What Is MFT?

The Comprehensive Guide to Managed File Transfer

Have questions about managed file transfer?
Get answers, not a sales pitch.

Managed File Transfer Basics

What is managed file transfer?

Managed File Transfer (MFT) is a technology that secures and simplifies the process of exchanging files internally or externally to an organization. MFT provides centralized control for IT teams to create, manage and monitor file transfer connections between people, applications, businesses and systems. MFT usually replaces file transfer solutions that require complex coding for automation and lack visibility of file transfers.

With unmanaged file transfer solutions, IT teams:

  • Manage scripts created for file transfers
  • Dig through log files to troubleshoot issues
  • Maintain many disparate file transfer solutions

Diagram of how messy and unsecure unmanaged file transfer can be amongst internal/external sources, systems, applications, cloud and databases when relying on email, FTP and shared storage

With managed file transfer solutions, IT teams:

  • Configure and manage file transfer workflows online
  • Have detailed reporting and real-time alerts
  • Operate a single MFT solution for their organization

Diagram of how efficient, safe and compliant file transfer is when using a managed file transfer solution between internal/external sources, systems, applications, cloud and databases

How does MFT work?

numeral 1

MFT Deployment

The MFT solution can be deployed on-premises or in the cloud depending on your organization’s security guidelines, scope of project or overall data strategy.

Image showing deploying in the cloud or internally

numeral 2

File Transfer Configuration

Configure and schedule file transfers by connecting source and target endpoints in a graphical user interface (GUI). MFT is protocol-agnostic and acts as a client or server sitting between the source and target endpoints.

Image showing person using GUI in a monitor to transfer files

numeral 3

File Transfer Automation

After setup is complete, files are transferred either on a schedule or an event based on the configuration.

Image showing files are transferred by using MFT

numeral 4

File Transfer Reporting

File transfer status is broadcast to IT in dashboards and through automatic alerts.

Image showing managed file transfer sends alerts and has monitoring GUI

How is MFT used?

Diagram showing how managed file transfer MFT is used for both internal and external file transfers

The majority of managed file transfer use cases fall into one of these categories:

Internal Automated File Transfer »

Transfers between systems within your company’s local area network (LAN).

External Automated File Transfer »

Transfers between your company and your trading partners.

Manual File Sharing »

Internal or external ad-hoc file sharing.

High Speed File Transfer »

Speeding up large file transfers over long distances.

Benefits of Managed File Transfer

Why do I need MFT?

If your answer is “Yes” to any of these questions, you probably need a managed file transfer solution.

  • Does your organization need to protect data to remain compliant with industry regulations?
  • Are your current file transfer solution’s uptime and file transfers unreliable?
  • Does IT take a long time setting up new file transfer connections?
  • Do you have multiple different file transfer systems in use?
  • Do you need a single view of all file transfers?
  • Is your file transfer system “home grown” and undocumented?

Image of man with questions about managed file transfer MFT

Managed file transfer meets these challenges in three important ways:

numeral 1 Security and Compliance »

The number of data breaches in the U.S. increased by over 50% from 2010 to 2020.1 By encrypting files in transit and at rest, managed file transfer solutions keep data secure. Managed file transfer solutions can help you remain compliant with government and industry regulations, including

  • GDPR (General Data Protection Regulation)
  • PCI DSS (Payment Card Industry Data Security Standard)
  • HIPAA (Health Insurance Portability and Accountability Act)

numeral 2 Automation »

Legacy inhouse file transfer solutions are built by highly skilled programmers on common scripting languages such as Bash, Shell, VBScript and Windows PowerShell. These scripts are executed on a time schedule using tools like Windows scheduler or a Linux “Cron-Job” command transferring files to and from FTP clients and servers. This process is time consuming to manage and unreliable for business-critical file transfers.

With managed file transfer, your IT team can replace scripting by configuring workflows in a no-code GUI to automatically transfer files. This significantly reduces the time taken to create and automate file transfers between endpoints.

numeral 3 Reliability »

Organizations that do not use managed file transfer may suffer from downtime due to servers that lack redundancy or may have issues with undocumented scripts that automate file transfers.

Reliable data flow is crucial for your company’s success. When file transfers fail or are incomplete, the following may occur:

  • Your business processes fail.
  • Lack of data restricts ability to make informed decisions.
  • Your costs go up—for repair and for breaking service-level agreements (SLAs).

Is managed file transfer secure?

