Managed File Transfer (MFT)?
The Complete MFT Guide
Have questions about managed file transfer?
Get answers, not a sales pitch.
Defining Managed File Transfer
Managed File Transfer (MFT) is a technology that secures and simplifies the process of exchanging files internally or externally to an organization. MFT provides centralized control for IT teams to create, configure, manage and monitor file transfer connections between people, applications, businesses and systems. MFT usually replaces legacy file transfer solutions that require complex coding for automation and lack visibility of file transfers.
Unmanaged File Transfer Solutions
- Manage scripts created for file transfers
- Dig through log files to troubleshoot issues
- Maintain many disparate file transfer solutions
Managed File Transfer Solutions
- Configure and manage file transfer workflows online
- Have detailed reporting and real-time alerts
- Operate a single MFT solution for the organization
Managed File Transfer Background
MFT originated from the requirement to control and govern data. The basic client-server model has been used to transfer files for decades. It started in the 1970s with File Transfer Protocol (FTP). FTP does not encrypt data on its own, so it cannot secure file transfers. In the late ‘90s, the SSL and SSH protocols became available to authenticate clients to servers and create encrypted sessions.
To meet business requirements, IT departments wrote scripts to automate file transfers on a private network or over the public internet. Eventually evolving into complex, inflexible pieces of code, these scripts are prone to errors that are difficult to diagnose and remedy. They are also extremely challenging to maintain because nothing has been documented and the original authors have moved on.
As these systems fail more frequently, the more they disrupt business processes. Since alerts are rarely built in, failures are not detected until someone complains. As regulations increase, these systems are no longer “fit for purpose” because they were created without consideration for data governance.
Today, many organizations are riddled with disparate client-server integrations that IT teams have little or no knowledge of. IT teams are often overwhelmed with maintaining known integrations while facing pressure from their compliance departments around data governance failings.
Managed file transfer is the solution to these file sharing challenges.
How Does MFT Work?
Here is a high-level overview of how managed file transfer fits into the file transfer process.
An MFT tool can be deployed on-premises or in the cloud depending on the organization’s security guidelines, scope of project or overall data strategy.
File Transfer Configuration
Configure and schedule file transfers by connecting source and target endpoints in a graphical user interface (GUI). MFT is protocol-agnostic and acts as a client or server sitting between the source and target endpoints.
File Transfer Automation
After setup is complete, files are transferred either on a schedule or an event based on the configuration.
File Transfer Reporting
File transfer status is broadcast to IT in dashboards and through automatic alerts.
How Is MFT Used?
Most managed file transfer use cases fall into one of these categories:
Secure Document Exchange »
File transfers of documents with security and tracking.
Cloud Partner File Exchange »
File transfers between a company and its trading partners.
Remote Agents for MFT »
File transfers between headquarters and their remote locations.
Ad Hoc File Sharing »
Internal or external manual file sharing.
Electronic Software Distribution (ESD) »
File transfers with tracking for revenue recognition.
Replace Legacy MFT »
File transfers with benefits of true cloud economics.
MFT for iPaaS »
File transfers cohesively integrated with iPaaS.
High Speed File Transfer »
Large file transfers quickly over long distances.
Benefits of Managed File Transfer
Protect confidential information.
The number of data breaches in the U.S. increased by over 50% from 2010 to 2020. By encrypting files in transit and at rest, managed file transfer solutions keep data secure. Managed file transfer solutions help organizations remain compliant with government and industry regulations, including GDPR, PCI DSS and HIPAA.
Reduce IT overhead.
Legacy in-house file transfer solutions are built by highly skilled programmers on common scripting languages such as Bash, Shell, VBScript and Windows PowerShell. These scripts are executed on a time schedule using tools like Windows Scheduler or a Linux “cron job” command transferring files to and from FTP clients and servers. This process is time consuming to manage and unreliable for business-critical file transfers.
With MFT, an IT team can use a no-code graphical user interface (GUI) to automatically transfer files. It significantly reduces the time taken to create and automate file transfers between endpoints.
Add reliability to business processes.
Organizations that do not use managed file transfer may suffer from downtime due to servers that lack redundancy. They may also have issues with undocumented scripts that automate file transfers.
Reliable data flow is crucial for a company’s success. When file transfers fail or are incomplete:
- Business processes fail.
- Lack of data restricts ability to make informed decisions.
