Managed File Transfer (MFT) is server software that performs secure data transfers, with added features that provide automation, validation, and reporting. MFT servers ensure that file exchanges with other systems and servers, as well as with end users, are accomplished with minimum manual effort and maximum accountability. MFT servers include advanced visibility to monitor data access, to curb unauthorized access, and to provide proper auditing. MFT servers are often employed in clustered networks, to provide high availability and failover so data will always be available, even in the event of hardware failure.
MFT product features aim to meet strict regulatory compliance standards and federal regulations such as HIPAA and PCI. MFT servers are used by hospitals, credit agencies, and other enterprises where security of data is of utmost importance. These are organizations which require not only that files are transferred securely, but also that the data is encrypted at-rest and handled by robust events management configured for large volumes of routine data tasks.
Important features to look for in a managed file transfer solution:
This is perhaps the most important aspect of MFT server software. Data encryption, particularly at rest and end-to-end in transfers, is essential for keeping sensitive information secure, whether it is simply sitting unused or in transit. This protects the data from hardware breaches; stolen data would be unreadable by thieves.
MFT can be used in tandem with a DMZ, which ensures that no files are ever stored unencrypted in the DMZ during transfer in order to meets PCI DSS (Payment Card Industry), HIPAA (Health Insurance Portability and Accountability Act), and a host of other major security regulations. A DMZ also keeps any and all traffic from ever interacting with the servers where your data is stored directly. All traffic hits the DMZ, and the MFT makes requests from the DMZ when it needs to receive information.
Other forms of regulatory compliance are also required for MFT to meet strict security standards, particularly complete auditing and reporting for all actions, with verbose logging. The logging should account for everyone who accesses any data and when, as well as a statement of whether the file transfer was a success or a failure. MFT keeps records of all actions on the servers, which can be used for troubleshooting or turned in for audits—required to prove that a company has displayed adequate accountability for its data.
Scalability, high availability, and failover
There are a variety of factors that could take your server offline, ranging from simple routine maintenance to hardware failure. If a server goes down during your workday—and if you’re an international enterprise, the work day might be 24 hours long—the disrupted data exchanges with business partners can result in significant revenue losses.
As your business needs grow, you need a server with the flexibility to grow with it. MFT software must allow you to create a cluster of multiple servers, all linked to the same data, which can then serve unlimited traffic. If one of these servers goes offline, the overflow will automatically reroute to the other clustered servers.
MFT servers should include a robust events management system, to automate a variety of tasks. This could include routine backups and log gathering, batch transfers with partners, or submitting uploaded files to file processing applications. If your server can take the load of these mundane tasks, you eliminate the overhead of requiring administrators to initiate these actions manually, allowing them more time to handle more complicated tasks.