File transfers likely happen thousands of times a day in your organization—unless you work for a large enterprise, then it is LARGE multiple of that number. Many shops have file transfer solutions—often low-end even free apps like DropBox—that run in the cloud. These sure beat plain old email, but are nowhere as secure as a Managed File Transfer (MFT) solution.
Managed File Transfer is often run in-house as an on-premises solution. Some large, regulated industries prefer in-house as they have full control of their data—or at least think they do. But for most, the cloud is just as secure, arguably more so, and vastly more efficient and cheaper to manage. That is just part of why Cloud Managed File Transfer makes so much sense.
Why Not Having a File Transfer Solution is Bad
File Sharing Dangers
Often end users adopt a file sharing tool since it offers the path of least resistance without a complicated process to share the data. As an organization, IT has no visibility, so that unapproved solution creates a Shadow IT environment.
Lack of Visibility
Hackers can be experts at gaining visibility into your files and file structures—that’s how they steal them. IT doesn’t necessarily have enough visibility—especially knowing if these files are accessed—or what is in them. Did a hacker come through a back door and access files? If so, that opens up a huge attack surface.
Transferring files is when they are most vulnerable. IT generally has no visibility into where these files are coming from and going to.
The files are rarely encrypted because PGP or other encryption requires a key exchange to occur. Instead, IT needs a solution that is transparent to the user that secures those files while they're at rest.
The Wrong Way to Transfer Files
The Trouble with FTP
Many use FTP or FTP services for file transfer and may even have some automated processes. Unfortunately, IT has limited visibility into those processes. Where are these files coming from? Where are they going? Often IT has to hunt through a flat file to determine file source and destination and sift through a lot of protocol data to find it. Even an FTP scenario can lead to Shadow IT as you have users generating scripts on their own.
Facing secure file transfer challenges, many shops adopt homegrown solutions, using scripting in one of several languages to create custom file transfer processes and sometimes modest workflows.
Written by IT pros or scripting aficionados, these are often pretty good. The problem comes from personnel issues where the party responsible for maintaining that solution leaves the organization, is out sick, or on vacation and no one knows what to do if the script breaks. In fact, you might not even know that it breaks as there is no alerting.
Even if someone understands the code, they may not have credentials to manage that service, nor is there enterprise support.
The Right Way to Transfer Files
Managed File Transfer (MFT) Solutions
Managed File Transfer solutions are more secure and superior to file sharing tools, FTP and homegrown solutions in many ways. MFT offers encryption at rest, often automation and workflows, logging and auditing, and even business continuity. With cloud MFT, you are protected in the event of an outage, and can still operate. Managed File Transfer Cloud can even come with an uptime guarantee.
A key aspect of secure file transfer is being able to look back, done through logging, which shows what file transfer actions users actually perform. This is great for day-to-day administration. If a user has an issue, IT can see all the activities that took place.
IT could validate if an external party uploaded files. If so, IT can click the timestamp and get additional information including how long the transfer took and the size of the file—that sort of information.
With a good MFT solution such as MOVEit, logging is not limited to user interaction. Any administrative action, whether it is creating user accounts, folders, setting permissions, etc., are visible as well.
In addition to day-to-day logging, MOVEit has reporting, which is useful if you want to get configuration or usage metrics out of the system. For example, say you are going through an audit and the auditor asks for a user list, wanting to know all the user accounts, when they were created, when they last logged in, and when they reset their password.
This is just one example of a canned report. There are 100 or so pre-built reports and you can also create custom reports. We publish the schema, and you create a report that has whatever information is relevant to your process. Not only that, but you can also schedule these reports, have them as deliverables, place them in folders, and alert a user that that report is available.
MOVEit is simple to set up from the administrative perspective, and even easier to use. Users simply log in, start their workflow, and deliver files as needed—all from a single location. That same single location is beneficial for admins who have a single pane of glass for logging. That same interface lets IT set service-level policies such as password length and complexity, user account expiration, etc.
The VERY Best Way to Transfer Files—the Cloud
With cloud-based Managed File Transfer, IT can consolidate and streamline all file transfer activities onto one platform to ensure better management control over core business processes. Here are four benefits of cloud-based Managed File Transfer:
Meet Compliance Regulations
Managed File Transfer Cloud services easily scale to meet the diverse and growing data transfers your business requires, while reducing risk by compiling with data privacy laws such as GDPR, HIPAA, and PCI.
Meet SLAs and Reduce Costs
With a Cloud MFT solution, you can consolidate disparate file transfer processes under a single platform with end-to-end visibility, reporting, and audit trails.
With no infrastructure to finance, file transfer IT operating costs drop 15% to 40% with Cloud Managed File Transfer (MFT). Infrastructure is owned by the MFT SaaS providers, so you pay nothing for buying servers, storage, and other bits of infrastructure.
IT staffing costs are also kept in check as there is no need to install, configure and manage all that infrastructure. Instead, IT staff time can go towards new business changing IT applications and solutions—like the Cloud MFT app itself!
And with the cloud, IT pays as it goes, and can scale up capacity as file transfer needs increase.
File and Data Security
Hackers love to crack files, after all, they contain the majority of an enterprise’s confidential data. That is where MFT in the cloud comes in. Top cloud providers have invested for years to ensure their platforms are secure and private. At the same time, these providers’ data centers must meet a growing set of international and industry-specific compliance standards and regulations such as GDPR, ISO 27001, HIPAA, and PCI. Does your IT infrastructure have the same level of certification and credentials?
Cloud Managed File Transfer Must-Haves
If you are looking for a Cloud MFT, here are a half dozen must-haves:
- Encryption in transit and at rest – Data encryption isn’t just a huge safety feature; it is a compliance requirement. When it comes to MFT, look for FIPS 140-2 validated encryption. ‘Validation’ is key. A solution may be called ‘compliant’ but hasn’t been validated by the Federal Information Processing Standards.
- Access Control – Without access control, you can’t keep hackers from cracking a Managed File Transfer solution you bought to keep those files secure in the first place. The key is a solution that offers full control over user access and permissions, and centralized user authentication. Even better is having multi-factor authentication for added security and single sign-on for end user convenience.
- Integrity Checking – Be confident that all transferred files arrive in the exact same condition as the original.
- Intrusion Detection – If a file is compromised, you want to know right away so an uncorrupted version can be resent. A proper Cloud MFT solution should flag changed files and report unauthorized access or login attempts immediately.
- Audit trails – Hackers don’t just break in; they cause all kinds of trouble once they get there. Audit trails will show what an authorized user has been up to. This is ideal for forensics, and a must for compliance.
- Reporting – File transfer visibility is vital for managing the application, achieving a high level of safety, and attaining compliance. That is why reporting, logging, auditing and data retention abilities are a must. Usage reports should include bandwidth and storage for IT operations teams, bill back features for accounting, including tracking usage consumed by user groups so you can allocate costs internally, and online audit log retention for security forensics.
Finally, with a good Cloud MFT solution you can:
- Do away with IT spending (or wasting) valuable time performing software and security updates.
- Integrate MFT with in-house applications and provisioning services.
- Adopt encryption through PCI DSS 3.1 Level 1, and use a solution certified for HIPAA, HITECH, HIPAA Omnibus compliant, and GDPR ready.