- Database and Business Intelligence
- Desktop Management
- Disaster Recovery and High Availability
- Enterprise Application Development
- Identity Management
- IT Automation and Service Management
- IT Management
- IT Monitoring
- Messaging
- Networking
- Security and Compliance
- Storage Management
- Unified Communications
- Virtualization and Application Deployment
- Windows Administration
-
NEED HELP?
-
Visit our FAQ if you run into problems downloading our eBooks. If you are wondering why all of the chapters aren't available for some of the eBooks, we'll explain it here!
-
PAGE FEEDBACK
- Having a problem with this page? Please let us know!
by Greg Shields
Managed file transfer is indeed an overlooked service in many organizations. You know this problem if you’ve ever needed to transfer an exceptionally large file outside of your protected domain, only to discover the limited options to do so. Yet although the need has been often overlooked, the solutions have not. Managed file transfer solutions are available today from a number of software vendors that handle the needs of businesses from small to enterprise.
Further, these managed solutions are built with security and compliance in mind. Although most IT organizations tend to have a good handle on the security needs of a computing environment, keeping abreast of the ever-changing regulation landscape is another matter entirely. By investing in a managed file transfer solution, you immediately offload the responsibility of compliance fulfillment to that solution’s developers. Your solution provider likely has more time and resources than you to discover, incorporate, and update their solution as according to compliance and security requirements. As a result and with a single purchase, you may find yourself automatically standing up a solution that meets your security requirements as well as pleases your auditors.
Don’t believe this statement? Take a look through the article in this series titled “Managed File Transfer-No Longer a Point Solution for an Occasional Need: Impacts of Regulation,” which discusses a set of compliance regulations along with the functionality requirements that can fulfill those mandates. Although those sections provide high-level guidance, you’ll quickly see in the details that maintaining compliance is a more difficult activity than you ever thought.
Notwithstanding the compliance regulations, a managed file transfer solution must also meet your feature needs. To help you get started, let’s take a quick spin through a set of lists. Each of these lists of bullet points will help you understand the capabilities that are available today in managed file transfer solutions, and can assist you with selecting the right one for your business.
File Transfer Methods
First up is the list of file transfer methods themselves. Although most file transfers are commonly associated with FTP, this ancient protocol provides none of the security needs required by most businesses. In addition to FTP, other protocols are now commonly available:
- FTPS (FTP over SSL), including implicit or TLS-P explicit transfers; this includes the ability to transfer in both active and passive mode
- SFTP (FTP over SSH)
- SCP2 (FTP over SSL)
- HTTPS (HTTP over SSL)
- AS1, AS2, and AS3 (Application Standard 1, 2, and 3), which are specialized protocols commonly used for transferring sensitive manufacturer, distributor, and retailer data
- SMTP and POP3, both email protocols whose file transferring capabilities are commonly integrated into standard email clients
- Platform-to-platform transfers, for example between IBM Mainframes, UNIX/Linux, and Windows systems; although these systems do not typically transfer files directly over the Internet (often, through a proxying solution), their exchange of data can be facilitated through a managed file transfer solution
Other industry-specific file transfer protocols exist today; however, this short list of protocols represents those that are commonly used by business. They are also the list of protocols that are most commonly acceptable for transfer to other businesses. Remember that your selection of managed file transfer solution must be one that your business partners are also willing to work with. As with the earlier discussion on compliance, your selected solution must be palatable to others.
Security Features
In addition to the security features of the protocols themselves, your chosen solution must incorporate the right architecture to prevent data loss or disclosure. It must include compensating mechanisms to fulfill the needs of confidentiality, integrity, availability, and audit, as explained in the previous article.
Mapping these general requirements to actual features is a task that you’ll need to accomplish when deciding on the right solution. Consider the following list as a starting point for a smart solution:
- End-to-end encryption features to ensure that data remains in an encrypted form until it is ready to be used by its consumer.
- Non-repudiation of data, which provides proof of the identity and origin of data. This can occur through authentication as well as data hashing mechanisms for the certification and signing of data.
- Guaranteed delivery features, which assure that data will be retransmitted until it is fully and completely available at the target location. This capability becomes particularly useful when networks experience problems or intermittent conditions that could corrupt data while in transfer.
- Cryptography features that are recognized by auditors. For example, transfers between governmental entities or between a government entity and an outside contractor must fulfill the requirements of the government FIPS 140-2 (Federal Information Processing Standards) standard. This well-defined standard is exceptionally secure and ensures to a high degree that data will not be compromised as a function of using a FIPS-compliant system.