Illustration of defense-in-depth (DiD) security layers that includes data, application and cloud infrastructure security

Cybersecurity attacks present a real and present danger to your organization’s data: 86% of companies surveyed by Trend Micro expect to be attacked and breached in the next 12 months.2 To prevent data breaches, a managed file transfer solution must have a defense-in-depth model, which protects data with multiple layers of security.

On-premises managed file transfer solutions will typically have an MFT gateway server in the demilitarized zone (DMZ) to exchange files with external trading partners. The DMZ gateway acts as a buffer between the public internet and the private network keeping data and user credentials in the safety of the private network. The DMZ zone allows partners to make inbound connections to get files. The DMZ does not have an inbound connection to the network, thereby preventing unwanted intruders.

Cloud managed file transfer solutions must be in datacenters that adhere with industry security controls such as ISO 27001, ISO 27018, SOC 1, SOC 2 and SOC3 to ensure proper controls are in place to keep your data secure and your organization compliant. Cloud MFT solutions use MFT agents for internal file transfers to keep such data within the protected network zones. These agents, installed on the network, receive file transfer instructions via an outbound connection over HTTPS.

Your managed file transfer must have these fundamental security features:

  • Role-based access control: Ensures access only to authorized users.
  • Multi-factor authentication: Users must provide two or more pieces of evidence to gain access.
  • Encryption of files in transit: Files moving from source to target are encrypted (e.g., HTTPS, SSL and TLS).
  • Encryption at rest: Files stored are encrypted using the Advanced Encryption Standard (AES).
  • File-level encryption with Pretty Good Privacy (PGP): Provides an extra level of protection of files in the event they get into the wrong hands
  • Secure user creation: Authenticate and validate users against existing user repositories such as LDAP and Active Directory.

Is MFT easy to use?

Assuming your IT team uses SFTP servers and clients for file transfer, coding a new connection takes 2-4 hours.3 However, to calculate the total time:

  • Multiply that by hundreds of endpoints.
  • Add maintenance and scaling time.
  • Add troubleshooting time.

Your IT team could spend thousands of hours a year on file transfers.

The top five factors that make a managed file transfer solution significantly easier to use are:

1. No-Code Interface

Configure workflows in an intuitive online GUI.

2. Reusable Endpoints

Instead of coding the same endpoint into multiple point-to-point connections, create an endpoint once and reuse it in multiple workflows.

3. Many-to-Many Capability

Choose the workflow type that fits your use case and add as many organizations as you need.

4. Reporting

Alerts are generated automatically and include the reason—allowing faster resolution since administrators do not need to first determine what/where the issue is.

5. Secure User Creation

Easily authenticate and validate users against existing user repositories such as LDAP and Active Directory.

Is managed file transfer reliable?

Managed file transfer solutions are designed to reliably handle complex and high volumes for file data traffic. We split MFT reliability into two categories:

  1. Files delivered
  2. MFT system uptime

Guaranteed File Delivery

To keep file transfers reliable, the application should

  • Store files until successfully delivered.
  • Automatically detect and retry failed file transfers.
  • Resume incomplete file transfers after a break in connection.

Image showing elements representing guaranteed delivery of file transfers

MFT System Uptime

Uptime is measured based on the percentage of time per year that the system is available for use. To maintain at least 99% uptime, managed file transfer vendors should include a high availability disaster recovery (HADR) solution.

Cloud Managed File Transfer

  • Multiple data centers in different geographical zones with data replication and failover capability.
  • Realtime monitoring of global infrastructure and security events.
  • Auto scale based on load.

Image showing elements representing reliability of cloud managed file transfer

On-Premises Managed File Transfer

  • Replicate production instance for high availability disaster recovery with real-time failover in a secondary geographical location.
  • Real-time monitoring of capacity load and response times of on-premises components.
  • Size the MFT system for peak load capacity.

Image showing elements representing reliability of on-premises managed file transfer

Many MFT vendors guarantee 99.9% or more uptime to their customers in a service-level agreement (SLA). If the SLA is broken, the vendor may have to reimburse the customer for the downtime—an extra incentive for the vendor to keep their word.

Why use MFT instead of FTP and SFTP servers?

Many companies use FTP/SFTP/FTPS client-server configurations to transfer files internally and externally. This approach introduces three main challenges that managed file transfer addresses:

  1. Automation requires coding, which is time-consuming to set up and manage. It also requires skilled programmers, which is expensive.
  2. Security can be comprised, as these configurations can be deployed in many instances across the organization without any central control over visibility and user access.
  3. Reliability is an issue, as the solution coded is rarely documented or continually updated to keep up with the demands of the business.

