How does MFT help my organization secure file transfers?
Data security is an integral part of managed file transfer (MFT) solutions. In fact, a more accurate term for “managed file transfer” would be “managed and secure file transfer.” Most MFT solutions secure file transfers in four key areas:
- Encryption – Protecting the file content in transit and at rest.
- Authentication – Making a user prove his or her identity before being granted access to file transfers.
- Audits – Maintaining thorough records of all transferred, stored, and searchable files.
- Good DMZ Behavior – Minimizing the exposure of files to unauthorized access as they move into and out of a corporate network via the DMZ.
Unlike solutions focused purely on securing file transfers, MFT solutions promote security by simultaneously enhancing an organization’s efficiency, which then rewards the implementation of protective security controls.
How does MFT help my organization reduce the cost of exchanging data with partners and branch offices?
The often unanticipated and overlooked costs associated with both internal and external file transfers come from three primary areas:
- Provisioning – The time spent defining and configuring the necessary user accounts, file transfers, and access rights needed for file exchanges.
- Troubleshooting – Person-hours spent determining the location and nature of a failed file transfer and acting to remediate and restart the transfer.
- Overlapping solutions – Multiple systems, acquired departmentally or through mergers and acquisitions, implementing similar functions in slightly different ways.
Managed file transfer solutions reduce costs through simplified provisioning, enhanced error detection and recovery, and a breadth of capabilities that support consolidation of file transfer solutions. Through consolidation, organizations benefit from reduced costs and improved efficiency driven by uniformity, consistency, and fewer vendor contracts to manage for similar solutions.
How does MFT help my organization with PCI DSS compliance?
MFT solutions support PCI DSS requirements in the following areas:
- Authentication (Requirement 8) – Support for unique IDs for access to file transfers.
- Access Control (Requirements 7 and 8) – Assignment of file transfers to individuals with unique IDs.
- Privacy (Requirements 2, 3, and 4) – The encryption of administrative sessions, files at rest, and files in transit.
- Integrity (Requirement 11) – The use of secure file transfer protocols that implement integrity checking as files are transferred.
- Availability (Requirement 12) – Detailed audit logs that support the tracking by user ID of file transfer activity, including transfers intended to destabilize the system through such things as filing up storage space or multiple simultaneous transfers.
How does MFT simplify application integration?
MFT solutions take the complexity out of integrating file transfers into applications. Additionally, they solve the reliability and performance problems associated with the most traditional forms of application integration—namely, bulk data movement.
The benefits that MFT brings to application integration include:
- More power to application developers – Developers have access to web services APIs and a central service to call into to support point-to-point file transfers between servers.
- Automate the “before and after” – With MFT, file transfers can be initiated based on events (such as the appearance of a file in a directory), and the post processing of a file can be executed automatically at the end of the file transfer.
- Reduced script complexity – MFT file transfer commands are more powerful than the file transfer commands in traditional file transfer tools. Actions such as alerting on errors, testing for the completion of a transfer, and remotely initiating post-processing actions, no longer have to be scripted around the core file transfer calls. Instead, they’re built in.
What key file transfer use cases does MFT support?
A complete MFT solution supports these key file transfer use cases:
- User-to-User (U2U) – The ad hoc, unscheduled exchange of files between individuals. Most business users attempt this exchange through email, but are often blocked due to attachment size limitation policies set by their email administrators. MFT solutions provide an easy-to-use solution to the email attachment challenge.
- Business-to-Business (B2B) – The routine and scheduled exchange of files into and out of the organization with business partners and customers. MFT solutions combine data security with streamlined workflow, helping organizations improve the security they offer to their business partners and customers, while reducing provisioning and error-resolution costs.
- Application-to-Application (A2A) – The file transfers that are embedded into custom applications. This common type of file transfer often lacks the visibility and detailed logging and error alerting needed to resolve failed transfer issues. MFT solutions provide powerful file transfer capabilities for the application developer, along with the necessary alerting and logging required by IT operations to quickly resolve outages.
