You've probably heard the axiom 'in an information economy, data is king' and know that data theft, has become a multi-billion-dollar global industry. You have likely arrived at the point where the daily transfer of files and documents between internal system and external partners is now a core business process. At the intersection of these three vectors is the question 'what is the difference between FTP and Managed File Transfer (MFT)?"
Do I need Managed File Transfer or Just an FTP Server?
This question is most often posed by the IT professional whose organization is evolving from one with an occasional, non-critical need to transfer files to one in which file transfer is becoming a mission-critical, core business operation.
The answer depends on some fairly straight-forward questions. Do you only need to transfer files occasionally? If the transfer doesn't happen, will anyone be upset if the file isn't available until tomorrow? Is there a good chance that the files contain sensitive, proprietary or protected data? Depending on the answers, the wrong choice can lead to significant consequences like either spending too much for a solution or receiving a finding of non-compliance with a data protection regulation.
File Transfer Protocol (FTP) has been around for longer than most of us have been involved with computers. In its earliest manifestations, it was a simple way of moving files from one computer to another. For those familiar with its limitations, it is clear that its creators never envisioned today's security threat environment. While basic FTP has been enhanced with SSH and SSL along the way, for organizations that routinely transfer sensitive documents containing proprietary or regulated data, FTP servers have become a compliance liability.
Managed File Transfer (MFT) solutions came into the market more recently to overcome many of the shortfalls of FTP. As the name implies, MFT adds many of the management features required as file transfer needs grow from occasional and non-critical to high-volume and mission-critical. Not so obvious from the name, MFT solutions also provide a large number of security and compliance features that are either unavailable or just too hard to add on to off-the-shelf FTP products.
The Managed File Transfer Advantage
We’ve created a useful eBook for IT professionals trying to decide between FTP and MFT called "Why IT Teams Migrate to MFT". It goes into a lot more depth on the considerations you need to weigh to make the right decisions.
As opposed to FTP being a server model, a Managed File Transfer system can be thought of as one huge centralized file transfer system complete with all the visibility, reporting, logging, security, tracking, integrations with your security architecture, failover and assured delivery features already built-in by design (as opposed to add-ons). These are enterprise-class solutions upon which core processes, like the medical billing and payment systems of a hospital, can be built. For instance, a single implementation may include multiple transfer servers, workflow automation systems and cloud-based transfer services all under management from a centralized console.
These systems are also designed to assure data security for organizations who have core business processes that require the exchange of files containing sensitive data with external parties. In these cases, there is also a concern of compliance with data protection mandates such as the above mentioned PCI-DSS, HIPAA, ISO-27001, GDPR and others in which substantial fines are levied in cases of data exposure, loss or breach. Some of the more valuable features of MFT, in this case, are integration with pre-existing security infrastructure such as anti-virus, DLP and access control systems. Another key feature of many MFT systems in centralized logging and compliance reporting.
A full treatise on the benefits of MFT over FTP and use cases where an organization would choose one over the other would occupy multiple blog posts. Hopefully, this post gives you a good idea where to focus your investigations to find the appropriate solution for your organization.
How Far Can I Extend FTP, SFTP and FTPS?
There is a difference between FTP and Secure FTP. FTP, while commonly used to refer to both, is actually a minimalist protocol that enables upload and download of files to a server with rudimentary access control. You may be familiar with this if you have ever staged a website. Often the FTP server on the hosting company's web site can actually be accessed in 'Anonymous' mode (i.e. without a password). This is fine if your website is a hobby. If it is a business, however, you want more protection and would look for an SFTP server. FTPS is another, less prevalent, option. These use secure protocols, SSH or SSL, to encrypt your files in transit.
SFTP servers also range in capabilities from basic to fully-loaded. On the basic end would be free, open source solutions like FileZilla. Free solutions should always come with the caveat that you get what you pay for. But if your transfer needs are occasional and there is no business impact if the file never gets downloaded or accessed, they may be just the ticket. On the high-end are solutions like our WS_FTP Server.
Just as it is possible to transform a car you purchase off the lot to a high-performance, fuel guzzling road monster, you can extend your SFTP server to some pretty extreme use cases. But the point is, SFTP servers are designed to be just that - servers. They are not, in and of themselves, enterprise-class solutions. If your organization has multiple departments with different usage needs, you'll likely need different servers and therein lies the problem - the potential for FTP server sprawl.
One of the most common complaints of IT organizations that make the move to MFT is 'we have too many FTP servers'. Each server requires its own administration. The servers may exist on multiple platforms with different script types, operating systems, security vulnerability update needs, maintenance costs, etc.. If compliance with a data protection regulation or mandate such as PCI-DSS, HIPAA, ISO-27001 or GDPR is a concern, you should be aware that many auditors view multiple FTP servers as a 'red-flag' indicating probable non-compliance.
Other Useful Resources
We've also created a useful tool entitled “The Managed File Transfer Buyer’s Guide.” We designed this checklist to help IT managers choose the best file transfer solution for them.
It might not be a surprise at this point that Ipswitch sells a managed file transfer solution. MOVEit, lets you manage, view, secure, and control all file transfer activity through a single system. MOVEit reduces the need for IT hands-on involvement and allows for user self-service as needed. It provides the perfect solution for secure file transfer to meet security and compliance needs in any industry and company size while reducing administration time and costs. We’d love for you to kick the tires with a free trial.
We also sell both FTP clients and servers as well as managed file transfer solutions. WS_FTP Server and WS_FTP Professional Client are proven to be reliable and secure file transfer solutions and support the latest secure file transfer protocols. Want to take it out for a spin? If so, we’ve got a free trial for you.