By switching to a managed file transfer solution, organizations can continue using SFTP/FTPS protocols and connect to partners’ existing servers or clients’ endpoints, all managed in a centralized MFT system.

  FTP Servers SFTP Servers Cloud MFT
Security Level Low
File transfers are unencrypted and easily readable by a cybercriminal.
Medium
File transfers are encrypted, but multi-factor authentication and other security measures may not be supported.
High
File transfers are encrypted and other security measures are included (multi-factor authentication, role-based access controls, etc.)
IT Time Commitment High
IT teams individually code connections with partners, systems, users and cloud applications.
High
IT teams individually code connections with partners, systems, users and cloud applications.
Low
Non-technical or IT teams configure and manage workflows online.
Scaling Difficulty High
IT teams manually set up and maintain new servers.
High
IT teams manually set up and maintain new servers.
Low
The managed file transfer solution scales automatically.
Visibility Level Low
No reports on user action and no alerts if file transfers fail.
Low
No reports on user action and no alerts if file transfers fail.
High
Detailed reports and automatic alerts.
System Maintenance Responsibility of organization’s IT teams. Responsibility of organization’s IT teams. Cloud MFT: Managed infrastructure.
On-premises MFT: Responsibility of organization’s IT teams.

Managed File Transfer in Action

MFT deployment: cloud vs. on-premises vs. hybrid

Before comparing cloud, on-premises and hybrid managed file transfer, we will define them:

Cloud MFT is deployed in the cloud and offered as a managed file transfer as a service (MFTaaS) solution. MFT is hosted and managed by a third-party provider—either in their cloud or the customer’s private cloud. The MFTaaS vendor manages deployment, scaling, high availability and disaster recovery. Software updates are seamlessly deployed. The service offers 24/7/365 support with SLAs for 99% uptime.

On-premises MFT is an MFT solution that is typically deployed in a company’s DMZ and inside their LAN. Companies deploy in the DMZ for file exchanges with external parties so they do not access internal, secure servers. The MFT system installed on the network makes an outbound connection to the DMZ instance to collect files delivered by partners or place files for partners to collect. On-premises MFT is managed and maintained by the organization’s IT teams and software updates require scheduling.

Hybrid MFT is a deployment model where central file transfer control is orchestrated from the cloud with on-premises MFT agents deployed to facilitate internal network transfers. This model allows organizations to take advantage of benefits of cloud MFT while still keeping internal file transfers away from the public internet.

  Cloud and Hybrid MFT On-Premises MFT
Total Cost of Ownership*
  • Lower capital, or one-time, expense for deployment
  • Predictable usage-based operational costs
  • Lower maintenance and management costs
  • Higher capital, or one-time, expense for deployment and hardware
  • Lower periodic operating expense
  • Higher maintenance and management costs
Security Managed by the vendor: They put measures in place to protect the cloud infrastructure, application and data. Managed by your IT team: They take steps to protect the servers and internal network.
IT Involvement Lower because the vendor handles deployment. Your IT team is trained to use the software. Higher because your IT team sets up servers and adds new ones when demand rises.
Time to Value Fast because the vendor only takes a couple days to give you an instance within their cloud. Once deployed, your IT team quickly configures and manages workflows. Slow because your IT team needs to design the solution, determine how it will fit into the current infrastructure and set up rules.4

* Note: The total cost of ownership depends on the current cost of on-premises and cloud MFT solutions, how long you keep the managed file transfer solution and other factors.

The bottom line: If you have more resources available, you can make on-premises MFT work, but it is difficult to scale and maintain. If you want to spend less time on MFT, cloud or hybrid MFT is a better choice.

How can I integrate with MFT APIs?

Diagram showing developer at a computer coding API to connect with MFT solution so a citizen user can receive information about mananged file transfer in a graphical interface

Organizations can integrate managed file transfer functionality with other applications by choosing an MFT solution with an application programming interface (API). An API is a set of programming code that queries data, parses responses and sends instructions between one software platform and another.5

Some managed file transfer applications provide file status information through APIs. This would allow security information and event management (SIEM) tools such as Exabeam, Rapid7 and Splunk to include file transfer status in centralized dashboards. Furthermore, if an incident is detected, a case can be automatically created for immediate remediation.

