What is FTP?
File Transfer Protocol, or FTP, is a basic protocol used to transfer files between a client, (which initiates the connection), and a server on a network. FTP operates as a client-server model protocol and is considered an application layer protocol.
With FTP, the end user’s computer is the local host; the second computer is called the remote host (or server). Both computers connect via a network established to transfer files with FTP.
Users can upload files to a remote server with FTP or download files from a remote server to their device. The protocol can also be used to handle file management tasks such as renaming, moving or deleting files on the server.
FTP is not a secure file transfer protocol, as it lacks some of the more modern security controls, like encryption that protocols like FTPS, SFTP, and HTTPS, FTPS offer to help prevent cyberattacks or threats.
What is the Cloud?
The cloud is comprised of the many varied services that occur over the internet for computer use such as processing, storage, and applications. The cloud, or cloud computer acts as a host for databases, networking servers, software and more and facilitates how users gain access to and use the multitude of available resources without relying on physical, on-premises hardware. The cloud can be public, private or hybrid. With public cloud, providers manage the services that are shared across many organizations. Private cloud services are, as expected – private. These cloud services are more secure and have more controls built into them. And hybrid cloud services are a mix of public and private and deliver flexibility in how data and applications are shared.
Cloud Computing Platforms
The cloud has become an increasingly popular topic among organizations in recent years. From sharing projects via cloud collaboration tools to exchanging files between a company and its trading partners using cloud storage buckets, cloud computing platforms like Microsoft Azure and AWS offer users a lot of flexibility over their day-to-day business processes.
These platforms, however, are not free from today’s cybersecurity considerations or risks. As organizations move a portion of their file transfer processes to the cloud to meet evolving trading partner requirements, they should take a good look at their file transfer protocols and practices to ensure a modern standard of security is met with the movement of their sensitive files.
One search term (on Google, Bing, etc.) often seen for cloud file transfers today is around FTP. Organizations are wondering if they can send files to their trading partners in the cloud using FTP—or they are looking for a free FTP solution to get the job done.
Should you exchange files in the cloud using an FTP client or server?
Unless you’re sending files that aren’t sensitive in nature, the answer is no: FTP is never recommended for cloud file transfers. Not only is FTP an outdated protocol that lacks security options to protect your data, it opens organizations to cyberattacks and packet tracer tools.
Differences between FTP and Cloud
While both file transfer protocols can get files from point A to point B there are distinct differences that should be taken into consideration, depending on an organization’s security, privacy, and capacity needs.
Technology
- FTP uses a TCP-based network to transfer files between the client and a server.
- Cloud file transfers use APIs from cloud service providers and web-based interfaces.
- FTP requires users to manage and maintain their server infrastructure and maintain a dedicated FTP server and client software
- With the cloud, the infrastructure is managed by cloud service providers, with no need to maintain on-site servers
Security
- With FTP, data is transferred unencrypted, in plaintext and highly susceptible to cyberattacks. FTPS (FTP Secure), however does offer encryption.
- HTTPS is typically used to secure file transfers during transit to the cloud and solutions such as MFT provide additional encryption when data is at rest.
When it comes to authentication, usernames and passwords are again sent in plaintext and vulnerable with FTP; measures such as multi-factor authentication (MFA) provide stronger authentication with cloud-based file transfers.
Automation
- Custom scripts will be needed to automate FTP file transfers.
- With the cloud, users can take advantage of workflows and built-in features to automate and streamline file transfers.
Ease of use
- Non-technical users might find connecting clients to servers more difficult with FTP, as it requires manual set up and configuration.
- The cloud features easy-to-use drag and drop interfaces and is accessible from anywhere with an internet connection via web browsers, APIs, mobile applications, and more.
Cost
- With FTP, costs for hardware, maintenance and maybe licensing must be factored in. These costs can grow as small businesses ramp up.
