Buyer's Handbook: Finding a secure managed file transfer tool: Key considerations Article 2 of 2

imageteam - Fotolia


Tools to transfer large files: How to find and buy the best

Need to transfer files within headquarters or between branches? Managed file transfer tools now offer some interesting new features.

The ability to transfer large files from one system to another was one of the first reasons why organizations connected systems to networks. After all these years, file transfers are still incredibly useful -- far faster and less expensive than physically transporting storage media from one site to another, such as conducting nightly transfers of large data sets from regional offices to headquarters.

Many types of file transfer technologies are available. One type is known as managed file transfer (MFT). In this article, we'll take a closer look at what MFT is and how it works. We'll recommend features you should look for in MFT products. Finally, we'll provide some advice for finding the right MFT product for your organization.

What MFT is

MFT products are the most advanced type of file transfer technology. Each MFT implementation provides a centralized and fully managed enterprise tool for file transfers. This enables administrators to monitor, audit and manage all file transfer activity for the organization from a single console. The MFT product itself offers a fully automated way to securely and reliably transfer large files from place to place and person to person.

MFT users can schedule file transfers in advance, initiate them on demand or even configure the MFT product to perform file transfers when one or more conditions are met. This saves time for users, who no longer have to manually start every file transfer, and it enables transfers to happen as soon as the files are ready instead of waiting for a person to be at work and have time to start transfers. MFT products can also notify recipients when file transfers are complete so that recipients' workflows can resume.

How MFT products work

Each MFT product usually has one or more repository servers as its core. The MFT repository is the mechanism for managing and performing all file transfers. When a file is transferred from system A to system B, it actually goes from system A to the MFT repository and from the repository to system B. Benefits of this include the following:

  • The MFT repository can see which files are being transferred and where they are going. This enables basic monitoring, logging and auditing required by HIPAA, PCI DSS and many other security compliance initiatives. It also enables the use of data loss prevention technologies, IP address reputation services and other ways of preventing the transfer of sensitive data to unauthorized or malicious systems.
  • The MFT repository acts as a middleman, so the source and destination systems are not directly connected to each other. This prevents a compromised system from attacking the other system by misusing their file transfer session.
  • The repository is strongly secured, with robust access control and file encryption capabilities. This should provide better protection for the files being transferred than the individual source systems would.
  • By having a repository, a system can transfer large files asynchronously instead of requiring both systems to simultaneously participate in the file transfer. For example, a user can transfer large files from a laptop to the MFT repository, which can hold those files until the recipient system is ready. Another advantage of asynchronous transfers is the MFT repository can make better use of resources, such as automatically delaying lower-priority transfers until bandwidth utilization is low.
  • When an operational problem occurs, the repository can recognize it and act accordingly, from notifying administrators or users to automatically retrying transfers periodically.

Another important capability of MFT products is to allow the user to specify what should happen with each file being transferred. For example, a user may want files to be copied (duplicated) or to be moved (deleted from the source). If the destination already has a file with the same name as the file to be transferred, a user may want the destination file overwritten or a new file created with a different name. A user may also want files to be encrypted not just during transfer, but also when the files are stored at the destination. These MFT product capabilities are invaluable to minimizing manual effort and streamlining workflows.

Features to look for

MFT products offer a wide variety of features. In addition to the ones described above, which are critical, there are other features you should look for because they can significantly affect the time and resources needed for performing and managing file transfers.

First, an MFT product should work on many platforms. There should be client software for MFT integration with regular and virtual operating systems, as well as web interfaces and mobile device applications. The MFT product should provide an easy-to-use, well-documented API. The MFT product should also make it easy for people and systems outside the organization to transfer large files, both through the API and through one or more human-friendly interfaces.

MFT products save a great deal of time and resources by automating transfers and related workflows, including enabling asynchronous transfers.

Second, an MFT product should offer several mechanisms for transporting files. MFT products do not replace existing file transfer mechanisms; rather, they provide secure wrappers around them, so an MFT product should support wrapping all the file transfer mechanisms your organization may need to use. Different mechanisms may be needed for particular services, file systems, file types, etc.; for example, you may want to conduct transfers directly from one database to another.

Robust authentication for users and systems is another important aspect of MFT products. Most organizations will want to employ their existing enterprise authentication services to avoid establishing and maintaining yet another set of user identifiers and credentials for employees and other internal users. However, authentication is also needed for systems to ensure that sources and destinations are legitimate and are authorized for the transactions. System authentication typically requires key management capabilities, and MFT products should automate those capabilities as much as possible to minimize administrator labor.

A final area of features to look for is the usability of the interfaces. MFT products should offer easy-to-use interfaces for scheduling one-time and recurring transfers, as well as defining basic workflows. MFT products should also offer complex scheduling and workflow capabilities for administrator use, but be aware that these capabilities may require writing scripts or other proprietary code, which may necessitate specialized training. So it is important to consider the usability of both the user and the administrator interfaces.

The bottom line

MFT products provide sophisticated solutions for centralized enterprise-wide management of secure, reliable file transfers. Using an MFT product allows an organization to have much better visibility and control over file transfers, reducing the likelihood of data breaches and increasing individual accountability and responsibility. MFT products also help save a great deal of time and resources by automating transfers and related workflows, including enabling asynchronous transfers.

Some MFT vendors offer multiple versions of their products, such as a basic version for smaller organizations with relatively simple needs and an advanced version for more demanding environments. Many businesses may find a basic MFT product sufficient for their initial needs. The option is always available to upgrade to a more advanced version as the value of MFT becomes more apparent. There is a managed file transfer product out there to meet the needs of most organizations.

Next Steps

Learn more about how EFSS has evolved in recent years

Building the business case for EFFS tools in a mobile age

A closer look at the vendors offering file-sharing tools

Dig Deeper on Data security and privacy

Enterprise Desktop
Cloud Computing