If you’re responsible for file transfer strategy, security, or operations, episode 4 of The Transfer Files provides valuable insight into how mature your Managed File Transfer environment really is.
In this episode, hosts James and Steph are joined by special guest Dave Hendley, Head of Technical at Pro2col, for an in-depth discussion on the Enterprise Maturity Model for MFT - a practical hands-on framework designed organisations can actually use to assess where they stand today, compare themselves against industry benchmarks, and identify clear, actionable steps for improvement. Together, they break down how maturity isn’t just about the technology you have in place, but also about how well it’s supported, managed, and scaled. By mapping solution capability against support capability, the conversation helps you pinpoint strengths, uncover gaps, and better understand the risks and opportunities within your current setup.
Whether you’re just starting to formalise your MFT approach or looking to optimise an already established environment, this episode offers practical insights to help you move forward with greater confidence, building a file transfer infrastructure that’s not only secure and efficient, but also ready to grow with your organisation.
Watch the full episode below and in case you missed episode three, catch up now to hear as we dig into two of the most talked-about topics shaping cybersecurity today: Shadow IT and the rise of the Zero Trust security mindset.
Download the MFT Maturity Model
For those looking to apply these insights in a practical way, the MFT Maturity Model discussed in the episode is available to download. It offers a simple but effective framework for assessing your current environment and identifying the steps needed to enhance it.
Episode Transcript
Hello and welcome to the fourth episode of the Transfer Files, the podcast where we talk all things file transfer, security, supply chain, automation and more. My name is Steph Johnson and in today's episode I'm joined by James Lewis and Dave Hendley as we talk about the enterprise maturity model for managed file transfer. If you are an organisation looking to assess and improve your setup, this episode is for you. Enjoy. James, welcome back to the podcast.
Good morning.
And Dave, welcome to your first podcast.
I'm excited to be here.
Good. How are you both?
Very good. Very good. Had a very large breakfast. Feeling a little bit lethargic, I'm not going to lie.
I'm a caffeine junkie as well. I'm ready to go. Excited.
Very good. Do you want to introduce yourself?
Yes, I'm Dave, Head of Technical here at Pro2col. And yes, I basically manage the services and support side of the business. From a really young age, got into computers. Really, I can't remember not having a computer, Starting with an old Amiga that I was gaming on for a very long time, Lotus Challenge and RoboCod. Don't know if you remember those.
No. I'm a bit old than you.
I'm a bit younger than you.
But moving on, it was a, yeah, I was really lucky to be in a family that just loved technology. So from a young age there, they made the mistake of giving me my own loft room and a computer of my own. So they affectionately knew me as loft boy as I only came downstairs away from my computer to eat. But yes, since that point sort of grew, my knowledge of computers, decided after school to just go straight into it really and develop my, really my knowledge in support. I work for an outsourced department, but by the end of that era, I was doing large scales, cloud migrations, infrastructure installations, that sort of thing. But moved on to Pro2col, now managing a team and yeah, really enjoying my time here at developing our services.
And you're no longer known as Loftboy, you were known as Disco Dave.
Now it's Disco, not Loftboy. I've changed. I've gone from that introverted Loftboy to king of the dance floor at the Pro2col events.
Wonderful. On that note. Shall we get into today's episode? And there is a copy, we have got a copy here with us today, and we will make sure that for those listening, we pop a link in the description so that they can download a copy. But we are, of course, talking about the enterprise maturity model for file transfer. And it is something that we now use every day at Pro2col with a lot of our customers. And I'm going to let James, you introduce what this is. It's fairly new. Take it away.
So the maturity model. I guess if we probably go back a good number of years when I used to sit in a sales capacity when the business was quite a lot smaller, it dawned upon me that trying to explain to customers all the time the journey that they needed to go on to improve the maturity of their solution could probably be documented. And I guess as the organisation became a bit bigger, the opportunity to get that documented became a reality. So effectively what the maturity model is, it's a way for an organisation to be able to plot where their file transfer capabilities are on a matrix. And the matrix is governed by two axes. One is the technical capability, the support capability, and the other one is the level of competence of the solution that they have as well, what it will deliver for them and how enterprise ready, I guess, is the maturity model. So it's in its purest form, it's a document that anybody can look at, consume, and it will help them to plot where they are currently on a matrix, and then it gives them the opportunity to work out how they take the next steps forward from a services perspective and from a software perspective.
Interesting. And it's not, as you said, it's not just about looking at the solution capability. It comes down to the support as well and who you've got supporting said solution.
Correct, yes.
Interesting. Are we able to, and today we will be able to break down those stages a little bit more. So an understanding from you guys, what are those stages of solution capability and what are those stages of support and how do people come to plot themselves and how does that work?