MFT management APIs allow third-party applications to invoke MFT functions to automatically trigger a file transfer. Tighter integration can be achieved with headless MFT, a term that describes the end-to-end creation of file transfer workflows via the API. For example, a third-party application can instruct MFT programmatically to create file transfer workflows, enable endpoints and subscribe trading partners. The goal of headless MFT is to consolidate interfaces and automate processes as part of a modernization initiative.

How can I integrate MFT with integration platforms (iPaaS)?

MuleSoft defines an iPaaS as “a platform for building and deploying integrations within the cloud and between the cloud and enterprise.”6 Organizations that have adopted cloud-based integration platforms may benefit from simplified integration with cloud MFT via native connectors.

Cloud managed file transfer integrated with an iPaaS provides separation of data processing carried out by iPaaS from file collecting and distribution carried out by MFT. The iPaaS is designed for real-time processing of APIs, not for handling high volumes of data files that have larger payloads. The iPaaS is a memory-based system, unlike MFT, which is storage-based. This means the MFT can store the file until it is successfully delivered.

Diagram of MFT integrated with an EiPaaS to manage file transfers between external networks and the enterprise. EiPaaS performs data processing and MFT picks up and delivers files.

A guide to managed file transfer protocols

Managed file transfer applications should be protocol agnostic, meaning a business can exchange a variety of files, internally or externally, regardless of transfer protocol, file type or size. The most common protocols for transferring files are FTP, FTP over SSL/TLS (FTPS), FTP over SSH (SFTP) and HTTPS. AS2 is also commonly used, but it is typically only needed for electronic data interchange (EDI), which is a specific use case sometimes referred to as B2B communication. (If you are interested in EDI, this guide is not for you.)

Here is a table of the most common protocols with pros and cons.

File Transfer Protocol Network Protocol Type Default Network Port Encryption Use Case Pros Cons
HTTP TCP 80 No encryption Sending files from a web server. None Not secure and not recommended.
HTTPS TCP 443 Encryption Sending files from a web server. Firewall friendly. Port 443 is normally always open for outbound connections so this file transfer protocol can be easier to manage as it does not require client software. Authentication does not require certificates and can be done.
FTP TCP No encryption Sending/pushing from an FTP client installed on a computer or receiving/pulling files from a FTP server to the FTP client. None Not secure and not recommended. It’s unencrypted and is not designed for today’s more advanced security standards or compliance requirements
SFTP TCP 22 Secure Shell (SSH) provides a secure data stream and encrypts the authentication credentials and the actual files being transferred. SSH prevents hackers from intercepting the files in transit. Sending files from an SFTP client installed on a computer or receiving/pulling files from an SFTP server to the SFTP client. Probably the most common protocol for automated file transfer but does require some administration. The IT team will need to manage public/private keys for all the SFTP clients. It is more difficult to set up an SFTP client and manage keys. SFTP is slightly slower than FTPS because SFTP uses the same channel for control and data.
FTPS TCP 21/990 Sending files from an FTPS client installed on a computer or receiving/pulling files from an FTPS server to the FTPS client. FTP connections are established from the client to the server via Explicit or Implicit control channels. Explicit FTPS control connections take place on TCP port 21. Implicit FTPS control connections take place on TCP port 990. Requires authentication using public and private keys which is part of the public key infrastructure (PKI).

Buying Managed File Transfer

What features should an MFT solution have?

The feature set required for your managed file transfer will depend on the file transfer use cases, but here are five fundamentals:

1. Automation

Illustration showing concept of files being moved to servers by an automated arm

Your IT team should be able to configure workflows that automatically transfer files. Once workflows are set up and partners are added, your IT team should only be involved when a partner is onboarded or if an error happens.

Your IT team’s time is valuable—and so are your communications. By automating what is currently done manually, your IT team can focus on other projects and improve file transfers for everyone.

2. Guaranteed Delivery

Illustration of retrying to deliver files to server until successful

Your MFT solution should

  • Store files until delivery.
  • Automatically detect and retry failed file transfers.
  • Resume incomplete file transfers.

Instead of digging through code to discover when and why files were never delivered, your IT team trusts that they will be. Communications will be easier to manage.

3. Reporting

Illustration of monitor with user interface that receives alerts when there is an issue

The managed file transfer solution records user actions and automatically alerts administrators if something goes wrong.

Every administrator’s priority is to find issues and fix them quickly to get business operations back up. Without dashboards and alerts, even the “smartest” managed file transfer solution would be unhelpful and frustrating for administrators. Administrators might discover the problem too late or spend hours combing through code.

 

4. Encryption & Antivirus Scanning

Illustration of PGP encryption represented as a shield and a surveillance camera to represent scanning for viruses

All files should be encrypted from end to end so they are unreadable if an attacker intercepts them. Files should also be scanned frequently and quarantined if they have a virus.

By keeping files secure, you comply with government and industry regulations; keep customer data protected; and protect confidential employee information.

5. High Availability & Disaster Recovery

Illustration of data centers being located around the globe

Managed file transfer is dependable—if one component fails, another component takes over. For example, an MFT vendor should use multiple data centers and servers in case something happens to one of them.

By choosing a managed file transfer solution with high availability, repair costs and SLA, liabilities are reduced. You and your partners have up-to-date information to make informed decisions.

 

Free vs. paid MFT

  Free File Sharing Solutions Paid MFT
Security May not have two-factor authentication, dashboards or other security measures Includes the security measures you need to comply with government and industry requirements
File Transfer Size File transfer size limits (2-30 GB) No file transfer size limits
Storage Limited permanent storage (2-50 GB) Unlimited storage
Cost of Use Technically free, but costs of doing it yourself (installation, maintenance and support) should be considered Monthly cost covers disaster recovery, high availability, scaling and maintenance
Integrations No or limited connectors for other applications Connectors for iPaaS and other applications

How much does MFT cost?

The cost of your managed file transfer solution depends on factors such as

  • Cloud or on-premises
  • The number of file transfers
  • The number of endpoints
  • The complexity of file processing, e.g. transformation from one file to another location.
  • Migration from legacy systems to a new system
  • Custom integration with APIs

On-premises managed file transfer costs may be based on how many servers, endpoints, MFT agents or domains you have. Some on-premises MFT solutions now offer a subscription model.

Cloud managed file transfer costs may be based on usage, feature bundles, interfaces or endpoints—it depends on the vendor and what you can negotiate.

The bottom line: Because it is difficult to say an exact number here, keep the cost question top of mind as you talk with vendors. Make sure you understand their pricing model and how it compares to others.

Person standing at computer trying to figure out how much managed file transfer may cost

How do I choose an MFT vendor?

G2 and Gartner are well-respected companies that provide advice about managed file transfer. G2 is a software reviews site that aggregates user reviews and publishes a quarterly report for each software segment. Gartner is a consulting firm that provides businesses research and advice about buying software. Both businesses publish matrices that show how managed file transfer vendors compare to one another.

Learn more about the best managed file transfer software from G2 or read an MFT consultancy’s comparison of managed file transfer software.

Other analysts that cover MFT include

  • 451 Research
  • Forrester
  • Info-Tech Research Group

The managed file transfer market with its many vendors and types of MFT can be overwhelming. Remember these basic principles to help guide you through the selection process:

  • Set a budget
  • Clarify your use cases
  • Understand your mandatory requirements
  • Align with your strategy
  • Ensure organization fit

MFT Resources

MFT Features Datasheet

With reusable workflows and client/server functionality, Thru fits many different use cases for managed file transfer.

Learn more about Thru’s MFT offering »

MFT Case Study

While transforming its infrastructure from on-premises to cloud, Crocs modernized its middleware solution used to manage file transfer automation across the organization.

Crocs modernizes file transfer automation with Thru »

MFT Buyer’s Guide

The Ultimate Buyer’s Guide highlights the essential MFT functionality and capabilities to consider in evaluating options to modernize your MFT architecture.

Determine the best MFT solution for your organization »

MFT & iPaaS White Paper

Read more about how MFT technology built on a modern cloud platform with extensive APIs can be part of existing iPaaS strategies.

Discover how MFT and iPaaS combine for a seamless solution »

Sources

1 Johnson, Joseph (2021, March). Cyber crime: number of breaches and records exposed 2005-2020. Statista.
2 Millman, Rene (2021, August). 86% of organizations expect a cyber attack in the next 12 months. IT Pro.
3 Customer Success Story: Crocs automates global file transfers with Thru. Thru, Inc.
4 On premise vs hosted Managed File Transfer. Prot2col Limited.
5 Scott, Gordon (2021, June). Application Programming Interface (API). Investopedia.
6 What is an Integration Platform as a Service (iPaaS)?. MuleSoft, LLC.

Have questions about managed file transfer?
Get answers, not a sales pitch.

Our focus has always been enterprise-level managed file transfer. Submit your MFT question(s) and we’ll be in touch with answers.

 
 

Scroll to Top