Your Guide to
Managed File Transfer (MFT)
Definitions, benefits and types
Managed file transfer (MFT) is a technology that allows organizations to manage all aspects of secure file transfers—both manual and automatic. Manual file sharing occurs when people share files securely in emails or a web portal. In automatic file transfer, pre-configured jobs push and pull files automatically.
An MFT solution can be deployed in the cloud or on-premises. In either deployment case, the MFT solution will typically have a web portal for users and administrators. Having a web portal makes the solution no-code or low-code.
MFT solutions should:
- Encrypt files in transit and at rest
- Accommodate multiple file transfer protocols – SFTP, FTPS, HTTPS, etc.
- Provide detailed dashboards and controls for administrators
- Store files until delivery
The benefits of MFT depend on your use cases, so you may not experience all of these. In our experience, however, there are a several benefits:
The MFT market can be overwhelming – there are lots of vendors and types of MFT to choose from. Here are some basic principles to guide your decision.
Understand Your Mandatory Requirements
Your mandatory requirements will depend on your industry and use cases. These could include:
- Industry compliance (HIPAA, HITECH, FISMA)
- Legal compliance (GDPR, California Consumer Privacy Act, etc.)
- Internal security compliance
- Ease of use requirements
Align with Your Strategy
The new MFT solution you implement should align with your IT strategy, whether it’s multi-cloud, primary cloud or on-premises. Once you understand your strategy, you can eliminate vendors who don’t fit with it.
Clarify Your Use Cases
Outline the two or three most important use cases with your IT team and business leadership. Discuss whether automated file transfer or manual file sharing applies more, or if both are equally important. Take note of key information, including files transferred per month, number of partners and number of new partners onboarded each month.
Set a Budget
If you haven’t done so already, you should set a budget before making a vendor shortlist. It can be difficult to agree about budget, but it makes contacting vendors much easier.
Ensure Organization Fit
It’s important for your IT team to try each solution themselves. They can decide whether it’s truly easy to use and fits your use cases. After a couple days of testing, it’ll be clear which vendor is best.
MFT, as defined above, is a technology that allows organizations manage all aspects of secure file transfers—both manual and automatic. It can handle several types of file transfer protocols, including SFTP (File Transfer Protocol over SSH), FTPS (File Transfer Protocol over SSL), HTTPS and more.
SFTP is one of these file transfer protocols. SFTP is a file transfer protocol that is encrypted by the SSH protocol. The table below assumes that the organization has no MFT solution and uses on-premises servers to transfer files over the SFTP protocol. The MFT column below can represent an on-premises or a cloud MFT solution.
|SFTP On-Premises||MFT Solution|
|Security||The password and transfers are encrypted.||Files are encrypted in transit and at rest. Role-based permission and retention settings are in place.|
|Ease of Use||The IT team hand-codes a file transfer connection for each partner. If the solution is older, the coding language may not be well known.||The IT team uses a drag-and-drop or clickable interface to create and manage file transfers. Self-service partner portals may be available.|
|Visibility||The IT team can’t see whether files were delivered. Employees discover file transfers weren’t completed hours or days later.||The IT team quickly checks a dashboard to understand file delivery and activity. Employees receive alerts when an issue arises.|
|IT Involvement||The IT team spends hours coding file transfer connections and managing servers. Scaling up requires more IT resources.||The IT team spends a couple hours managing file transfers every week. The saved time can be directed to more value-adding projects.|
|On-Premises MFT||Cloud MFT|
|Cost||You pay for everything up front, including deployment and installation. However, it’s more of a one-time investment than cloud MFT.||You pay monthly, typically with an annual contract.|
|Deployment||Deployment is longer, but you have complete control over implementation.||Deployment is quick, especially if you decide to deploy in a multi-tenant environment.|
|Maintenance||Your IT team is responsible for server maintenance.||Your MFT provider handles all updates and maintenance.|
|Scaling||Your IT team sets up new servers when demand rises.||Your MFT auto-scales with demand.|
|Ownership||You fully own and control your MFT solution.||You own your data while your MFT provider handles transferring it.|
|Remote Work||Your on-premises MFT solution is difficult to handle if some or most of your IT team is working from home.||Your cloud MFT solution will only need an internet connection to work properly. Cloud MFT is better for mostly or fully remote IT teams.|
|Disaster Recovery||You put disaster recovery measures in place. You need backup and off-site storage procedures and a disaster recovery plan.||Your MFT provider is responsible for creating a disaster recovery plan.|
No-code MFT eliminates hand-coding, typically with a drag-and-drop interface. An MFT solution might have web portals where users can click and fill information to create a file transfer connection. No-code MFT is helpful for business teams who have little or no technical knowledge.
Low-code MFT minimizes hand-coding by allowing developers to use existing code to create applications. This increases developer productivity because developers don’t have to code the same thing repeatedly. Low-code MFT is intended for a more technical audience who has some coding knowledge.
Before discussing how MFT and EiPaaS are complementary, let’s define EiPaaS: An enterprise integration platform as a service (EiPaaS) is a platform that connects an enterprise’s data in different systems. Without an EiPaaS, an organization’s data is divided, making it difficult to have a full picture.
If you have an EiPaaS, you may wonder why you need an MFT solution. An EiPaaS can’t handle all your file transfers; it can handle some, but not larger ones. It also can’t store files in case they aren’t delivered (persistence).
|Integration||Extensive set of APIs and connectors||General file protocols and APIs|
|Transfer Size||Small to medium||Unlimited size|
|Persistence (Storing until delivered)||No or limited||Unlimited|
|Transformation (Changing the data)||Yes||No|
|Connection Type||Point-to-point connections, which are hand-coded and managed individually.||Thru’s MFT solution can support the publish/subscribe model, where hundreds of partners can be added to one flow.|
|Guaranteed Delivery||Requires special programming||Built in|
An application programming interface (API) is a set of programming code that queries data, parses responses and sends instructions between one software platform and another. Think of it as a shortcut that developers use to finish projects faster and prevent coding something that already exists. Most websites have a third-party API – for example, a consulting firm that allows you to add a call to your digital calendar. The firm is using an API to connect their website to a digital calendar.
APIs can be used in many ways for different purposes. To simplify it here, we’ll focus on our APIs:
- Our monitoring API connects Thru to a larger SIEM (Security Information and Event Management) dashboard to simplify monitoring for your IT team.
- Our management API automates activities in Thru, including creation of organizations, endpoints and user accounts; and control of instances, flows, organizations and endpoints.