A gateway is “a computer that sits between different networks or applications. The gateway converts information, data or other communications from one protocol or format to another,” according to Gartner.
A secure file transfer gateway is used by on-premises file transfer systems for external file transfer. It sits outside of the enterprise local area network (LAN) in the demilitarized zone (DMZ). It’s placed in the DMZ so that external parties aren’t connecting to a server in the corporate LAN. This adds a layer of protection and eliminates the need to open outbound ports.
How Does a Gateway Work?
I’ll use the example of an SFTP file transfer from a partner to the enterprise:
- The partner’s server sends files to the gateway.
- The gateway translates or encrypts the information, which may cause a short delay.
- The gateway forwards the files to the internal enterprise server over a pre-established connection.
In the steps above, the gateway can’t decide to allow or block the incoming traffic. Because of this vulnerability, gateways are often configured to act as a proxy server, reverse proxy or firewall.
Gateways are configured to act like proxy servers or reverse proxies so that they can block websites or hide computers’ IP addresses. Gateways may be configured to act like a firewall to block unwanted traffic and malicious software.
Disadvantages of File Transfer Gateways
There are four main disadvantages of a file transfer gateway:
- It delays file transfers, which may affect productivity.
- It adds a potential point of failure.
- It requires additional IT time to set up, maintain and troubleshoot.
- It diverts IT resources away from more important projects.
If the secure file transfer gateway translates or encrypts information before sending it to the recipient, file transfers are delayed. The delay could be small (milliseconds or seconds) if the payload is small, but as payloads grow, delays grow with them.
A delay of several minutes or hours before files are delivered could limit employees’ productivity and reduce customer satisfaction.
If you use a file transfer gateway, your IT and cybersecurity teams need to plan around another potential point of failure. You need to figure out where to reroute traffic if the gateway fails and how to keep the gateway secure.
Gateways require maintenance just like any other part of an IT ecosystem.
Because gateways take time to set up and maintain, IT team members have less time to devote to value-adding projects. As a result, an IT team may end up behind their competitors in digital transformation and other initiatives.
Replace File Transfer Gateways with MFT Agents
The Thru Node is an managed file transfer (MFT) agent, a lightweight runtime, installed on the LAN connected over HTTPS to the MFT system in the cloud. This design eliminates the need to have a gateway server in the DMZ without compromising file transfer security.
- Uses outbound port 443 (HTTPS) which is generally open to access the internet.
- Thru Node can also be used for internal LAN to LAN transfers.
- Depreciate SFTP from your file transfer landscape.