- Key management features, which eliminate the need to share passwords. The transmission of password data is not an acceptable solution for many businesses because the passwords themselves can be compromised. Today’s file transfer solutions include asymmetric cryptography solutions such as PGP that enable encryption and decryption without the transfer of clear-text password data.
- Encrypted and secured logging, which secure log data in formats that prevent tampering.
As you can see, these security features go above and beyond the standards of the file transfer protocol itself. Their presence is a leading differentiator between the freeware solutions available on the market today and solutions that can be considered enterprise-capable.
Usability Features
Having very secured data is one thing, but actually being able to use that data is quite another. Think back to our story of Andy and Bob. In that story, Andy and Bob likely don’t care at all about the security of their data. Data security isn’t part of their job, yet transferring Excel spreadsheets and .AVI files is. Thus, Andy and Bob both need a solution that transparently implements all the previously mentioned security features, but with an interface that makes the solution usable.
Further, the solution needs to be usable by individuals at both sides of the transaction. Chosen solutions must provide mechanisms to make file transfer a trivial process by all parties involved. For example, the solution is not complete if it eases Andy’s transfers yet makes Bob’s more difficult. Because two parties in two different organizational structures are generally always involved with these kinds of file transfers, incorporating a palatable solution for all must always be a priority. Consider the following sections of usability features as a starting point for finding that globally-palatable solution for your business.
Web- and Client-Based Interfaces
The two most-common user interfaces for managed file transfer solutions are via the Web or via an installed client. Typically, installed clients will have a greater range of features, while a Web-based solution will tend towards greater flexibility. Also, be conscious of the added administrative requirements associated with installing and managing a client interface.
Multiple-Hop Architectures
Security practices often do not allow the direct connection between internal systems and those on the Internet. Such a connection violates the protections put into place by the local LAN. Some managed file transfer solutions get around this limitation by creating a multiple-hop architecture. In such an architecture, files are transferred from the internal LAN to a partially-trusted Demilitarized Zone (DMZ). From there, the files can then be transferred over the Internet. This same architecture works for incoming files as well, with files being transferred first to the DMZ and then to the internal LAN after various integrity and malware checks are performed.
Job Scheduling
Advanced needs that happen on a regular basis can be handled through a job scheduling feature. Here, it is common for “drop boxes” to be created where data is deposited for later transmission during a scheduled job. When integrated with other automation elements such as database tasks, a fully-automated file transfer infrastructure can be created between two organizations.
Built-In Scripting, Automation, and Workflow
Wrapping around the core file transfer processes of such a system are often scripting interfaces as well as automation and workflow elements. Adding workflow elements to a managed file transfer solution enables the creation of run books for complex transfer tasks.
Seamless Failover and Clustering
Following along with the needs of availability is the ability to cluster multiple file transfer servers together. At the same time, such a solution should allow clients to roam between cluster nodes, providing a seamless user experience even during the loss of a single server.
Integrated Antivirus and Anti-Malware
Many managed file transfer solutions can automatically scan files and folders for known viruses and malware before they’re made available for user consumption. Isolating files during this process provides another protection for the internal network.
Compression
Whether enabled as an option within the client or seamlessly added to outbound files as they’re queued for transfer, compressing files into common formats such as ZIP files reduces their size and overall time to transfer.
Obviously, each business will have its own reasons for and requirements in implementing a managed file transfer solution. The lists here will at the very least help you become aware of the options that are currently available on the market today.
About the Author
Greg Shields is an independent author, speaker, and IT consultant, as well as a Partner and Principal Technologist with Concentrated Technology. With 15 years in information technology, Greg has developed extensive experience in systems administration, engineering, and architecture specializing in Microsoft OS, remote application, systems management, and virtualization technologies. He is a Contributing Editor and columnist for TechNet Magazine and Redmond Magazine, and serves as the Series Editor for Realtime Publishers, the world’s leading provider of high-quality content for the IT market. Greg is a highly sought-after and top-ranked speaker for both live and recorded events, and is seen regularly at conferences like TechMentor Events, Microsoft Tech Ed, VMworld, and more. He is a multiple recipient of Microsoft “Most Valuable Professional” award.
If you found this tip helpful, consider downloading the following book:
 |
Follow Realtime on Twitter
Watch Realtime on YouTube
Add the Realtime RSS FeedSign up for our Realtime Nexus newsletters and book alerts and discover when new books on your favorite IT topics are available!
- © 2012 Realtime Publishers
- // Google Analytics Tracking