MFT or FTP Server: Which is right for your business?
In this blog post our independent file transfer experts review MFT and FTP server functionality. We define FTP, MFT, the benefits, drawbacks and differences. It will help your organisation decide when to move from an MFT to FTP Server and how to approach that when the time comes.
SFTP / FTP server
SFTP and FTP servers perform 2 basic tasks: “Put” and “Get.” You can put files on the FTP Server or get files from the FTP Server. If security is not a concern, FTP Server software is an easy and inexpensive way to accomplish this.
Typical use cases include backing up your Cisco Unified Call Manager (CUCM) or other applications, receiving non-sensitive data from business partners or enabling remote employees to upload non-confidential reports.
However, file transfer requirements have changed considerably since FTP was released back in 1971. End users are more aware of the risks of identity fraud, business partners require at least the base security levels outlined in ISO 27001, file sizes and volumes have grown exponentially and business workflows are ever more complex. Add in the legal requirements of GDPR and UK Data Protection Act, the fines that can be levied by the ICO and the economic impact of a data breach and an unsecured “put/get” system fast becomes a liability.
Managed File Transfer (MFT)
MFT solutions have advanced security controls, deliver workflow automation and support compliance with extensive visibility and reporting. So if your organisation is handling personal or sensitive data, looking to reduce manual processing or have business critical SLAs relying on your file transfers, MFT is a better choice than a simple FTP server. MFT allows you to better govern and control your data and provides visibility and auditing capabilities into all of your organisations data interactions, including files, events, people, policies and processes.
The top drivers for choosing MFT over FTP are as follows:
Security and compliance
- Compliance with GDPR and/or PCI DSS
- End-to-end encryption for the movement of files
- Tracking the movement and status of all files
- Increased security
- File delivery confirmation
- File expiration
- Controlled options for secure file sharing with external partners or remote workers.
Complex workflow automation
Files are transferred between applications, systems and end-users. The receipt of a file may trigger an entire workflow with complex what if routing and varied notifications. Automated “Push” and “Pull” technology, as well as the ability to automatically sort data and send to pre and post processing applications, is a key driver in the need for MFT.
- Event-driven commands and notifications/alerts (e.g., “on file upload, do…”)
- API or command-line tools
- Integration with key systems such as Active Directory, Outlook, Sharepoint, Salesforce, anti virus and Data Loss Prevention solutions
- Flexibility to handle differing customer requirements such as protocol, password protection and PGP.
- Full reporting and notification on failures enabling prompt action to meet customer SLAs.
MFT is often described as the glue between different systems and elements of the business, linking processes and people, enabling information flows but confirming security standards are met. Most can be administered via a web based GUI, removing the need for scripting expertise.
Growth in File Size and Volume
Thanks to new software applications, increased storage capacity and a fundamental shift to online working, both the volume and size of files has grown exponentially. And the growth rate is just getting faster. It took 51 years for hard discs to reach 1TB and only a further 2 to reach 2TB. Our customers now regularly need to transfer files of over 5GB and frequently much more. With its lack of compression and checkpoint restart, FTP is not designed to manage these large file sizes. Lots of our customers are also struggling with the degree of manual intervention required by IT to set up new transfers via their FTP server and the lack of self service options.
- EFSS options for end-users to transfer files under policy controlled conditions
- Modules for file acceleration or UDP based protocols now available for many MFT solutions
- Self service options for end-users
- Web clients to simplify the movement of files over 2Gb via HTTP(S)
- Auditing to ensure compliance and a full view of who is sharing what.
- Automation of workflows to reduce the need for manual interventions.
MFT vs FTP: Is it time to move to MFT from an FTP Server?
So do you need Managed File Transfer? If you handle sensitive data, need to support compliance such as PCI-DSS, the GDPR, ISO etc, work with partners who demand security, have more transfers than you have man-hours to handle, are juggling varied demands from different parts of the business or simply have to move increasingly large files, I would suggest MFT would be of benefit.
When comparing MFT vs FTP, managed file transfer lets you manage, view, secure and control all file transfer activity through a single system. You will always know where your files are with predictable, secure delivery and extensive reporting and monitoring.MFT reduces the need for hands-on IT involvement and allows for user self-service as needed. It provides the perfect solution for secure file transfer to meet security and compliance needs in any industry and company size, while reducing administration time and costs. You can install MFT in your datacentre or there are options for a public or private cloud MFT (or MFTPaaS) installation.
Tips for moving from an FTP server to MFT
it won’t be as daunting of a task as you think. Here’s a few steps to help you get started:
- Identify the various tools that are being used to transfer information in, out, and around your organisation.
This would include not only all the one-off FTP instances, but also email attachments, file sharing websites, smartphones, EDI, etc. Chances are, you’ll be surprised to learn some of the methods employees are using to share and move files and data.
- Map out existing processes for file and data interactions.
Include person-to-person, person-to-server, business-to-business and system-to-system scenarios. Make sure you really understand the business processes that consume and rely on data.
- Take inventory of the places where files live.
Servers, employee computers, network directories, SharePoint, ordering systems, CRM software, etc. After all, it’s harder to protect information that you don’t even know exists.
- Think about how much your company depends on the secure and reliable transfer of files and data.
What would the effects be of a data breach? How much does revenue or profitability depend on the underlying business process and the data that feeds them?
- Determine who has access to sensitive company information.
Then think about who really needs access (and who doesn’t) to the various types of information. If you’re not already controlling access to company information, it should be part of your near-term plan. Not everybody in your company should have access to everything.
As not all MFT solutions offer the same functionality, it’s important to determine the goals for your implementation and understand how the MFT functionality will be used before you start your product research. To help scope your project, use our information gathering resource. It contains 40 questions, used by our independent MFT experts, to assess your requirements. And if you need any further help, please get in touch.