Automating and securing file transfers: key issues
Managed file transfer products help centralize, standardize and control the flow of data inside and outside the enterprise. Here are 10 things to look for.
By Neil Roiter
July 14, 2011 — CSO —
Data in transit. Those three words are at the heart of business in the 21st century and the rise the of the secure managed file transfer (MFT) industry. Companies function by sending, receiving and sharing information, often in very large files, and often in huge numbers of files in batch transactions. Files have to move quickly, reliably and securely.
Enterprises have to deal with file-transfer methods that don't scale to hundreds or thousands of partners, customers and suppliers doing business across the Internet. Knowledge workers and managers can't get their work done because their email systems kick back files over 5MB. Companies can't ramp up new initiatives quickly because of the time and complexity required to provision employees and partners with a file-transfer system everyone can use.
Also see the companion piece Optimizing Managed File Transfer (MFT): Dos and don'ts (free CSO Insider registration required)
Data security, compliance and data governance suffer because file transfer is fragmented among one-off deployments using FTP and custom scripts; individuals send sensitive corporate information via email, if their system supports it, or find their own solutions, such as cheap cloud services.
Managed file-transfer has become big business—half a billion dollars and growing, according to Gartner, which tracks more than 40 MFT companies. Those tracked include MFT pureplays, specialists in ad hoc person-to-person transfers, and broad-based vendors that include MFT as a component of full B2B integration services—middleware, infrastructure, application and system integration.
In this Toolbox, we'll explain the issues that affect file transfer, how MFT addresses these issues and what companies need to know as they select, implement and manage the technology.
The Stuff of MigrainesMFT is one of those technologies that gets sold as a business enabler and data-protection and compliance tool. You can automate and centralize both massive and ad hoc data-movement processes, give employees an easy way to exchange files, improve audit oversight and embed security controls such as policy-driven encryption and access control.
In the absence of MFT tools, large-scale file-transfer operations are generally based on FTP servers and some automated scripts. They are highly distributed, with each transfer system having grown organically with every new set of partners and business initiatives. These approaches often scale poorly, as each FTP server supports perhaps 20-50 connections when hundreds or even thousands may be required. That also means there is no way to off-load transfers when demand exceeds capacity. As a result, they are very expensive in terms of infrastructure and support, and highly labor-intensive to manage, as they lack any sort of central management capabilities.
"One of key objectives from senior management was that we need to automate a lot of processes," says Mike Shrader, network security specialist for Glatfelter Insurance Group, a Cyber-Ark customer. "We can leverage automation processes, which increases productivity. We can schedule overnight processes."