What Is
Managed File Transfer (MFT)?
The Complete MFT Guide
Have questions about managed file transfer?
Get answers, not a sales pitch.
Defining Managed File Transfer
Managed File Transfer (MFT) is a technology that secures and simplifies the process of exchanging files internally or externally to an organization. MFT provides centralized control for IT teams to create, configure, manage and monitor file transfer connections between people, applications, businesses and systems. MFT usually replaces legacy file transfer solutions that require complex coding for automation and lack visibility of file transfers.
Unmanaged File Transfer Solutions
- Manage scripts created for file transfers
- Dig through log files to troubleshoot issues
- Maintain many disparate file transfer solutions
Managed File Transfer Solutions
- Configure and manage file transfer workflows online
- Have detailed reporting and real-time alerts
- Operate a single MFT solution for the organization
Managed File Transfer Background
File Transfer Protocol (FTP)
MFT originated from the requirement to control and govern data. The basic client-server model has been used to transfer files for decades. It started in the 1970s with file transfer protocol (FTP). FTP does not encrypt data on its own so it cannot secure file transfers. In the late ‘90s, the SSL and SSH protocols became available to authenticate clients to servers and create encrypted sessions.
Scripts to Transfer Files
To meet business requirements, IT departments wrote scripts to automate file transfers on a private network or over the public internet. Eventually evolving into complex, inflexible pieces of code, these scripts are prone to errors that are difficult to diagnose and remedy. They are also extremely challenging to maintain because nothing has been documented and the original authors have moved on.
Data Governance Demands
As these systems fail more frequently, the more they disrupt business processes. Since alerts are rarely built in, failures are not detected until someone complains. As regulations increase, these systems are no longer “fit for purpose” because they were created without consideration for data governance.
Current Issues
Today, many organizations are riddled with disparate client-server integrations that IT teams have little or no knowledge of. IT teams are often overwhelmed with maintaining known integrations while facing pressure from their compliance departments around data governance failings.
Managed file transfer is the solution to these file sharing challenges.
How Does MFT Work?
Here is a high-level overview of how managed file transfer fits into the file transfer process.
MFT Deployment
An MFT tool can be deployed on-premises or in the cloud depending on the organization’s security guidelines, scope of project or overall data strategy.
File Transfer Configuration
Configure and schedule file transfers by connecting source and target endpoints in a graphical user interface (GUI). MFT is protocol-agnostic and acts as a client or server sitting between the source and target endpoints.
File Transfer Automation
After setup is complete, files are transferred either on a schedule or an event based on the configuration.
File Transfer Reporting
File transfer status is broadcast to IT in dashboards and through automatic alerts.
How Is MFT Used?
Most managed file transfer use cases fall into one of these categories:
Secure Document Exchange »
File transfers of documents with security and tracking.
Cloud Partner File Exchange »
File transfers between a company and its trading partners.
Remote Agents for MFT »
File transfers between headquarters and their remote locations.
Ad Hoc File Sharing »
Internal or external manual file sharing.
Electronic Software Distribution (ESD) »
File transfers with tracking for revenue recognition.
Replace Legacy MFT »
File transfers with benefits of true cloud economics.
MFT for iPaaS »
File transfers cohesively integrated with iPaaS.
Internal File Transfers on a Network »
File transfers within network, controlled from cloud.
Benefits of Managed File Transfer
Protect confidential information.
The number of data breaches in the U.S. increased by over 50% from 2010 to 2020. By encrypting files in transit and at rest, managed file transfer solutions keep data secure. Managed file transfer solutions help organizations remain compliant with government and industry regulations, including GDPR, PCI DSS and HIPAA.
Reduce IT overhead.
Legacy in-house file transfer solutions are built by highly skilled programmers on common scripting languages such as Bash, Shell, VBScript and Windows PowerShell. These scripts are executed on a time schedule using tools like Windows Scheduler or a Linux “cron job” command transferring files to and from FTP clients and servers. This process is time consuming to manage and unreliable for business-critical file transfers.
With MFT, an IT team can use a no-code graphical user interface (GUI) to automatically transfer files. It significantly reduces the time taken to create and automate file transfers between endpoints.
Add reliability to business processes.
Organizations that do not use managed file transfer may suffer from downtime due to servers that lack redundancy. They may also have issues with undocumented scripts that automate file transfers.
Reliable data flow is crucial for a company’s success. When file transfers fail or are incomplete:
- Business processes fail.
- Lack of data restricts ability to make informed decisions.
- Costs go up—for recovery and for breaking service-level agreements (SLAs).
Managed File Transfer and Security
Data must be secured against cybersecurity attacks: According to Trend Micro’s 2023 Cyber Risk Index (CRI) report, 78% of companies surveyed expect to be attacked and breached in the next 12 months.