- Costs go up—for repair and for breaking service-level agreements (SLAs).
Managed File Transfer and Security
Data must be secured against cybersecurity attacks: 86% of companies surveyed expect to be attacked and breached in the next 12 months.1 To prevent data breaches, a managed file transfer solution must have a defense-in-depth model. This approach to security protects files, prevents unauthorized users from accessing them and keeps attackers from entering the network.
Fundamental Security Features of a Managed File Transfer Solution
- Role-based access control: Ensures access only to authorized users.
- Multi-factor authentication: Users must provide two or more pieces of evidence to gain access.
- Encryption of files in transit: Files moving from source to target are encrypted (e.g., HTTPS, SSL and TLS).
- Encryption at rest: Files stored are encrypted using the Advanced Encryption Standard (AES).
- File-level encryption with Pretty Good Privacy (PGP): Provides an extra level of protection of files in the event they get into the wrong hands
- Secure user creation: Authenticate and validate users against existing user repositories such as LDAP and Active Directory.
File Transfer Protocols Guide
Managed file transfer applications should be protocol agnostic, meaning a business can exchange a variety of files, internally or externally, regardless of transfer protocol, file type or size. The most common file transfer protocols are FTP, FTP over SSL/TLS (FTPS), SSH File Transfer Protocol or Secure File Transfer Protocol (SFTP) and Hypertext Transfer Protocol Secure (HTTPS).
Pros and Cons of Most Common File Transfer Protocols
|FTP||TCP||No encryption||Sending/pushing from FTP client installed on computer or receiving/pulling files from FTP server to FTP client.||None||Not secure and not recommended. Unencrypted and not designed for today’s more advanced security standards or compliance requirements.|
|FTPS||TCP||21/990||Transport Layer Security (TLS) to secure channel. TLS uses certificates to check that user is connected to correct server.||Sending files from FTPS client installed on computer or receiving/pulling files from FTPS server to FTPS client.||FTP connections are established from client to server via Explicit or Implicit control channels. Explicit FTPS control connections take place on TCP port 21. Implicit FTPS control connections take place on TCP port 990.||Requires authentication using public and private keys, part of the public key infrastructure (PKI).|
|SFTP||TCP||22||Secure Shell (SSH) provides secure data stream and encrypts authentication credentials and actual files being transferred. SSH prevents hackers from intercepting files in transit.||Sending files from SFTP client installed on computer or receiving/pulling files from SFTP server to SFTP client.||Probably most common protocol for automated file transfer but does require some administration. IT team has to manage public/private keys for all SFTP clients.||More difficult to set up SFTP client and manage keys. Slightly slower than FTPS since SFTP uses same channel for control and data.|
|HTTP||TCP||80||No encryption||Sending files from web server.||None||Not secure and not recommended.|
|HTTPS||TCP||443||Encryption||Sending files from web server.||Firewall friendly. Port 443 is normally open for outbound connections so can be easier to manage as no client software is required. Authentication does not require certificates.|
|AS2||TCP||80 or 443||With TLS||Typically only needed for electronic data interchange (EDI), a specific use case sometimes referred to as B2B communication.||Can handle almost any file type. Value-added network (VAN) unnecessary since AS2 relies on HTTP/S.||Only supports uploads. Does not support custom commands. Not commonly supported by servers.|
|PeSIT||TCP||6330||Must be used with TLS for encryption.||For EDI, specifically by European banks.||Designed with focus on control and security.||Less commonly used. Removed from public view around 1995.|
|SCP||TCP||22||With SSH||Rarely used in MFT applications. Commonly found on Unix systems. Only useful when single command-line command must be used and cannot use single-command SFTP script.||Secure and reliable. Provides encryption in transit, strong authentication and transfer resume.||No native Windows client or server. Not commonly supported by servers.|
|OFTP||TCP||3305 for OFTP, 6619 for TLS||With TLS||For EDI. Used mainly in European automotive, engineering and transportation industries.||OFTP2 provides additional security with file encryption and strong authentication through X.509 certificates.||High cost of OFTP2 servers require small / medium-sized companies to use EDI service providers.|
Why Use MFT instead of FTP and SFTP Servers?
Many companies use FTP/SFTP/FTPS client-server configurations to transfer files internally and externally. This introduces three main challenges that managed file transfer addresses:
- Automation requires coding, which is time-consuming to set up and manage. It also requires skilled programmers, which is expensive.
