As an IT analyst firm, we query companies large and small on a range of issues. One of the areas of risk we consistently see is around the transfer of files associated with business processes. To understand why these risks exist, we need to explore the difference between simple file transfer and managed file transfer.
The Importance of Managed File Transfer
Business processes are dependent on the transfer of files – important business records sent between applications, between people, or between applications and people. A strong case can be made that the vast majority of so-called “communication” networks are really much more about transferring files than they are about sending messages or other types of communication. This is particularly true since most file transfers occur between applications and not between people: roughly two-thirds of file transfers – for content like purchase orders, invoices, travel documents, tax information, etc. – are sent business-to-business, not user-to-user.
File Transfer Needs Improvement
File transfer is so integral to the proper flow of business processes and corporate communication that it must be a high priority for any company. Yet, there are numerous problems with existing file transfer processes including the following:
- Many files are sent without encryption
- IT cannot control the lifecycle of the transferred files
- Lack of auditability for the file transfer process
- Some content is not archived in accordance with corporate policies
- Chain-of-custody cannot be maintained for some content
- Transferred files cannot be inspected by Data Loss Prevention systems
This lack of control results in a greater likelihood of data breaches and a breakdown of business process efficiency.
The “M” in “MFT”
Clearly, companies of all sizes need to address these problems. They can do so by implementing a file transfer process that can be managed in accordance with the variety of requirements that enable them to maintain the integrity of data as it is being transferred within and between organizations. However, this is usually not possible via typical file transfer solutions like traditional FTP or many of the growing number of cloud-based file transfer tools because of their inherent limitations. Instead, true, enterprise-grade file transfer requires MFT, which is distinctly different from typical file transfer solutions in the following four ways:
An MFT system enables the transfer of files using secure protocols that will encrypt content both in transit and at rest. This is essential in order to maintain the integrity of information as it passes from sender to recipient, and as it is stored on various servers.
An MFT solution allows an organization to maintain compliance with the growing number of statutes that are designed to protect sensitive information from being intercepted by unauthorized parties.
A key distinction of an MFT system is the control that it allows over content: its expiration, who can access the content, where it can be sent, and the ability to report on content flows, etc. In short, MFT solutions permit complete control over the lifecycle of content in order to minimize the risk of non-compliance or loss of sensitive content.
- Integration with workflows
An essential element of a true MFT solution is its ability to integrate with corporate workflows to ensure that content can be sent in support of corporate requirements. For example, a purchase order system that requires the sending of purchase orders and other documentation to recipients must integrate seamlessly with this system in order to minimize disruption with existing processes.
The Next Generation of File Transfer
File transfer is changing as organizations migrate away from insecure, legacy FTP systems; email (which has become the de facto file transfer solution in many organizations); and lightweight, consumer-focused file sharing solutions. Instead, companies are moving toward true MFT solutions that:
- Integrate well with existing corporate workflows and content-transfer processes
- Allow IT to maintain control of the entire file-transfer lifecycle
- Ensure appropriate corporate governance for all content
- Enable end users to employ file transfer simply and efficiently
I will have the pleasure of discussing these issues along with two individuals whose organizations have recently implemented MFT solutions at a Webinar on August 22nd and would welcome having you join us for the discussion.
To learn more view the on-demand version of the webinar:
- Mr. Michael Osterman, Principal at Osterman Research
- Ms. Rebecca Freise, Senior Application Systems Administrator, Oppenheimer Funds
- Mr. Ragan McBride, Automation Engineer & Industry Consultant, Viva Health