Therefore, to prevent data breaches, a managed file transfer solution must incorporate strong security measures. Security strategies are ever-changing and improving in an attempt to keep up or even get ahead of cyberthreats. Information security experts currently endorse the following two security models:
- Defense-in-depth model protects data by providing multiple layers of security.
- Zero trust approach where no one is trusted and is only able to access what is absolutely necessary for its function.
Adopting these more stringent security strategies keeps attackers from entering the network and prevents unauthorized users from accessing files.
Fundamental Security Features of an MFT Solution
To find the most secure tool to transfer your sensitive data, be sure the solution has the following security features:
- Secure user creation: Authenticate and validate users against existing user repositories such as Lightweight Directory Access Protocol (LDAP) and Active Directory (AD).
- Role-based access control (RBAC): Ensures access only to authorized users.
- Multi-factor authentication (MFA): Users must provide two or more pieces of evidence to gain access.
- File-level encryption with Pretty Good Privacy (PGP): Provides an extra level of protection of files in the event they get into the wrong hands.
- Encryption at rest: Files stored are encrypted using the Advanced Encryption Standard (AES).
- Encryption of files in transit: Files moving from source to target are protected using encrypted protocols (e.g., HTTPS, SSL and TLS).
File Transfer Protocols Guide
Managed file transfer applications should be protocol agnostic, meaning a business can exchange a variety of files, internally or externally, regardless of transfer protocol, file type or size. The most common file transfer protocols are FTP, FTP over SSL/TLS (FTPS), SSH File Transfer Protocol or Secure File Transfer Protocol (SFTP) and Hypertext Transfer Protocol Secure (HTTPS).
Pros and Cons of Most Common File Transfer Protocols
The following table highlights the most common file transfer protocols in the Application layer that run on top of Transmission Control Protocol (TCP) in the Transport layer of the TCP/IP suite.
Protocol | Type | Port | Encryption | Use Case | Pros | Cons |
---|---|---|---|---|---|---|
FTP | TCP | No encryption | Sending/pushing from FTP client installed on computer or receiving/pulling files from FTP server to FTP client. | None | Not secure and not recommended. Unencrypted and not designed for today’s more advanced security standards or compliance requirements. | |
FTPS | TCP | 21/990 | Transport Layer Security (TLS) to secure channel. TLS uses certificates to check that user is connected to correct server. | Sending files from FTPS client installed on computer or receiving/pulling files from FTPS server to FTPS client. | FTP connections are established from client to server via Explicit or Implicit control channels. Explicit FTPS control connections take place on TCP port 21. Implicit FTPS control connections take place on TCP port 990. | Requires authentication using public and private keys, part of the public key infrastructure (PKI). |
SFTP | TCP | 22 | Secure Shell (SSH) provides secure data stream and encrypts authentication credentials and actual files being transferred. SSH prevents hackers from intercepting files in transit. | Sending files from SFTP client installed on computer or receiving/pulling files from SFTP server to SFTP client. | Probably most common protocol for automated file transfer but does require some administration. IT team has to manage public/private keys for all SFTP clients. | More difficult to set up SFTP client and manage keys. Slightly slower than FTPS since SFTP uses same channel for control and data. |
HTTP | TCP | 80 | No encryption | Sending files from web server. | None | Not secure and not recommended. |
HTTPS | TCP | 443 | Encryption | Sending files from web server. | Firewall friendly. Port 443 is normally open for outbound connections so can be easier to manage as no client software is required. Authentication does not require certificates. | |
AS2 | TCP | 80 or 443 | With TLS | Typically only needed for electronic data interchange (EDI), a specific use case sometimes referred to as B2B communication. | Can handle almost any file type. Value-added network (VAN) unnecessary since AS2 relies on HTTP/S. | Only supports uploads. Does not support custom commands. Not commonly supported by servers. |
PeSIT | TCP | 6330 | Must be used with TLS for encryption. | For EDI, specifically by European banks. | Designed with focus on control and security. | Less commonly used. Removed from public view around 1995. |
SCP | TCP | 22 | With SSH | Rarely used in MFT applications. Commonly found on Unix systems. Only useful when single command-line command must be used and cannot use single-command SFTP script. | Secure and reliable. Provides encryption in transit, strong authentication and transfer resume. | No native Windows client or server. Not commonly supported by servers. |
OFTP | TCP | 3305 for OFTP, 6619 for TLS | With TLS | For EDI. Used mainly in European automotive, engineering and transportation industries. | OFTP2 provides additional security with file encryption and strong authentication through X.509 certificates. | High cost of OFTP2 servers require small / medium-sized companies to use EDI service providers. |
Why Use MFT instead of FTP and SFTP Servers?
