February 10, 2012

    Know Your FTP Service Provider -- Beware the Public Cloud!

    With the advent of the cloud, anyone with a little experience in applications like FTP can open up shop as an FTP hosting provider. This puts a heavy burden on you to know your FTP provider as intimately as, if not more intimately than you would know your own IT security staff if you were hosting your own FTP server in-house.

    What Does "The Cloud" Mean?

    To some, "I am using the cloud" may just mean "I am outsourcing this application." But, the word "cloud" is not a synonym for "outsourcing". A cloud is a platform for building servers virtually instead of physically. This platform allows someone to instantly provision a virtual CPU, virtual memory and virtual storage as a virtual server. They can then install an operating system (e.g. Linux or Windows) just as if they were building and configuring a physical server. Applications like an FTP server and web server go on top of that.

    There are three types of clouds -- public, private and hybrid clouds.

    1. Public cloud: In Public cloud the computing infrastructure is hosted by a vendor (such as Amazon) at the vendor’s premises. An FTP service provider using a public cloud has no visibility or control over where the computing infrastructure is hosted. This public computing infrastructure is shared between many organizations and individuals.
    2. Private cloud: The computing infrastructure is dedicated to a particular FTP service provider and is not shared with other organizations. Private clouds are significantly more expensive and more secure when compared to public clouds.
    3. Hybrid cloud: This is the combined use of on-premise private clouds with off-premise public or private clouds.

    Organizations should host critical applications on private clouds and applications with relatively less security concerns on the public cloud.


    So, you've decided that the hassles of building, managing and securing an in-house FTP server are not for you and you have decided to outsource to an FTP hosting specialist. The biggest mistake you can make in choosing an FTP hosting company for your secure file transfer is to choose a provider that uses a public cloud.

    Why? Because, if they utilize a public cloud, they do not own, nor do they manage any infrastructure. As it says above, the FTP host has no visibility or control over where the computing infrastructure is hosted. This type of FTP host has even signed off on terms of service from their cloud platform provider (e.g. Amazon) that absolves the cloud platform provider of any and all responsibility in the event of any downtime, security breach or other failure.

    A public cloud based FTP provider may make their public-cloud partnership into a selling point because of "infinite scalability" or the fact that the data is replicated automatically to storage systems all over the world for "99.999999999% file durability". But, you should know better than to fall for these marketing ploys.

    This is your data! You should know at all times where your data is and you should also be guaranteed that it is secure.

    See this CRN article: Researchers Uncover 'Massive Security Flaws' In Amazon Cloud


    Your FTP site is a mission-critical business application. Not only should it use secure Internet protocols (SSL), but you should also make sure your data is safe and isolated. You should know where your data is physically kept and should be assured that no copies are kept elsewhere in the name of "redundancy".

    Choose an FTP service provider that owns and manages their own private cloud. They have all the benefits of instantly provisioning new FTP servers and push-button scalability, but none of the potential down sides in using public infrastructures.


    Martin Horan

    Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

    Other posts you might be interested in

    View All Posts