- Security can be compromised, as these configurations can be deployed in many instances across the organization without any central control over visibility and user access.
- Reliability is an issue, as the solution coded is rarely documented or continually updated to keep up with the demands of the business.
By switching to a managed file transfer solution, organizations can continue using SFTP/FTPS protocols and connecting to partners’ existing servers or clients’ endpoints, all managed in a centralized MFT system.
Comparison of FTP Servers, SFTP Servers and Cloud MFT for File Transfer
|FTP Servers||SFTP Servers||Cloud MFT|
File transfers are unencrypted and easily readable by a cybercriminal.
File transfers are encrypted, but multi-factor authentication and other security measures may not be supported.
File transfers are encrypted and other security measures are included (multi-factor authentication, role-based access controls, etc.)
|IT Time Commitment||High
IT teams individually code connections with partners, systems, users and cloud applications.
IT teams individually code connections with partners, systems, users and cloud applications.
Non-technical or IT teams configure and manage workflows online.
IT teams manually set up and maintain new servers.
IT teams manually set up and maintain new servers.
The managed file transfer solution scales automatically.
No reports on user action and no alerts if file transfers fail.
No reports on user action and no alerts if file transfers fail.
Detailed reports and automatic alerts.
|System Maintenance||Responsibility of organization’s IT department.||Responsibility of organization’s IT department.||Cloud MFT: Managed infrastructure.
On-premises MFT: Responsibility of organization’s IT department.
Managed File Transfer Deployment
Definition of Cloud, On-Premises and Hybrid Managed File Transfer
Cloud MFT is deployed in the cloud and offered as a managed file transfer as a service (MFTaaS) solution. MFTaaS is hosted and managed by a third-party provider—either in its cloud or the customer’s private cloud.
On-premises MFT is typically deployed in a company’s DMZ and inside its LAN. Companies deploy in the DMZ for file exchanges with external parties so they do not access internal, secure servers. The MFT system installed on the network makes an outbound connection to the DMZ instance to collect files delivered by partners or place files for partners to collect. On-premises MFT is managed by the organization’s IT team.
Hybrid MFT is a deployment model where central file transfer control is orchestrated from the cloud and on-premises MFT agents are used for internal network transfers. This model allows organizations to take advantage of benefits of cloud MFT while still keeping internal file transfers away from the public internet.
Comparison of Cloud, On-Premises and Hybrid Managed File Transfer
|Cloud and Hybrid MFT||On-Premises MFT|
|Total Cost of Ownership*||
|Security||Managed by the vendor: They put measures in place to protect the cloud infrastructure, application and data.||Managed by your IT team: They take steps to protect the servers and internal network.|
|IT Involvement||Lower because the vendor handles deployment. Your IT team is trained to use the software.||Higher because your IT team sets up servers and adds new ones when demand rises.|
|Time to Value||Fast because the vendor only takes a couple days to give you an instance within its cloud. Once deployed, your IT team quickly configures and manages workflows.||Slow because your IT team needs to design the solution, determine how it fits into the current infrastructure and set up rules.2|
* Note: The total cost of ownership (TCO) depends on the current cost of on-premises and cloud MFT solutions, how long you keep the managed file transfer solution and other factors.
The bottom line: If you have more resources available, you can make on-premises MFT work, but it is difficult to scale and maintain. If you want to spend less time on MFT, cloud or hybrid MFT is a better choice.
Managed File Transfer Integrations
Integrating the managed file transfer solution with other applications reduces the likelihood of errors and streamlines business processes. An MFT solution can integrate with any application with an application programming interface (API). MFT solutions can also integrate with integration platforms as a service (iPaaS), which companies use to build workflows that connect applications, data and services.
MFT Needs iPaaS
MFT alone cannot
- Be used to create no-code workflows that connect applications and services nor
- Handle large volumes of small messages.
iPaaS Needs MFT
iPaaS alone cannot
- Store files until delivery nor
- Handle large file transfers nor
- Alert administrators when file transfers fail.
Learn how Thru and Boomi integrate to deliver an integrated data file transfer solution »
Learn how iPaaS with managed file transfer integration is crucial in optimizing file transfer workflows »
Managed File Transfer Fundamental Features
MFT feature requirements vary based on the use case, but here are five fundamentals:
Workflows are configurable to automatically transfer files. Once workflows are set up and partners are added, IT involvement is only necessary for new partner onboarding or if an error occurs. By automating what is currently done manually, the IT team can focus on other projects and improve file transfers for everyone.