Many companies use FTP/SFTP/FTPS client-server configurations to transfer files internally and externally, which introduces three main challenges:
- Security can be compromised, as these configurations can be deployed in many instances across the organization without any central control over visibility and user access.
- Reliability is an issue. Tracking and confirmation of file delivery success is difficult.
- Automation requires coding, which is time-consuming to set up and manage. It also requires skilled programmers, which is expensive. Additionally, the solution code is rarely documented or updated to keep up with the demands of the business.
Fortunately, managed file transfer tools address and solve those challenges. By switching to a managed file transfer solution, organizations manage transfers within a centralized MFT system while continuing to use SFTP/FTPS protocols and connecting to partners’ existing server or client endpoints.
The following table highlights how cloud MFT meets the challenges of FTP/SFTP/FTPS client-server configurations.
Comparison of FTP Servers, SFTP Servers and Cloud MFT for File Transfer
FTP Servers | SFTP Servers | Cloud MFT | |
---|---|---|---|
Security Level | Low File transfers are unencrypted and easily readable by a cybercriminal. |
Medium File transfers are encrypted, but multi-factor authentication and other security measures may not be supported. |
High File transfers are encrypted and other security measures are included (multi-factor authentication, role-based access controls, etc.) |
IT Time Commitment | High IT teams individually code connections with partners, systems, users and cloud applications. |
High IT teams individually code connections with partners, systems, users and cloud applications. |
Low Non-technical or IT teams configure and manage workflows in web-based interface. |
Scaling Difficulty | High IT teams manually set up and maintain new servers. |
High IT teams manually set up and maintain new servers. |
Low The managed file transfer solution scales automatically. |
Visibility Level | Low No reports on user action and no alerts if file transfers fail. |
Low No reports on user action and no alerts if file transfers fail. |
High Detailed reports and automatic alerts. |
System Maintenance | Responsibility of organization’s IT department. | Responsibility of organization’s IT department. | Cloud MFT: Managed infrastructure. On-premises MFT: Responsibility of organization’s IT department. |
Managed File Transfer Deployment & Pricing
Definition of Cloud, On-Premises and Hybrid MFT
Cloud MFT is deployed in the cloud and offered as a managed file transfer as a service (MFTaaS) solution. MFTaaS is managed by a third-party provider—either in its cloud or the customer’s private cloud. When deployed in the provider’s cloud, the MFT vendor usually manages infrastructure in addition to MFT. However, when deployed in the customer’s private cloud, typically the MFT vendor’s support is limited to only the application, and the customer is responsible for managing its cloud infrastructure.
On-premises MFT is typically deployed in a company’s DMZ and inside its LAN. Companies deploy in the DMZ for file exchanges with external parties so they do not access internal, secure servers. The MFT system installed on the network makes an outbound connection to the DMZ instance to collect files delivered by partners or place files for partners to collect. On-premises MFT is managed by the organization’s IT team.
Hybrid MFT is a deployment model where central file transfer control is orchestrated from the cloud and on-premises MFT agents are used for internal network transfers, more formally referred to as MFT on a distributed hybrid architecture. This model allows organizations to take advantage of benefits of cloud MFT while still keeping internal file transfers away from the public internet.
Comparison of Cloud, On-Premises and Hybrid MFT
Cloud and Hybrid MFT | On-Premises MFT | |
---|---|---|
Security | Managed by the vendor: They put measures in place to protect the cloud infrastructure, application and data. | Managed by your IT team: They take steps to protect the servers and internal network. |
IT Involvement | Lower because the vendor handles deployment. Your IT team is trained to use the software. | Higher because your IT team sets up servers and adds new ones when demand rises. |
Time to Value | Fast because the vendor only takes a couple days to give you an instance within its cloud. Once deployed, your IT team quickly configures and manages workflows. | Slow because your IT team needs to design the solution, determine how it fits into the current infrastructure and set up rules.1 |
Total Cost of Ownership* |
|
|
* Note: The total cost of ownership (TCO) depends on the current cost of on-premises and cloud MFT solutions, how long you keep the managed file transfer solution and other factors.
Pricing Considerations of MFT Solutions
Price comparison for file transfer solutions can be confusing and complex since solutions range from simple, free tools to comprehensive, enterprise-level solutions costing thousands of dollars. Refer to MFT Pricing: Factors and Resources for an in depth look at common MFT pricing models and costs, additional cost considerations, vendor offerings and MFT price negotiation points.