Sure. I don't want to dive into them in too great a detail, but functionally, I mean, you're starting out with a homegrown solution. A lot of customers that we speak to, in fact, have sometimes a variety of solutions. So, but starting out with the basics of the matrix, you're starting off with a homegrown solution, something that you've, Bob, was written, put together, cobbled together with scripts and an open source, this and that and the other, and then Bob leaves. And then there's little to no capability documentation around said solution that Bob has been responsible for. I always use Bob as an example, all the people that are on board. And you then go through the phases of, you know, you put in place an initial solution, And then we go in the matrix, we look at and describe what that initial solution might be like. And then we talk about standardising around a particular type of platform. And then we're looking at sort of greater maturity. So what does an enterprise level solution look like? What does it look like from the availability perspective? Are we looking at something that's highly available as an organisation looked at non-production capabilities so that they're not working with the solution, the production system, shall we say, whilst it's live and in production. We're looking at how might be using development and test licenses and user acceptance testing licenses as well to ensure that you don't take down the live system. So it steps you through a five-step process where it'd be relatively clear to work out exactly where you are on that, the product and solution axis.
And then does the support take similar suit as in follows a five-step?
Absolutely. Yeah, absolutely. So you start off with your unsupported solutions. And as James was saying, that comes a lot in the smaller companies that maybe have the Bob scripts that we have there. There's no one to call on if there's a problem with those scripts. It sort of progresses through to maybe having support contracts with an off-the-shelf product with a vendor, for example, all the way up to full what we would love, the nirvana of support, should we say, where you've got your external support with the vendor. You maybe have a consultancy company that's helping you progress through your future strategy with the software, your development and implementation of the software, and even the training in-house, getting your team that is hopefully of a good size at this stage, fully trained up to the high standard on not only the software, but the technologies behind the software, the protocols that are being used in the software.
And why should businesses care where they sit on the maturity model?
Well, that's a rather large question, isn't it?
Just a bit.
I get, yeah, there's lots of different angles to that question. There's, you know, what are they, and we, in a previous episode, we talked about supply chain risk and supply chain security. You know, are you cognizant of and conscious of ensuring that your infrastructure is secure for your supply chain, the reputational damage and risk that might come about from a breach.
Yeah, a huge amount of risk, as it were, on that side. How much are you willing to accept as a company? And that goes through both axes of the model there internally. I mean, we've seen breaches over the last couple of years, specifically to MFT, but it wasn't really necessarily about the technology on those breaches. And how it could have been, or how appropriate installation could have mitigated those risks for sure. But how then the vendors responded to those breaches, how much capacity did they have to support the teams that were using their software, the businesses that were using their software. So it's a huge amount of emphasis on the support side of things when you're looking at things like security risk appetite. And also how capable were the teams of being able to view audit logs or install the software appropriately, develop the software appropriately to onboard partners effectively and make sure that the supply chain is appropriately secured. Yeah, huge amount around the services side.
Definitely. And I guess essentially this framework becomes a tool that could be used across departments within an organisation for someone to have that conversation, say, hey, we need this actually, we need this widespread throughout our entire company.
It's really interesting. We worked with a company recently on their maturity, and from our point of view, they were like a four on support, right? They had a team in-house that had a really good understanding of their use of the software, and they were trained appropriately. They had CFTP training in-house, plus training on the product from our consultants, so we thought they were really high up on the support scale. When they then looked internally, they saw actually the C-suite and the leadership of that company weren't really aware that there's two people that knew enough about this product to actually onboard partners effectively and to be dynamic enough within the business to allow it to scale out to other departments in the business. So really it's a huge amount of, a huge benefit on the visibility to other departments of exactly where they sit when they're looking at supporting their products, their MFT products.
I guess different departments are going to have different requirements within the business as well. You might argue that marketing's requirements for a mature MFT solution are probably less so than maybe an HR or finance function. So they'll have different views on the same piece of technology. But yeah, everybody's going to have a, or should have an opinion.
Yeah. I'm pulling on your piece around how you had a customer that actually positioned themselves lower because it only came to two people. I guess in terms of where do you see from both of your experiences, where do organisations fall short? Is it the people? Is there other things that that you see organisations fall short, especially when it comes to solution capability as well.
I think often MFT is a solution, and we've covered this before. It doesn't necessarily sit very clearly with a particular function within IT. And as a consequence, it doesn't necessarily get as much attention as it necessarily should do. So in terms of falling short, it doesn't doesn't see as much progression if it's inside a smaller organisation. And by that I mean ensuring that the product is kept up to date in terms of software patches and make sure the encryption algorithms, all these things are as they should be, modern. Yeah, any thoughts?
