Best Secure Managed File Transfer Solutions for Enterprise
Looking for secure managed file transfer software but don’t know where to start? We’ll explain what MFT is, how it protects your data, and top MFT software.
What is the difference between SFTP and MFT? SFTP is a secure FTP protocol that uses SSH to transfer files whereas MFT includes the file transfer process along with security, efficiency, and automation. These added features help automate processes and workflows while also keeping compliant with security regulations.
Managed File Transfer and the State of Cybersecurity in 2021
Any discussion of enterprise security must take into account the unfortunate circumstances unfolding in the cybersecurity landscape. In December of 2020, security company FireEye revealed that they were the victims of a security breach originating from a foreign agent. While they could admit that it was from such an agent, they were not able at the time to disclose how the breach took place.
As it turns out, their security issues were tied to a larger threat present in the SolarWinds Orion software. As of December 2020, there have been hundreds of affected companies, including Microsoft, Intel, Cisco, and Nvidia. Overall, there are potentially 18,000 companies affected in total, with many of these companies rendered vulnerable as early as March or April of 2020.
With a hack like this, pointing to a single cause is hopeless. The primary culprit is state-sponsored cyberterrorism. U.S. intelligence and security companies have suggested, if not outright proven, that Russian hacker group “Cozy Bear” was behind the attack itself. However, poor security choices, lack of security and data visibility, and limited communication between organizations and users opened the door for this attack to be as successful as it was.
What Is Managed File Transfer, and What Is Its Place in Protecting Businesses
The truth is that, even in the best of circumstances, having a secure managed file transfer solution should be mission-critical for any business. With what we know about the SolarWinds attack, however, businesses all over the county, in any industry, should be vetting their providers for a new frontier in cybersecurity.
MFT is an alternative to secure file transfer like SFTP. SFTP includes secure protocols for data transfer but doesn’t include additional tools like automation, reporting, and other important features. These features aren’t in addition to security—they are integral to complete security solutions for secure file transfer.
The attack didn’t discriminate against large or small businesses. But large and small businesses need to have secure file management systems in place with secure vendors focusing on the following priorities:
- Compliance. While compliance itself isn’t a free pass against cyber attacks, it is a necessary part of doing business in many industries like healthcare, finance, and government contracting. But more importantly, compliance with security measures can ensure that any MFT solutions you use have basic or better security technologies in place. Whether that means regular data reporting, file encryption in transit, or in place.
- Visibility. Files and data more broadly should be visible across relevant people in your organization. One of the tactics of the SolarWinds compromise, as detailed by security firm FireEye, was that the software prevented involved parties from seeing that the malicious programs were writing to a compromised domain, and to keep other data users from communicating with the hackers.
A managed security and file system should have data visibility and transparency in place so that, in the event that something goes wrong, the right people can be plugged into the problem.
- Management. Security and mitigation is a 24/7 job. That’s why most companies actually work with third-party secure MFT vendors to offload that responsibility and expertise with a company that can handle it. Having a secure MFT is more than having secure transfers. It’s having a secure storage, management, and transfer solution that will be part of your overall security picture.
What Should You Look for in a Managed File Transfer Solution?
Priorities are one thing, but implementation and dedication are another. When you are picking out a file transfer software solution, consider some of the following features:
- Automation. One of the biggest benefits of an MFT system over traditional secure file transfer software is automation. Enterprise businesses with huge file transfer needs often need automated batch transfers, automatic reporting and logging, and regular checkups and security checks. Automated MFT systems should come complete with automation across these different aspects.
- Security. The phrase “it goes without saying” no longer applies to security in a post-Orion world. The truth is that risk assessment and management will most likely be fundamentally altered due to the SolarWind attack. Different systems and different levels of data can interact in ways you’ll never expect, and your MFT vendor should be able to consider that as part of their security strategy. Your MFT solution, and really any software solution, must live up to the highest of security standards.