Comparison: Free versus Paid Managed File Transfer
Free File Sharing Solutions | Paid MFT | |
---|---|---|
Security | May not have two-factor authentication, dashboards or other security measures | Includes security measures necessary to comply with government and industry requirements |
File Transfer Size | File transfer size limits (100 MB to 20 GB) | No file transfer size limits |
Storage | Limited permanent storage (2 to 20 GB) | Unlimited storage |
Cost of Use | Application is free, but costs of doing it yourself (installation, maintenance and support) should be considered | Monthly cost covers disaster recovery, high availability, scaling and maintenance |
Integrations | No or limited connectors for other applications | Connectors for iPaaS and other applications |
Managed File Transfer Integrations
Integrating a managed file transfer solution with other applications streamlines business processes and also reduces the likelihood of errors. An MFT solution can integrate with any application with an application programming interface (API). MFT solutions can also integrate with integration platforms as a service (iPaaS), which companies use to build workflows that connect their applications, data and services.
MFT Needs iPaaS
MFT alone cannot
- Be used to create no-code workflows that connect applications and services, nor
- Handle large volumes of small messages.
iPaaS Needs MFT
iPaaS alone cannot
- Store files until delivery, nor
- Handle large file transfers, nor
- Alert administrators when file transfers fail.
Learn how Thru and Boomi integrate to deliver an integrated data file transfer solution »
Learn how MuleSoft integrating with MFT is crucial in optimizing file transfer workflows »
Managed File Transfer Fundamental Features
While MFT feature requirements vary based on the use case, most organizations require the following features:
Automation
Workflows are configurable to automatically transfer files. Once workflows are set up and partners are added, IT involvement is only necessary for new partner onboarding or if an error occurs. By automating what is currently done manually, the IT team can focus on other projects and improve file transfers for everyone.
Guaranteed Delivery
Instead of IT digging through code to discover when and why files were never delivered, the MFT solution
- Stores files until delivery.
- Automatically detects and retries failed file transfers.
- Resumes incomplete file transfers.
Reporting
User actions are recorded and administrators are automatically alerted if something goes wrong. Without dashboards and alerts, even the “smartest” MFT solution is unhelpful and frustrating for administrators. They may discover problems too late or spend hours combing through code.
Encryption & Antivirus Scanning
Files are encrypted from end to end so they are unreadable if an attacker intercepts them. Files are scanned frequently and quarantined if virus is detected.
Keeping files secure helps with compliance to government and industry regulations, keeps customer data protected and protects confidential employee information.
High Availability & Disaster Recovery
Managed file transfer is dependable—if one component fails, another component takes over. For example, an MFT vendor uses multiple instances, data centers or servers in case something happens to one of them.
Choosing an MFT solution with high availability reduces SLA penalties and liabilities. Additionally, the organization and its partners receive up-to-date information to make informed decisions.
Questions for Managed File Transfer Vendors
As you get started on your search and research for an MFT solution, here are some basic questions that you will want to ask prospective vendors:
What is the pricing model?
It is important to understand pricing from the beginning so you know whether the MFT solution works with your budget. Asking for pricing early avoids wasting time for you and the vendor. See blog, MFT Pricing: Factors and Resources »
What is the total cost of ownership of the solution?
When comparing different vendor offerings, you need to be able to identify all costs incurred with each product offering so you can make an accurate comparison and adequately forecast for budgetary discussions. Download our report which analyzes the TCO for Thru, Fortra’s GoAnywhere and Progress MOVEit.
Does the MFT solution include any out-of-the-box integrations?
If your file transfer solution needs to integrate with certain applications or an integration platform as a service (iPaaS), this is another question to ask early in the vendor vetting process.
Where does the MFT solution run?
If your organization recently introduced a new cloud or on-premises strategy, the new MFT solution needs to fit with it. Learn about cloud vs on-premises MFT deployment »
Where are the data centers located?
Compliance requirements may limit use of data centers to certain locations. Additionally, knowing distance between data centers and organization/trading partners helps determine whether latency issues may arise. Learn more about running MFT in Azure »
How long does deployment, training and migration typically take?
The vendor’s answer will help you know how soon you can use the MFT solution. Learn more about migrating MFT to the cloud »
For more information about how to choose the best MFT solution to fit your company’s secure file transfer needs, read Top 10 Questions for How to Choose the Best Managed File Transfer (MFT) Tools »
MFT Resources
MFT Features Datasheet
With reusable workflows and client/server functionality, Thru fits many different use cases for managed file transfer.
Learn more about Thru’s MFT offering »
MFT Buyer’s Guide
The Ultimate Buyer’s Guide highlights the essential MFT functionality and capabilities to consider in evaluating options to modernize your MFT architecture.
Determine the best MFT solution for your organization »
MFT & iPaaS White Paper
Read more about how MFT technology built on a modern cloud platform with extensive APIs can be part of existing iPaaS strategies.
Discover how MFT and iPaaS combine for a seamless solution »
Sources
1On premise vs hosted Managed File Transfer. Pro2col Limited.
Have questions about managed file transfer?
Get answers, not a sales pitch.
Our focus has always been enterprise-level managed file transfer. Submit your MFT question(s) and we’ll be in touch with answers.