The people. Yeah
Absolutely. The people training. It just gets missed nowadays in these larger organisations, right? You have a a learning manager, somebody that's in charge of developing people's skills within the business. And this is a skill that's not necessarily going to be at the forefront of people's minds, right? How do we manage this MFT solution? What's available out there for skills? They'll go to Microsoft for the Microsoft certifications. They won't go to look for a specific file transfer or data transfer training. So certainly people and visibility, as you were saying. I think it is changing now. I think over the last few years, we've seen a lot more involvement from our customers, where we're seeing senior leadership really coming concerned or involved or much more present in decision-making around MFT. And I think we know that IT departments in companies And stay quiet a lot of the time. They tend to not share when they think that they could do a new piece of training or that they feel the systems aren't necessarily up to scratch. And this sort of gives them an opportunity to share their voice on it.
Becomes a talking point.
It becomes a talking point, absolutely. The person in the network and firewalls team are just being told to open certain ports on the firewalls to allow this data transfer in. There might be security concerns around doing that from their side, but they don't understand the MFT solution to understand if that is a requirement, how it's protected at an application level. So it really does allow for people to communicate more utilising the MFT maturity model rather than stay disparate and potentially have a deployment that is risky for an environment.
Yeah. And have you found when you've been speaking to customers where this framework is obviously fairly new now. Not everyone knows about it, so this is a great opportunity for people to download it if they haven't. But have you found that it started sparking conversations that may not have happened before, and it may have, what's the word, where you sort of triggers the mind or something, about, is a switch from their current solution a necessity, or is it creating conversations that may not have been thought about before?
I think vendor-wise, absolutely. How capable are vendors to support us? How capable or how much involvement do we have as a company? I think we've seen a larger uptake recently in managed services and professional services from Pro2col as people were looking at their current solution and saying, We need to secure this better. We need the latest up-to-date versions, and we need someone competent to install it or deliver that service. So absolutely, I think it's sparking conversations across departments of businesses and our customers.
Exciting.
Both customer side and internally as well. So I mean, it gives us the opportunity to be able to gauge how competent a vendor is and where they can get to on the matrix as well. So there are organisations, there are software vendors out there that we wouldn't and I must explain to those that are listening, when Dave mentioned a four, it's a four out of five earlier. So 4 is a good score. But there are software vendors currently that I probably shouldn't mention, that would probably not get further than a two out of two or two out of five on both matrices. So it gives us the opportunity to work out and probably have that conversation with the customer, look, you have X in place, It's never going to get you further than a 2 if your functional requirements change or your security position changes or your supply chain risk appetite changes, then you're probably going to need to make a change. I mean, you don't do that on a whim because swapping these things out is quite a piece of work, frankly.
I imagine so.
Not a job for the faint-hearted. It's quite an extended piece of work because you are then trying to migrate all of your existing customers onto a new piece of technology or your supply chain onto a new piece of technology. So it's a piece of work. So if the need is there to do it, then obviously you can do it. But yeah, it's really a conversation between, we'll certainly from our perspective, from Pro2col and the sales and technical consultants with the customers, also cognizant of the fact that these different solutions exist in the marketplace and this is sort of where they'll sit. within the matrix and this is how far you can push them.
Nice. And I guess for those listening or watching this episode, what are each of your sort of key points that someone watching should start considering and what should they start thinking about? If they've never seen this before, what should they start thinking about?
You don't need to be top right, best in support, best in functionality at all. We'll go back to Bob, Bob's printing company down the road, who service a couple of customers a week, their business cards. Doesn't necessarily need to have the absolutely perfect solution with high availability, redundancy. You know, what business impact is that going to give them? So you're not going for perfection, you're going for a suitable level on that matrix that that takes into account your future strategy for your business, your business growth, and your team size and things like that, your resources available.
And the obvious answer is to log on and download it. And work through it. And you don't need to be speaking to us to work through it either.
It's something they can do.
It's like a dummies guide. I wrote it in largely. So read into that what you will. No, it is there to walk you through the process. And if you want to bounce those ideas off somebody that does this day in and day out, you speak to our team to help you to ascertain where you realistically are on the matrix and to have a frank, open discussion about where you want to get to. So, yeah, my takeaway is It's download it, use it, use it.
Yeah, use it and download it. Absolutely, absolutely.
Well, thank you very much both. James, as always, and Dave, thank you for joining us for episode 4. Would you come back and do another one? Have we scared you away?
Maybe. Of course I would.
Yeah, it's very good.
You've done great.
Well, thank you very much.
Thank you. And as always, a very big thank you to our listeners. If you are curious about your maturity stage, then as James plucked, download it and start using it. But we hope you've had fun. please feel free to reach out to us or leave our contact details in the below, and we'll see you in the next episode.
Compare MFT Solutions
Further Reading: