Managed File Transfer – The Key Issues In Selecting An MFT Solution

Over time many businesses have advanced from using FTP to exchange files to using managed file transfer (MFT) software. MFT software address many of the things that are lacking in the FTP protocol including but not restricted to security, data integrity and automation of business techniques. This article discusses some key issues you should be concerned with when evaluating an MFT software vendor. Web based secure file transfers

Key Issues

Standard protocol support – In order to integrate easily with trading partners an MFT solution must be able to support the following file transfer protocols: FTP, FTPS (FTP over SSL), SFTP (FTP over SSH) and HTTP/S. 
System independence – Most businesses today run on various interconnected servers running on Windows, Linux, Solaris and Mac OS X websites. MFT vendors should be flexible enough to be deployed to any working system. This enables you to deploy an MFT solution to any server that hosts your data vs having to move your data to an main system supported by the MFT vendor.
Data Security – To be able to protect data both during transit and at rest is quickly becoming a requirement for organizations who host highly very sensitive data. File transfer protocols such as FTPS (FTP over SSL) and SFTP (FTP over SSH) may be used to protect data in transit while encryption protocols like PGP (Pretty Good Privacy) can be used to protect data sleeping. Protecting data at rest makes sure that even if your server were to be compromised the data wasn’t able to be read without the private key needed to decrypt your data.
User Management and Authentication – Tools for controlling users and access to resources must be user friendly yet flexible enough to focus on your firm. In order to easily integrate with existing company access policies, MFT suppliers must be able to authenticate users against single sign-on (SSO) databases such as relational sources, LDAP and Active Index. Support for secondary small authentication such as end user Internet protocol address and client SSL and SSH certificates should also be supported.
Event Handling and Process Automation – Taking events and automating techniques in response to those events is often the heart of any MFT solution. MFT vendors should be able to get a wide variety of file transfer events and provide some common built/in actions that may be executed in response to those occasions. The ability to write your own actions using an API is also a major plus, especially in organizations which may have complex techniques or business rules that cannot be easily constructed with the built-in actions provided by the MFT supplier.
Logging – For general public companies who need to meet HIPAA and/or Sarbanes-Oxley requirements it is important that an MFT seller be able to record detailed information about each file transfer session. In addition to meeting conformity requirements logging can also help you to identify file transfer trends. MFT vendors should be able to store log data in both files and relational databases.
Reporting – Answering the who, what and when is important when it comes to any MFT solution. MFT vendors should include built-in reporting tools and standard reports that allow you to quickly see that is accessing what and when.
Data Integrity – Upon transferring a record it is an often great idea for the customer to request a checksum verification from the hardware in order to validate that the file was transferred without the data problem. If the checksum provided by the server will not match that expected by the client then the transfer can be restarted. MFT vendors should support checksum verification when using FTP and FTPS (FTP over SSL) protocols.
Curriculum vitae Transfer Support – In the event that a file transfer is aborted due to lack of online connectivity or aborted by the user, client should be able to request that the server resume the transfer starting from the last byte successfully received. This is critical in organizations transferring very large files and/or who have service level agreements that specify files must be transferred within a specific time period.