Managed File Transfer (MFT) is the process of automating and securing data transmissions from a centralized enterprise-level approach. Managed File Transfer solutions eliminate the need for numerous tools, scripts and manual steps that organizations have traditionally used to move, transform and secure data.
A significant benefit of using a Managed File Transfer product is to “reign in” the prevalent use of standard FTP and other unsecure protocols. Organizations cannot afford to risk the exposure of confidential and personal identifiable information, so encryption and audit trails have become a critical feature of effective Managed File Transfer solutions. This is essential for complying with PCI DSS, GLBA, HIPAA and the growing number of state privacy laws.
Listed below are some of the critical features we believe you need to look for when researching Managed File Transfer solutions:
Allows for remote administration and monitoring (preferably through the browser)
Runs on a variety of operating systems (e.g. Windows, Linux, IBM i, AIX, etc.)
Has a short learning curve without the need for programming or special skills
Supports secure FTP protocols of SFTP and FTPS
Supports popular encryption standards such as Open PGP, SSH, SSL, TLS, S/MIME and AES
Includes key management tools for SSH keys, Open PGP keys and SSL certificates
Can compress data using ZIP, GZIP and TAR
Supports HTTP and HTTPS protocols
Can integrate with back-end database systems such as DB2, SQL Server, Oracle, PostgreSQL, Informix, MySQL and Sybase
Has a built-in scheduler for running transfers at future dates and times
Provides commands and APIs for interfacing from customer applications
Produces comprehensive audit trails of all file transfer activity
Sends instant email alerts when problems occur
Does not require your trading partners to purchase the same software
One of the best solutions for protecting your FTP transmissions is to utilize “Secure FTP” encryption technology.
The two popular Secure FTP protocols are named SFTP (meaning FTP over SSH) and FTPS (meaning FTP over SSL). Both SFTP and FTPS will create encrypted tunnels between your system and your trading partners. In essence, anything that flows over those tunnels will be protected, including any user ids, passwords, commands, as well as any data that is transmitted.
One of the main differences between SFTP and FTPS is the way authentication is performed. With SFTP, clients can be authenticated with just a password or a Private Key. With FTPS, clients and servers can be authenticated with certificates, which are either self-signed (by your organization) or signed by a Certificate Authority (e.g. Verisign).
Choosing the right type of Secure FTP protocol to use will depend on your trading partner’s capabilities and authentication requirements.
You should not leave it up to your users to decide which secure protocol or methodology works best. This can create a hodgepodge of approaches, none of which may meet your overall security and authentication policies.
This is an area where IT’s expertise is required to ensure that the right form of encryption is utilized, that authentication mechanisms are properly implemented and that regulatory requirements have been met.
Every day, millions of files are exchanged all over the world by corporations, government entities and other organizations. These electronic transfers include the critical data needed to conduct business, such as customer and order information, EDI documents, financial data, payment information, as well as employee and health-related information.
Most managed file transfers use a popular protocol known as FTP. This is a very aged protocol, since it was designed and implemented in the infancy of computing networks; even before the Internet was even heard of. Few managers realize the security and management risks that have blossomed in their organization with the prevalent use of FTP. Fewer still have begun to take measures to bring the use of FTP into compliance with regulations such as PCI, SOX, HIPAA, State Privacy Laws or other mandates.
The best solution to securing your FTP implementations will be one that best centralizes and manages the control of those transfers. The practice of distributing file transfers off the main information system complicates management and opens security holes. How does centralizing FTP reduce the number of management issues?
Centralization:
Maintains the rigor of the native operating system’s security mechanisms.
Sustains the compliance requirements that have been already been implemented on the host system. This includes authority controls and reporting prerequisites.
Provides a single-point of maintenance for all FTP user profiles and passwords.
Contains standardized data encryption techniques and centralized key management.
Instead of building subsystems for encryption on individual user platforms, IT can engineer a comprehensive solution that provides better control and security.
Provides a centralized logging system of all file transfer activity for auditing purposes, along with descriptive error logs and message alerts when transfers fail.