October 27, 2014, by
Posted in Cloud, Secure File Transfer, Security, Thought Leadership

Can managed file transfer (MFT) in the Cloud be as secure as on-premises?

Stories of data breaches along with so many mixed opinions of Cloud often make onsite installations sound like the better choice since data is fenced-in behind corporate firewalls.

But take a thorough look at Cloud MFT, and you’ll often find an equal level of security as an on-premises installation. This blog will identify the attributes of a secure MFT solution and explain how Cloud deployment is more reputable than what many may believe.

Data Center Security

Application Security Layers
Any MFT installation, whether an on-premises deployment or cloud-based file transfer, must have a strict physical security posture. Even if the MFT application itself has built-in security, it isn’t truly secure unless data center management abides by strict, uncompromised regulations such as:

  • SSAE 16, ISO 27001
  • 24/7/365 network security monitoring
  • Strong access controls (biometric scans, cameras, security guards, etc.)
  • Backups, redundancy, and disaster recovery plan

More often than not, you’ll discover that managed hosting companies will have a higher level of physical security than on-premises installations. Since hosting is how these companies make money, their trained professionals are held at higher security standards and are less likely to compromise regulations.

Maintaining the highest level of security 24/7 is not only to ensure data protection, but to guarantee that the MFT application is fully available at all times when data transfers are needed.

Application Security

MFT is designed and architected with built-in security features in addition to the physical and network security provided by the data center. Companies should study a solution’s architectural design which should include but not be limited to:

  • Web Application Authentication (e.g. password complexity enforcement, auto sign off after inactivity, browser password storage prevention)
  • Role-Based Security and Authorization (e.g. unique administrator and user IDs, file audit manager, file/folder level permissions control)
  • Web Services Security (login credentials, security tokens)
  • Transport Encryption (e.g. SSL 3.0, TLS 1.0,1.1,1.2)
  • Encryption of Data at Rest (e.g. SHA256, AES-256 FIPS-compliant)
  • SAML 2.0 support for authentication and single sign-on with Active Directory, Salesforce and other identity providers
  • Anti-Malware Software Protection (kept running for daily scanning)
  • Database Security (e.g. SQL injection protection)
  • Storage Security (e.g. AES 256 encryption, FIPS-compliance, access control)
  • Files stored in an encrypted virtualized file management system only accessed by application layer
  • Periodic Penetration Testing of the Application

When the security posture of each of these deployments are compared side by side, you will see that it’s possible for them both to meet the same high-level security requirements. Although most MFT vendors offer Cloud and on-premises solutions, companies searching for a solution should consider a vendor that offers flexibility and customizability for customers with complex security requirements.
Thru Application Security Layers

Thru is Equally Secure in the Cloud and On-Premises

Thru is a provider of secure file transfer solutions with over 12 years of experience delivering cloud file transfer to enterprises without a single data breach. Based on multiple layers of security, Thru’s services run on a strategically designed architecture that protects data against intruders and malware in transit and at rest; whether on-premises or in the Cloud.

Because Thru places security and business continuity as a top priority, Thru partners with leading managed hosting provider, Rackspace, with data centers located in the US, Europe, Asia and Australia. Rackspace complies with various security certifications and ensures that Thru’s MFT Cloud is secured and maintained by highly qualified professionals providing:

  • Physical monitoring 24/7/365 with strict access controls
  • Equipment installation and maintenance only by authorized personnel
  • Backup, redundancy, and disaster recovery

Customers that choose, or are required, to deploy Thru on-premises receive a Thru node that runs in their data center environment with the same level of application security they would in Thru’s Cloud environment. Though many would say that on-premises is much safer for secure file exchanges, Thru guarantees that file transfer in Thru’s Cloud is as secure as your own on-premises environment.