Can we be done with the IP allow lists?
Posted
Each industry has it’s technical oddities. In financial services, a long standing one is an unholy addiction to CSV over some form of FTP.
Yes, it’s 2020 and vendors are still asking for our IP address so we can, shudder, FTP data to them.
One recent interaction, a vendor asked for our IP so I gave them the Azure Integration Runtime IP addresses. Their response? “If we open up all of those IP addresses who knows who could access us?” I suspect it would have blown their minds if we’d given them an IPv6 address.
So, no integration with them.
If your security depends permitting certain IP addresses you probably need to rethink your security. There are many better ways: think SSH keys or oAuth tokens. If you’re worried about denial of service you need to handle that more dynamically than permit lists. Companies like AWS, Dropbox, Box and Azure all have scalable secure solutions you can build on rather than some janky FTP server running in your co-lo.
The future is in the cloud and cloud doesn’t have one IP address.