- The cloud’s pay-as-you-go pricing encompasses only what is used for bandwidth and storage. There’s no initial investment in hardware or need to re-invest in additional hardware.
Scalability
- Physical limits impact FTP, as more hardware is needed when organizations grow in scale.
- With the cloud, the ability to scale up is unlimited when it comes to bandwidth and storage and can also be scaled down should business conditions change
Similarities between FTP and Cloud
While there are more differences than similarities when it comes to FTP and the cloud for file transfers, there are some commonalities between the two options, such as they both:
- Can be used to transfer files from point A to point B
- Have the capability to be secure. FTP can use the more secure version, FTPS, and the cloud uses encryption protocols, such as HTTPS.
- Offer support for a variety of operating systems and platforms
- Use authentication measures to prevent unauthorized users from accessing and transferring files. These can include keys or tokens, as well as usernames and passwords.
- Can handle batch or multiple transfers
- Can be accessed remotely with FTP servers reached over the internet and the cloud by its very design.
- Can automate file transfers with FTP using scripts and cloud file transfers managed through solutions such as MFT or other APIs.
What You Should Know About FTP and the Cloud
If you’re still on the fence about using an FTP tool to quickly meet trading partner requirements in the cloud, though, here’s what you should know about FTP cloud file transfers:
1. FTP sends sensitive credentials in the clear.
FTP does not have good authentication to send or retrieve data. User credentials are sent as plain text, and information, like files and other documents, are transferred via FTP ‘in the clear.’ This means your information isn’t encrypted, and any hacker with a packet tracer could easily lift credentials from your connections.
2. FTP doesn't contain security functions like encryption.
FTP does not encrypt the tunnels that are created to send and retrieve files. Anyone watching a network would be able to see all files, sensitive and non-sensitive, that pass between your organization and your trading partners in the cloud. This doesn’t mean just hackers. Employees, vendors, and contracts may also be able to see what you’re sending.
3. FTP lacks modern cybersecurity considerations.
FTP was created in the 1970s when the internet was just getting started. This was a time with far fewer cybersecurity concerns due to the infancy of the world wide web. However, the internet is an entirely new landscape in 2019. Organizations constantly struggle to keep up with the rapid development of modern technology while also protecting the growth of information sharing from new cyber threats, including malware, spear phishing, and exploiting back door vulnerabilities.
Because of this, FTP is simply not equipped to handle modern security needs. At a minimum, file transfers should be encrypted and employ multi-factor authentication. A secure file transfer protocol like SFTP or FTPS is infinitely better than FTP and will still meet your needs for affordable file transfers.
4. The cloud does not absolve you from focusing on security.
Cloud computing platforms like Microsoft Azure and Amazon Web Services do offer some security services out-of-the-box, but those security features should not replace the basic security practices your organization follows. This is especially important to note if you need to comply with state or federal data security standards. FTP will simply not satisfy those requirements.
Look into what your cloud computing platform offers for file security, but never depend on it (or your trading partners) to fully to protect your sensitive data. Good cybersecurity is a two-way street. Being aware of the pitfalls and doing your best to bridge them will go a long way toward creating and maintaining strong cloud file transfer practices in your organization.
Related Reading: Your Guide to a Secure Hybrid Cloud
The Bottom Line: Ditch FTP for Something Better
Not being able to rely on FTP for your cloud file transfers may be disheartening, especially if you can’t afford the budget for a dedicated file transfer solution. But there’s some good news: affordable secure FTP client/server software for cloud transfers does exist!
In fact, SFTP, FTPS, and managed file transfer (MFT) solutions are abundant in today’s marketplace. There are reasons to avoid free tools (you can read about this here), but with modern resources at hand, you have plenty of options to keep you from falling back on FTP for your cloud file transfers.
Want More Information On FTP and Secure FTP?
Use this free resource to learn how to bring your FTP implementation into a more modern, secure framework. You’ll explore why FTP puts your data at risk and learn how to make your file transfers easier for you and your end users.
