Managed File Transfer is a solution that performs secure inbound and outbound data transfers, with added capabilities that provide automation, validation, compliance, and reporting. Managed File Transfer servers ensure that file exchanges with other systems and servers, as well as with end-users, are accomplished with minimum manual effort and maximum security and accountability. Managed File Transfer solutions, also known as MFT servers, include advanced visibility to monitor data access, restrict unauthorized usage, and provide proper auditing. MFT servers are often employed in clustered networks to provide high availability and failover.
MFT product capabilities meet strict regulatory compliance standards and federal regulations such as HIPAA, FIPS, GDPR, and PCI. MFT servers are used by hospitals, financial services organizations, and other enterprises where the security of data is of critical importance. These are organizations that require secure transfers, secure storage, regulatory compliance, and protection against unauthorized access.
Key Features of Managed File Transfer
Security is a critical aspect of Managed File Transfer. Data encryption, both at rest and end-to-end in transfers, is essential for keeping sensitive information secure. Encrypted transfers reduce the risk of sensitive data being intercepted. Encrypted storage keeps authorized users from accidentally viewing protected information, such as private healthcare or financial files, but also serves as a last line of defense against unauthorized users.
Security at the individual user level is also critical. Nearly 80% of data breaches are the result of poor password security. Password security in the form of strong password requirements, password history that assures passwords are not re-used, and multi-factor authentication is the best protection against password guessing and compromised passwords. According to Microsoft, multi-factor authentication blocks 99% of all password safety issues.
The outermost layer of security is a reverse proxy component of the Managed File Transfer solution. Located in the DMZ, a reverse proxy server reduces the risk of network breach by closing inbound ports in the firewall. An MFT solution should be implemented with a reverse proxy that serves only as a pass-through and does not store any data. A reverse proxy server should also allow whitelisting and blacklisting of IP addresses for additional security.
MFT servers should include a robust automation capability to facilitate batch transfers with partners, submit inbound content to file processing applications, send reports, and run backups. In addition, automation processes can continually monitor and proactively respond to security issues, such as shutting down DoS attacks, running antivirus scans on inbound content, or locking password guessing attempts, and sending notifications of suspicious activity to administrators.
Scalability is necessary to facilitate high transfer volumes and assure uptime and high availability. Applications with high transfer and processing volumes can distribute the workload across multiple MFT servers. Popular approaches include a round-robin approach and a least-busy approach. This is determined by the load balancer with the clustered MFT servers simply responding to the inbound activity.
Assuring uptime and high availability can be accomplished by clustering MFT servers in an active/active or active/passive configuration. An active/active configuration assures both high availability and high throughput. In this configuration, a server can be taken offline for maintenance or updates with no impact on the user or system activity. Cornerstone MFT enables clustering across different geographic locations, adding disaster recovery to the scalability benefits.
The Cornerstone solution enables clustering of both MFT Servers and the DMZedge Reverse Proxy Server, enabling a many-to-many configuration and eliminating a single point of failure.
Logging, Reporting, and Auditing
Reporting and logging of transfer activity is a critical component of maintaining regulatory compliance, achieving SLA commitments, and anticipating risk factors.
The ability to log all user activity should account for everyone who accesses any data, which data was accessed, and when. System activity is also logged, which can assist in strategies for server hardening, proactively managing processing resources and hardware upgrades, and assuring that exchanges with partners are completed successfully. MFT keeps records of all actions on all MFT and reverse proxy servers in the configuration. Reporting assures that an organization has complete accountability for its data.
Secure User-Initiated File Transfers
When employees send files through email or commercial file-sharing services, these exchanges come outside of the reporting needed for corporate accountability and compliance. Additionally, there are serious security risks from the potential interception of unsecured, unencrypted email, as well as the serious risk of a data breach that is common in consumer-focused file-sharing services.
Managed File Transfer provides a solution to this issue, enabling end-users to easily share a secure link, which can be configured to include a password, expiration, and access rights. Recipients click on the link, and the file is downloaded securely. More importantly, these interactions are logged and available for reporting and auditing, giving companies complete visibility into where files travel.
Cornerstone MFT offers 3 methods of secure file sharing. A DropZone capability enables external users to upload files easily and securely without requiring a login to the server. Paired with the automation capability, uploaded files can be virus-scanned, and the recipient can be notified upon successful receipt. Users can also share files that are stored on the Cornerstone Server, creating a secure and trackable sharing capability. Finally, users can share files from their desktops, avoiding the risks of sending email attachments. This capability uploads the file to Cornerstone in the background and sends a secure link with logging of this capability for security and compliance.
Businesses rely on the secure exchange of information. Managed File Transfer assures security, visibility, automation, and a configuration that can continue to scale to meet throughput and availability requirements.