Managed file transfer
Managed file transfer (MFT) refers to a software or a service that manages the secure transfer of data from one computer to another through a network (e.g., the Internet). MFT software is marketed to corporate enterprises as an alternative to using ad-hoc file transfer solutions, such as FTP (file transfer protocol), HTTP and others.
Background
From its inception, FTP has made moving large volumes of bulk data between any two entities — including file servers, applications, and trading partners — possible. However, FTP (and other communication protocols such as HTTP and SMTP) do not, on their own, provide a way to secure or manage the payload or the transmission. Yet, regardless of the lack of security and management capabilities, many companies have continued to transport large batches of structured and unstructured data using these protocols.
This practice is changing, however. According to Gartner Research, "Organizations often use MFT solutions to replace FTP. This is due to increased focus on compliance, privacy regulations and corporate transparency — which demand increased auditing, management, security and process."[1]
MFT Features
While Managed File Transfer always recovers the same features—reporting (e.g., notification of successful file transfers), non-repudiation, audit trails, global visibility, automation of file transfer-related activities and processes, end-to-end security, and performance metrics/monitoring—the way it is used has a major impact on the nature of the appropriate solution. Gartner analysts[2] agree on 6 different usage patterns for MFT, all of which are defined by their own markers and require different methods:
- Ad Hoc
- Accelerated Transfer or "Extreme" Transfer
- A2A (Administrative-2-Administration)
- B2B
- Cloud
- SOA
Typical MFT functionality
MFT centers around the secure and efficient transfer of data, but most MFT software solutions offer additional features. Typically, MFT software offers reporting (e.g., notification of successful file transfers), non-repudiation, audit trails, global visibility, the ability to automate file transfer-related activities and processes, end-to-end security, and performance metrics. MFT applications are available as both on-premises licensed software packages and software-as-a-service ("SaaS") solutions. MFT solutions are largely designed for enterprise implementations.
MFT applications are characterized by having all or most of the following features:
- Support multiple file transfer protocols including PeSIT, FTP/S, OFTP, SFTP, SCP, AS2, and HTTP/S.
- Securely transfer files over public and private networks using encrypted file transfer protocols.
- Securely store files using multiple data encryption methods
- Automate file transfer processes between trading partners and exchanges including detection and handling of failed file transfers.
- Authenticate users against existing user repositories such as LDAP and Active Directory
- Integrate to existing applications using documented APIs (application programming interfaces)
- Generate detailed reports on user and file transfer activity.
Alternative definition of characteristics
One vendor in the description of their product identifies six issues with commercial use of FTP of even SFTP that Managed File Transfer seeks to address. The issues revolve around security weaknesses of traditional FTP in an increasing cyber threat environment and meeting increasing stringent regulatory compliance for data. While bespoke solutions may resolve some of these issues, MFT can address them with a standardized approach, along with the ability to be customized.[3]
References
- "FTP Replacement: Where MFT Makes Sense and Why You Should Care". 8 November 2010.
- "What MFT Is, and How It Applies to You". 14 June 2011.
- "6 Ways FTP/SFTP is Putting Your Business at Risk". IBM. Archived from the original on 12 May 2019. Retrieved 12 May 2019.