There are a remarkable number of file server products on the market, offering a wide range of configuration options. FTP Servers have earned a reputation for being outdated and unsecure. This isn’t entirely undeserved. But it’s still a highly used technology, as is the more modern and secure SFTP protocol
So what do you really need? What’s the difference between Managed File Transfer and FTP/SFTP Servers?
Secure File Transfer
FTP servers, and the more secure SFTP Server software, perform 2 basic tasks: “Put” and “Get.” You can put files on the FTP Server or get files from the FTP Server. If security is not a concern, FTP Server software is an easy and inexpensive way to accomplish this.
If you have remote employees who need to upload non-confidential reports, or if you want to allow your customers to download white papers and documentation, an FTP Server works well for this purpose. If you are exchanging non-sensitive data with business partners, and the partner requires FTP or SFTP, you can quickly set up a server that will accept their data transfer. Backup applications will often write to an FTP or SFTP Server; for example, if you’re backing up your Cisco Unified Call Manager (CUCM), the data must be backed up to an SFTP Server.
Where these technologies begin to fall short is in the area of compliance, automation, high availability, and improved visibility into data processes and flows. For example, if you handle credit card data, you will need to be PCI compliant and will want reporting tools to assure ongoing compliance. Medical records require HIPAA compliance. And overall security policies and practices are becoming a great focus in all businesses. This is all beyond the scope of basic “put/get” functionality.
Managed File Transfer
There’s a considerable cost jump from simple secure file transfer to Managed File Transfer (MFT) solutions. And often, there’s greater implementation complexity. MFT solutions represent more than secure file transfer with a few added features. Business needs will dictate when the advanced functionality of an MFT solution is required. These business needs include security, automation, High Availability (HA), compliance, and auditing.
When security and compliance are high priorities, MFT solutions do more than simply secure files while they’re being transferred. Standard security features in MFT solutions include:
- Support for secure protocols and refusal of unsecure connections
- Encryption for stored data and the assurance that unencrypted versions of the file are never written to the server
- Perimeter security, such as a reverse proxy that operates as a pass through and does not temporarily store data
- Support for the current versions of privacy standards, such as PCI v3.1 and HIPAA
- The ability to support security policies, such as complex/expiring passwords
- Hacking detection with automated shut down of offending users or domains
File transfers are often initiated by other systems and servers, rather than end users. Automated “Push” and “Pull” technology, as well as the ability to automatically sort data and send to pre and post processing applications, is a key driver in the need for MFT.
- Event-driven commands and notifications/alerts (e.g., “on file upload, do…”)
- Limited API or command-line tools for programmatic/scripted user provisioning
- Integration with a third-party authentication database (i.e., Active Directory) for automated user provisioning
In business operations that simply can’t afford downtime due to hardware failure or server upgrades, a High Availability (HA) environment is required to assure business continuity. Such features include:
- Virtual file systems with user/group-based access controls
- Multi-tenancy through logical division of hosts
- HA deployment with single-site or multi-site clusters
Assuring that the latest version of compliance standards is implemented in an MFT Server can protect a business from unintentional compliance violations. MFT solutions typically offer:
- PCI compliance for handling credit card data
- HIPAA compliance for addressing medical records
- SARBOX compliance for records retention and auditing
Understanding how data is used, and by whom, is an important part of keeping businesses secure and compliant.
- Complete auditing
- APIs to onboard users and extend or integrate the application
- Integration with anti-virus
- Enough security to meet PCI DSS, FISMA, and other regulations
MFT goes well beyond the list of common features outlined here. MFT solutions may include workflow, connectors to popular back-end systems, data loss prevention (DLP), Enterprise File Sharing (EFSS), and more. In choosing a solution, it’s important to determine the goals for your implementation and understand how the MFT functionality will be used.