The cloud has become an increasingly popular topic among organizations in recent years. From sharing projects via cloud collaboration tools to exchanging files between a company and its trading partners using cloud storage buckets, cloud computing platforms like Microsoft Azure and AWS offer users a lot of flexibility over their day-to-day business processes.
These platforms, however, are not free from today’s cybersecurity considerations or risks. As organizations move a portion of their file transfer processes to the cloud to meet evolving trading partner requirements, they should take a good look at their file transfer protocols and practices to ensure a modern standard of security is met with the movement of their sensitive files.
One search term (on Google, Bing, etc.) often seen for cloud file transfers today is around FTP. Organizations are wondering if they can send files to their trading partners in the cloud using FTP—or they are looking for a free FTP solution to get the job done.
Should you exchange files in the cloud using an FTP client or server? Unless you’re sending files that aren’t sensitive in nature, the answer is no: FTP is never recommended for cloud file transfers. Not only is FTP an outdated protocol that lacks security options to protect your data, it opens organizations to cyberattacks and packet tracer tools.
If you’re still on the fence about using an FTP tool to quickly meet trading partner requirements in the cloud, though, here’s what you should know about FTP cloud file transfers:
1. FTP sends sensitive credentials in the clear.
FTP does not have good authentication to send or retrieve data. User credentials are sent as plain text, and information, like files and other documents, are transferred via FTP ‘in the clear.’ This means your information isn’t encrypted, and any hacker with a packet tracer could easily lift credentials from your connections.
2. FTP doesn't contain security functions like encryption.
FTP does not encrypt the tunnels that are created to send and retrieve files. Anyone watching a network would be able to see all files, sensitive and non-sensitive, that pass between your organization and your trading partners in the cloud. This doesn’t mean just hackers. Employees, vendors, and contracts may also be able to see what you’re sending.
3. FTP lacks modern cybersecurity considerations.
FTP was created in the 1970s when the internet was just getting started. This was a time with far fewer cybersecurity concerns due to the infancy of the world wide web. However, the internet is an entirely new landscape in 2019. Organizations constantly struggle to keep up with the rapid development of modern technology while also protecting the growth of information sharing from new cyber threats, including malware, spear phishing, and exploiting back door vulnerabilities.
Because of this, FTP is simply not equipped to handle modern security needs. At a minimum, file transfers should be encrypted and employ multi-factor authentication. A secure file transfer protocol like SFTP or FTPS is infinitely better than FTP and will still meet your needs for affordable file transfers.
4. The cloud does not absolve you from focusing on security.
Cloud computing platforms like Microsoft Azure and Amazon Web Services do offer some security services out-of-the-box, but those security features should not replace the basic security practices your organization follows. This is especially important to note if you need to comply with state or federal data security standards. FTP will simply not satisfy those requirements.
Look into what your cloud computing platform offers for file security, but never depend on it (or your trading partners) to fully to protect your sensitive data. Good cybersecurity is a two-way street. Being aware of the pitfalls and doing your best to bridge them will go a long way toward creating and maintaining strong cloud file transfer practices in your organization.
Related Reading: Your Guide to a Secure Hybrid Cloud
The Bottom Line: Ditch FTP for Something Better
Not being able to rely on FTP for your cloud file transfers may be disheartening, especially if you can’t afford the budget for a dedicated file transfer solution. But there’s some good news: affordable secure FTP client/server software for cloud transfers does exist!
In fact, SFTP, FTPS, and managed file transfer (MFT) solutions are abundant in today’s marketplace. There are reasons to avoid free tools (you can read about this here), but with modern resources at hand, you have plenty of options to keep you from falling back on FTP for your cloud file transfers.
Want more information on FTP and secure FTP?
Use this free resource to learn how to bring your FTP implementation into a more modern, secure framework. You’ll explore why FTP puts your data at risk and learn how to make your file transfers easier for you and your end users.