward, suddenly the solution that has never gone wrong develops a bunch of security holes and not enough logging to see if it’s already too late. This is the situation that hundreds of thousands of companies worldwide have with their file transfer deployments.


Risks and limitations of FileZilla 

There is always a catch when something is free, and unfortunately, this is still the case with the free edition of FileZilla. In modern applications, we expect to see certain security features that have now become the de-facto norm. Let’s talk about some of the ones missing from the free edition of FileZilla server that we wish it did have.

Alternative authentication methods such as Active Directory, LDAP and Single Sign On (SAML) are just some of the most widely used authentication methods out there, and each can help improve security and reduce your attack surface through a wide variety of policy-based actions in the background. If you apply this to your file transfer solution, it stops being just another FTP and becomes something integrated into the bigger picture of your IT estate.

When we think of risk, we often focus on the before, rather than the risk of after an event. Your security being compromised is no longer a matter of “if” but “when”, and having the right processes in place to show to an auditor, or even digital forensics specialist, that you did everything right is key. Reporting plays a crucial role within security, and can be the difference in knowing when to restore from backups, to avoid losing more work than required. The reporting element that is absent from FileZilla is something that could significantly improve the product's utility, not just from a security perspective but also from a housekeeping standpoint. For instance, do you know if one user has been using the server as their own personal Dropbox, taking up storage, leaving little for everyone else? Unfortunately with FileZilla, it’s a manual effort to find out.

Most organisations today have some sort of Disaster Recovery (DR) system in place. Designed to provide resilience in the event of a more significant failure of the MFT system, it’s a necessity to have a robust disaster recovery system in place. In fact, some businesses won't even consider a product unless it includes a disaster recovery option. You could create this yourself with FileZilla and Windows Server Clustering, however, as more businesses move to the cloud, Windows Server clustering is becoming an expensive option for a solution that has zero support if not configured correctly. Unfortunately, in these situations, you will only know if its configured correctly when everything goes wrong.

Let's move on from security and think about the modern workspace - automation is one of the keys to efficiency. Efficiency is equivalent to lower operational costs and lower operational error resulting from human interaction. In specific business area such as file transfer, requiring staff to manually perform uploads, downloads, file movements, or additional post transfer processing is time and money that could be spent in other areas that require a manual touch. Unlike some alternatives, FileZilla server has no built-in automation. Now you could perform some automation using scripts after FileZilla has received the files, however, we've all experiences scenarios where a senior IT employee writes a set of scripts to automate processes, and then years later, it stops working, and that individual is no longer with the company, creating chaos if not documented well.

The aim of the game for most companies is to grow, and as you grow, your demands grow with you. You will eventually get to a point where you end up in meetings centred around the word “scalability”, and you will start to question whether it’s time to put old faithful out to pasture. There is no native clustering for FileZilla server out of the box. You could put together a solution that might assist you in scaling, but ultimately, it will be a very hands on approach, which will require a fair amount of development time to get it right. It boils down to the question - is it worth it?


Is FileZilla Pro any better than FileZilla Server? 

Now, so far, we've only talked about the free version of FileZilla Server, and so it’s about time we talk about what you get with the paid Pro version. Well, it’s still two separated products - Client and Server - each with its own price tag. For the FileZilla client, you get the ability to connect using FTP, SFTP and FTPS, and it has support for connecting to cloud object storage such as S3 and Blob. However, this is still a manual action. You need to sign to connect and move the files yourself, no automation or scheduling I’m afraid. You may be able to write scripts to complete this, but unless you’re proficient with Bash or PowerShell, it won’t be an easy task. In terms of the Server, you would get unlimited users and bandwidth, and the same connections as the client. For both, you will receive product support for three years and updates with your purchase, but unfortunately, a lot of the limitations talked about above still exist, even in a paid model.

With that being said, while the addition of SFTP and cloud storage connections to help integrate into newer cloud-native options such as AWS or Azure is a beneficial feature, when comparing this to the number of files Pro2col transfers to different storage areas or third parties each day, it’s something no one would want to be doing manually.

So, let's address the question that's been looming: Is Pro better than Free? Well, the answer is it depends on what you need it to do. If you’re a small business with five to ten employees and only interact with a few third parties, then Free would suffice and Pro might give you a little more flexibility. However, it’s important to look at it from a point of view of how many files are transferring. Are we talking about hundreds, thousands, or perhaps hundreds of thousands of files per day? If it’s the latter, then neither solution is going to work for your business; they might even work against you. FileZilla is an ideal solution if you have a small set of requirements, However, as the needs and the demands of your business grows, FileZilla is likely to no longer be the optimal solution for you.


Is there a better alternative to FileZilla?

In the wide market of information technology, there are corners where companies narrow their scope to address a single obstacle to overcome, enter Managed File Transfer or MFT. This corner of the market addresses the issues with not just file transfer but data transfer as a conceptual whole. MFT systems are comprised of multiple data transfer and connection technologies including, FTPS, SFTP, AS2, S3 buckets, blob storage, and more. The way MFT software developers look at the issue of data transfer is that the 'transfer part' is just the beginning of the story. Where that data goes and how you process and interact with it is as much a part of the story as getting the data to and from.

Automation plays a significant role within MFT solutions, allowing you not only the power to efficiently schedule your workflows based on time, but also to activate them based on an activation trigger such as receiving a file or a user logging in. Automation in an MFT system allows you to transform your data in transit. For example, taking the content of a file and writing it to an external database, or taking the content and creating a variable that can be used in REST API connection. We talk more about examples of standout workflow automation here. When you start to use all features within a MFT solution, you can begin to think of ways to interlink elements within your business environment to improve efficiency. 

Open-source solutions, such as FileZilla, are fantastic and definitely have their place in the market to fix a data transfer problem. However, if you are looking to take full advantage of what a software solution can do for you and help you change not only the efficiency of your technical process but also improve your security position, I would highly recommend looking into Managed File Transfer solutions.


How easy is it to migrate from FileZilla to MFT?

We've explored both FileZilla Free/Pro and its enterprise alternative MFT, and you've decided to transition away from FileZilla. Now, the question arises: Is it easy to migrate from FileZilla to MFT? The answer is no. However, at Pro2col, we have expert consultants who specialise in architect migration solutions from existing products over to MFT solutions. We can help match you to your ideal MFT solution and support in creating innovative ways to migrate your data and configuration over from your old solution to your new MFT solution.


If you find yourself in a position where you are looking to take advantage of offerings that an MFT system can provide, I would advise taking a look at our top MFT Software Tools list. At Pro2col, we approach the market as vendor-agnostic, and provide solutions for the SMB market all the way up to full production solutions for enterprise businesses. We have in-house experts on all of our solutions, including popular solutions such as Globalscape EFT, GoAnywhere, MOVEit and more. Our in-house consultants can guide you through all your required needs to migrate from an existing solution such as FileZilla, to an enterprise solution such as the ones mentioned above. Get in touch today


About the Author



Sean Holdstock is the Technical Consultant at Pro2col. As a Technical Consultant Sean keeps up to date with trends and changes in the IT marketplace to give him a clear outlook on how technology evolves.

He’s not afraid to challenge his knowledge by learning new code languages and always looks for ways this could help his colleagues and customers. 

Find out more about Sean here.