Do you need Managed File Transfer or just FTP?
Secure File Transfer
FTP and SFTP servers perform 2 basic tasks: “Put” and “Get.” You can put files on the FTP Server or get files from the FTP Server. If security is not a concern, FTP Server software is an easy and inexpensive way to accomplish this.
Typical use cases include backing up your Cisco Unified Call Manager (CUCM) or other applications, receiving non-sensitive data from business partners or enabling remote employees to upload non-confidential reports.
However, file transfer requirements have changed considerably since FTP was released back in 1971. End users are more aware of the risks of identity fraud, business partners require at least the base security levels outlined in ISO 27001, file sizes and volumes have grown exponentially and business workflows are ever more complex. Add in the legal requirements of GDPR and UK Data Protection Act, the fines that can be levied by the ICO and the economic impact of a data breach and an unsecured “put/get” system fast becomes a liability.
Managed File Transfer (MFT)
Research conducted by Vanson Bourne, on behalf of IBM last year, identified the top three concerns that drove the implementation of Managed File Transfer as being security, complexity and growth.
The top three drivers for choosing MFT over FTP
- Support for secure protocols and refusal of unsecure connections
- Encryption for stored data and the assurance that unencrypted versions of the file are never written to the server
- Perimeter security, such as a reverse proxy that operates as a pass through and does not temporarily store data
- Support for the current versions of privacy standards, such as PCI v3.1 and HIPAA
- The ability to support security policies, such as complex/expiring passwords
- Hacking detection with automated shut down of offending users or domains
MFT solutions can enable PCI compliance for the management of credit card data, secure workflows for the sharing of confidential data from patient records to patents and present a secure interface to your customers and partners for system to system or person to person transfers.
Files are transferred between applications, systems and end-users. The receipt of a file may trigger an entire workflow with complex what if routing and varied notifications. Automated “Push” and “Pull” technology, as well as the ability to automatically sort data and send to pre and post processing applications, is a key driver in the need for MFT.
- Event-driven commands and notifications/alerts (e.g., “on file upload, do…”)
- API or command-line tools
- Integration with key systems such as Active Directory, Outlook, Sharepoint, Salesforce, anti virus and Data Loss Prevention solutions
- Flexibility to handle differing customer requirements such as protocol, password protection and PGP.
- Full reporting and notification on failures enabling prompt action to meet customer SLAs.
MFT is often described as the glue between different systems and elements of the business, linking processes and people, enabling information flows but confirming security standards are met. Most can be administered via a web based GUI, removing the need for scripting expertise.
Growth in File Size and Volume
Thanks to new software applications, increased storage capacity and a fundamental shift to online working, both the volume and size of files has grown exponentially. And the growth rate is just getting faster. It took 51 years for hard discs to reach 1TB and only a further 2 to reach 2TB. Our customers now regularly need to transfer files of over 5GB and frequently much more. With its lack of compression and checkpoint restart, FTP is not designed to manage these large file sizes. Lots of our customers are also struggling with the degree of manual intervention required by IT to set up new transfers via their FTP server and the lack of self service options.
- EFSS options for end-users to transfer files under policy controlled conditions
- Modules for file acceleration or UDP based protocols now available for many MFT solutions
- Self service options for end-users
- Web clients to simplify the movement of files over 2Gb via HTTP(S)
- Auditing to ensure compliance and a full view of who is sharing what.
- Automation of workflows to reduce the need for manual interventions.
MFT v FTP
So do you need Managed File Transfer? If you handle sensitive data, need to be PCI compliant, work with partners who demand security, have more transfers than you have man hours to handle, are juggling varied demands from different parts of the business or simply have to move increasingly large files, I would suggest MFT would be of benefit. As not all MFT solutions offer the same functionality, it’s important to determine the goals for your implementation and understand how the MFT functionality will be used before you start your product research.