5 reasons to avoid FTP and use AWS S3 instead
FTP has serious security weaknesses that can leave your business vulnerable to attack, we recommend AWS S3 as a convenient and highly secure alternative
Like many businesses, one of our clients was using FTP servers to move data and files around their organisation. But while FTP is a convenient way to transfer large amounts of data, it has serious security weaknesses that you ignore at your peril.
We advised the client to replace its on-premises FTP servers with AWS S3. This greatly improved security and gave them peace of mind that vital customer data was safe. An added bonus was that it also removed the need to maintain their own FTP server, saving both time and money.
If you work in an office or with computers in general, the chances are that at some point you’ll need to transfer a large amount of data or documents to someone else, either inside or outside your organisation, and email just won’t cut it.
FTP (File Transfer Protocol) servers have traditionally been used to get round the problem of transferring large numbers of files between different people, or transferring large files that are too big for email.
An FTP server is basically a location to which people can upload and download files in large quantities and avoid roadblocks like file size limits and overzealous antivirus screening. It’s easy to set up, simple to use and does the job.
So what’s the problem with FTP?
While it is certainly convenient and easy to use, FTP comes with some serious limitations and even more serious risks that make it unsuitable for any security-conscious business, especially if you are hosting your own FTP servers.
Here are our top five concerns about using FTP:
- Self-hosted FTP servers put all the hard work and security risk on the person or IT department hosting the server. It can be a time consuming job to keep the server operational and running efficiently.
- Standard FTP is a non-secure way to transfer data. When a file is sent via FTP, the data, username, and password are all shared in plain text, meaning a hacker can access this information with little to no effort. For your data to be secure, you need to use an enhanced version of FTP, like FTPS or SFTP.
- Encryption is not automatic. So unless you specifically encrypt your data, it can be stolen in transit, through an insecure connection at a cafe or other public WiFi hotspot, for example. And if security is compromised, all the files stored on an FTP server can be read.
- FTP can be vulnerable to attack by DDOS or brute force hacking attempts.
- FTP is not compatible with common compliance standards, such as HIPAA, ITAR, PCI-DSS, SOX, or GLBA.
Eliminate the risks with AWS S3
Instead of leaving your business’s data wide open to the security flaws of FTP, we usually advise our clients to use the AWS S3 service. S3 has some big advantages over FTP, not only in terms of security, but also performance, cost and capacity:
- Unlimited storage — The total volume of data and number of objects you can store are unlimited, whereas traditional FTP servers are limited to the amount of space available on their hosting server.
- Low latency — Wherever you are in the world, you can leverage the AWS network in your region to reduce server round-trip time (latency) between you and S3. This shorter journey time, known as low latency, means files can be uploaded and downloaded quickly from any location.
- High throughput performance — Throughput, or bandwidth, is the rate at which data can be transferred over a network. On the AWS network, the throughput is high relative to most corporate networks, meaning faster network transfer speeds.
- Public security — Public signed URLs allow files to be made available to anyone via a special encoded link. These links can be made to expire after a certain length of time, effectively re-securing them automatically. This reduces administrative overhead as you don’t need to maintain a list of files or folders to be made available and deactivated at a later date.
- Private security — S3 supports SSL for data in transit and AES encryption for data at rest. Encryption in transit means that anyone intercepting your network traffic will be unable to make sense of any information they capture. Encryption at rest means that even if the servers that store your data are compromised, the information stored on them will not be readable without the data’s encryption key.
- Availability — FTP servers are vulnerable to corporate network glitches and other outages which can take them offline. On AWS, files are automatically stored across multiple devices spanning a minimum of three availability zones (data centres) in different locations across an AWS region. If one data centre became inaccessible, S3 would automatically get the data from another data centre.
- Durability — Due to the way data is replicated, AWS is able to offer what it calls “eleven nines of durability”. That is, 99.999999999% for objects stored on S3. This is because the data is automatically replicated across multiple availability zones (data centres) within a region, so even if one data centre had all its data wiped, corrupted, stolen or otherwise compromised, there would be copies stored elsewhere.
- Less hardware to manage — Because you are not running your own FTP servers, there is less hardware to worry about.
- Cost savings — S3’s lifecycle management enables you to automatically migrate objects to other, cheaper S3 storage classes, such as Infrequent Access and Glacier. In effect, this is an auto-archiving process that reduces costs, as the lower storage classes are cheaper per object (file) than the standard class.
- Access logging can be enabled — You can strengthen security even further by seeing what requests are being made and what data is being added and removed.
So if your business is serious about ensuring data storage and transfer is as easy, reliable, cost effective and secure as possible, take a look at AWS S3.
Find out how AWS S3 could benefit your business