2. Guaranteed Delivery
Instead of IT digging through code to discover when and why files were never delivered, the MFT solution
- Stores files until delivery.
- Automatically detects and retries failed file transfers.
- Resumes incomplete file transfers.
User actions are recorded and administrators are automatically alerted if something goes wrong. Without dashboards and alerts, even the “smartest” MFT solution is unhelpful and frustrating for administrators. They may discover problems too late or spend hours combing through code.
4. Encryption & Antivirus Scanning
All files are encrypted from end to end so they are unreadable if an attacker intercepts them. Files are scanned frequently and quarantined if virus is detected.
Keeping files secure helps with compliance to government and industry regulations, keeps customer data protected and protects confidential employee information.
5. High Availability & Disaster Recovery
Managed file transfer is dependable—if one component fails, another component takes over. For example, an MFT vendor uses multiple data centers and servers in case something happens to one of them.
Choosing an MFT solution with high availability reduces SLA penalties and liabilities. Additionally, the organization and its partners receive up-to-date information to make informed decisions.
Free vs. Paid Managed File Transfer
|Free File Sharing Solutions||Paid MFT|
|Security||May not have two-factor authentication, dashboards or other security measures||Includes security measures necessary to comply with government and industry requirements|
|File Transfer Size||File transfer size limits (2-30 GB)||No file transfer size limits|
|Storage||Limited permanent storage (2-50 GB)||Unlimited storage|
|Cost of Use||Technically free, but costs of doing it yourself (installation, maintenance and support) should be considered||Monthly cost covers disaster recovery, high availability, scaling and maintenance|
|Integrations||No or limited connectors for other applications||Connectors for iPaaS and other applications|
Top Questions for Managed File Transfer Vendors
What is the pricing model?
It is important to understand pricing from the beginning so you know whether the MFT solution works with your budget. Asking for pricing early avoids wasting time for you and the vendor. See Thru’s pricing model »
What is the total cost of ownership of the solution?
When comparing different vendor offerings, you need to be able to identify all costs incurred with each product offering so you can make an accurate comparison and adequately forecast for budgetary discussions. Download our report which analyzes the TCO for Thru, Fortra’s GoAnywhere and Progress MOVEit.
Is there a minimum contract length? How long is it?
Once the pricing model and minimum contract length is known, the estimated return on investment (ROI) can be calculated.
Does the MFT solution include any out-of-the-box integrations?
If your file transfer solution needs to integrate with certain applications or an integration platform as a service (iPaaS), this is another question to ask early in the vendor vetting process.
Where does the MFT solution run?
If your organization recently introduced a new cloud or on-premises strategy, the new MFT solution needs to fit with it. Learn about Thru’s deployment offerings.
Where are the data centers located?
Compliance requirements may limit use of data centers to certain locations. Additionally, knowing distance between data centers and organization/trading partners helps determine whether latency issues may arise.
How long does deployment, training and migration typically take?
The vendor’s answer will help you know how soon you can use the MFT solution. Learn more about migrating MFT to the cloud.
How many clicks does it take to create one file transfer workflow?
This is one of the most objective ways to measure ease of use.
How many clicks does it take to add a partner?
This will help you determine how long partner onboarding may take.
Do you have customers in our industry that we can contact?
Customer references are great for understanding the difficulties and benefits of implementing different MFT solutions.
Can we sign up for a free trial?
With a free trial, you can determine if the vendor’s claims are true and hear feedback from your IT team before making a purchase. Request a free trial of Thru’s MFT.
MFT Features Datasheet
With reusable workflows and client/server functionality, Thru fits many different use cases for managed file transfer.
Learn more about Thru’s MFT offering »
MFT Buyer’s Guide
The Ultimate Buyer’s Guide highlights the essential MFT functionality and capabilities to consider in evaluating options to modernize your MFT architecture.
Determine the best MFT solution for your organization »
MFT & iPaaS White Paper
Read more about how MFT technology built on a modern cloud platform with extensive APIs can be part of existing iPaaS strategies.
Discover how MFT and iPaaS combine for a seamless solution »
1 Millman, Rene (2021, August). 86% of organizations expect a cyber attack in the next 12 months. IT Pro.
2 On premise vs hosted Managed File Transfer. Pro2col Limited.