Some straightforward security features your MFT should include are:
- Encryption for data transfers and storage, email and other communications, and other end-to-end transfers
- Hardened virtual appliances
- Multi-factor authentication
- Hardened storage for encryption keys
- Consolidation and Governance. An MFT shouldn’t feel like a series of disparate functions and data views. Ensure that your vendor’s product consolidates things like security, management, data governance, and other tools in a single interface or system.
- Visibility. While this has been mentioned once before, don’t discount the importance and necessity of transparency with your data. When you don’t know what’s happening with your data, bad things happen. Visibility includes access to data via secure dashboards and automated reporting and logging.
- Usability. Usability means a few things, but in terms of enterprise-level SaaS and file transfer solutions, it means two specific things: interface and secure external collaboration. A solid MFT software will include easy-to-use tools to work with any feature in the platform. Likewise, it should include some secure way to collaborate easily with people inside and outside of your company through features like secure Virtual Data Rooms (VDRs).
Top Managed File Transfer Programs?
|Provider||Security Protocols Supported||Compliance Standards|
|Accellion||HTTPS, SFTP, FTP, FTPS, Governed SFTP, AS2||FedRAMP, HIPAA, GDPR, SOC 2, FIPS 140-2, CMMS|
|IBM Aspera||FTP, FTPS, HTTP, HTTPS, AS2, SFTP||ISO (27001, 27017, 27018), GDPR, HIPAA, CSA|
|GoAnywhere MFT||AES, FTPS, SFTP, HTTPS, AS2, GPG||GDPR, GLBA, HIPAA, HITECH, PCI DSS, SOX|
|GlobalScape EFT||FTP, FTPS, HTTP, HTTPS, AS2, SFTP||GDPR, PCI DSS, FIPS 140-2, HIPAA, SOX, GLBA|
|ActiveBatch||FTP, FTPS, SFTP, OpenPGP, HTTPS||HIPAA, PCI DSS, SOX|
|Axway AMPLIFY||OpenPGP, FTPS, SFTP, HTTP, HTTPS||HIPAA, SOX, PCI, GDPR, GLBA|
IBM Aspera is a solid MFT solution for businesses that want to stay secure and compliant. With several levels of security from encryption to secure web and file transfer features, Aspera can support your file management securely in key industries like healthcare and commerce in the EU.
GoAnywhere, much like IBM Aspera, provides rock-solid security to handle secure file transfers. This means that your data, at rest or in transit, will be secure within the guidelines of several compliance recommendations, including HIPAA and HITECH as well as reporting frameworks like SOX.
GlobalScape not only supports several compliance frameworks like HIPAA, PCI DSS (for retailers), and SOX but also includes several controls built-in to help you manage your organization’s compliance standards. This kind of control comes with a hefty price tag, however, and using the platform does call for more investment in time and training than other solutions.
Automation is the name of the game for ActiveBatch. On top of that, security for ActiveBatch storage and transfer includes a pretty standard, if small (according to their website) list of compliance standards. ActiveBatch is also one of the only other vendors on this list (other than Accellion) that provides secure VDRs.
Axway provides, like other MFT providers, secure file transfer methods alongside compliance controls and capabilities for major security and reporting frameworks in the U.S. and the EU.
Learn More About Accellion MFT Software
When it comes to security and compliance, Accellion offers one of the most complete suites of features, functionality and compliance controls available. This is because of our focus on data visibility, automation, and security.
In a post-Orion hack landscape, there are several unique features that Accellion brings to the table to support data-driven enterprises:
- FedRAMP compliance. FedRAMP regulations govern security, reporting, and certification requirements for cloud providers working in government spaces. Accellion is one of the few platforms to fully support FedRAMP compliance for cloud companies in this area.
- Control and security. Not only are you compliant, but your data is secure in transit and at rest. With secure transmission standards, encryption, anti-malware technology, and more, Accellion MFT is a safe and reliable solution.
- Complete Data Visibility. Accellion software promotes complete access to all data in your storage and transport system. This doesn’t hamper security, however. With the right people seeing your data in action, you can have more control over security across your organization.
Want to learn more about how secure MFT and Accellion’s security software can keep your data safe? Sign up for the Accellion newsletter or read more about Accellion Secure Managed File Transfer.