- Technical Questions
What file transfer protocols does MFT support?
There are a number of secure and nonsecure file transfer protocols in use today. Most MFT solutions support many protocols, including:
- FTP – The nonsecure but still broadly used standard.
- FTP with PGP – The combination of PGP (for encryption and integrity) and nonsecure FTP. With this combination, the file payload is protected in transit, but user credentials still flow in cleartext.
- SFTP – A secure network protocol used for transferring files. SFTP is an extension of the SSH protocol.
- FTPS – An extension of FTP that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.
- HTTPS – A secure network protocol, used for communications over the World Wide Web, which combines HTTP with SSL/TLS.
- AS2 – Often used in B2B communications, this network protocol uses HTTPS combined with S/MIME (Secure/Multipurpose Internet Mail Extensions).
In addition to these open protocols, some MFT solutions (such as Attachmate FileXpress) also offer proprietary protocols that allow for advanced file transfer capabilities such as automated error recovery, alerting and notification, and post-processing actions.
How does MFT manage and secure files moving through the DMZ?
One of the weaknesses of traditional file transfer solutions is the need to place a file repository in the DMZ, that region of a company’s network that is open to the Internet. Incoming or outgoing files get placed in this repository, exposed to the Internet, while they wait for the recipient to login and pick them up.
MFT solutions such as Attachmate FileXpress address this challenge by securely streaming the files through the DMZ at the time that they need to be transferred. No files are ever written to disk as they make this traversal. In addition to serving in this secure proxy mode, MFT solutions can translate protocols on the fly, converting between the protocol used by the client to the protocol required by the target server. Finally, these DMZ-hosted MFT solutions expose only a virtual view of the target or source systems that reside within the corporate network, obscuring any details of your organization’s internal systems. (See Secure Data Streaming with Attachmate FileXpress: Why it’s better than the store-and-forward approach)
What platforms does MFT support?
Platform support varies by MFT vendor. While open standard protocols allow for cross-platform file exchanges, advanced MFT solutions, such as Attachmate FileXpress, support a broad range of platforms for their endpoints, including IBM z/OS, IBM i, Windows, UNIX, and Linux.
Can MFT be scripted?
Yes. Most MFT solutions include client utilities that can be called from scripts. Additionally, APIs exist for application developers to use within the custom applications that they build. In the best MFT solutions, these scripting and programming interfaces can significantly reduce the effort required to build secure, supportable automations that integrate into the broader workflows supported by your file transfers.
Does MFT require scripting or programming?
No. Most MFT solutions provide a robust user interface, along with automation.
Do end users have to install software to use MFT?
No. Most MFT solutions offer user interfaces that require only a web browser on the client desktop. Through multiprotocol support, however, MFT solutions like Attachmate FileXpress also allows users and automated processes to leverage the secure file transfer clients already installed on user systems.
How can MFT reduce the time it takes a file to be transferred?
There are three key ways that MFT solutions reduce file transfer times:
- Data compression – Files are compressed before they are transferred, thus reducing the amount of data that must be sent over the network during the file transfer
- File transfer acceleration – Technologies such as the RocketStream capabilities in Attachmate FileXpress can accelerate the rate of file transfers over high-latency network segments
- Improved workflow – MFT solutions automate the initiation of a file transfer (by transferring a file as soon as it appears in a monitored directory) and alerting an individual or process the moment a file arrives.
How does MFT give me visibility into all transfers?
MFT solutions provide centralized visibility by providing a single conduit for external file transfers, allowing the solutions to generate audit records of all inbound or outbound file transfers. More advanced MFT solutions also provide a centralized auditing database for internal file transfers to which each node inside the organization can deliver an audit history. These capabilities, coupled with a set of viewing, search, and reporting tools, provide broad visibility into both successful and failed file transfers.