To better understand Managed File Transfer (MFT), it’s useful to review actual use cases. I think of the City of Guelph as a prime example of what prompts organizations to migrate from simple consumer-grade Enterprise File Sync and Share (EFSS) for file transfer to more robust and secure MFT.
A growing number of organizations are fighting an age-old battle – just using new weapons. With easy access to web-based tools for sharing files, employees often circumvent sanctioned means of transferring files in the workplace. This causes IT all kinds of headaches. But it can lead to even bigger problems for the organization, especially when the files being transferred are highly confidential in nature. This is a key reason many organizations are driven to look at MFT systems. MFT provides better visibility and control, primarily to meet the demands of regulatory compliance. It satisfies the need for comprehensive reporting and the ability to set business rules around who, or what systems, can send and receive files and when. In other words, it provides the “M” in MFT—the file management capabilities lacking in consumer-grade EFSS tools. This was why the City of Guelph adopted MFT.
The City of Guelph – a government agency in southwestern Ontario – had long used simple FTP to protect contracts, workplace safety documents, staff information, employment information, and citizen data. But over time, more and more city employees needed to transfer confidential files. According to Shibu Pillai, Technology Services, City of Guelph “Every day, we’re transferring important, highly sensitive documents: contracts, citizen information, and CAD (Computer Aided Drawing) files.” And like many government agencies, the city needs to safeguard confidential information and satisfy information privacy requirements.
Many city employees turned to consumer-oriented, non-secure file transfer sites freely accessible via the web for these ad hoc file transfers. It’s no surprise that employees are attracted to these tools – they’re incredibly convenient. But by using them, they can put their organizations in a bad position. That was the case with the City of Guelph: employee use of these sites put the city at risk of violating Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) and Personal Health Information Privacy Act (PHIPA) requirements. And those staff members that were not using these unsanctioned sites were putting a strain on the city’s infrastructure by sending large files up to 20 MB via city email servers.
By migrating from FTP to a managed file transfer system, the City of Guelph was able to address both of these issues. Specifically, it now:
- Has a productive environment for sending files
- Securely sends large files
- Reduces the burden on its email systems
- Reduces storage costs
- Saves IT staff time
- Meets MFIPPA and PHIPA privacy requirements
- Is PCI-compliant with respect to any credit card payments made for the city’s services
For more details, view the City of Guelph Managed File Transfer case study.