April 21, 2022

    File Transfer + File Sharing Software Solutions

    What is File Transfer + File Sharing?

    File sharing is the practice of sharing or enabling access to digital media, including documents, video files, graphics, etc. Anytime you are moving one or multiple files, documents, etc. from one place to another you are executing a transfer if information! Isn’t this exciting stuff?

    What is Secure File Transfer + File Sharing?

    Secure file sharing is the act of sharing information (files, folders, etc.) digitally and securely by protecting this information from unauthorized users, intruders, and other malicious manners. When a business or organization needs to share or transfer confidential information to specific person or group it becomes the utmost importance to ensure you are transferring information and sharing files securely.

    Secure file sharing is usually done through a combination of encrypting the file while at rest or in-flight to its destination, security protocols requiring passwords or other verification/authentication before accessing the information. Most secure file sharing services or software providers enable secure file sharing by restricting access to the file, allowing only authorized personnel to access, view, or download the file.

    UFT vs. MFT vs. MFTaaS

    UFT vs MFT vs MFTaaS - 2

    Unmanaged File Transfer (UFT)

    I’m sure most people think that in 2022 transferring files or sharing data is a safe thing to do – especially when the organization you work for has provided you with a solution, right? But if they have not, then who knows what’s happening with a company’s files. Users just attach files to an email, drop them in a shared folder, or upload them to a server via FTP or web application (WebApp), etc. It’s easy, and people at your organization have done it the same way for years. We like to call this the wild west of data transfer or file sharing. This means that your organization is basically allowing users to make their own decisions and throw data, files, information into a void and hoping someone doesn’t obtain them while also not managing account types or user controls.

    However, all too often we find that there is many well-known transfer or sharing options that just simply lack basic security to keep data protected or have never been reconfigured or reviewed by administrators to keep up with security concerns – especially corporate data. As you may know, this can cause harsh and costly damage to an organization. In fact, according to the 2021 data breach report from IBM and the Ponemon Institute, the cost of a data breach has risen to an average of $4.24 Million! This represents a 10% increase over one year ago. These are only the financial implications – the qualitative harm to your brand and your users cannot always be undone. Therefore, it’s now more important than ever to avoid having unmanaged systems. In this section we will review some risks and examples of common Unmanaged File Transfer solutions.

    Risks

    1. Unauthorized Data Access – Without file retention policies, content often lives on servers for years after its sent, making it relatively easy for unauthorized individuals (or accidentally authorized individuals) to access sensitive information undetected. Example: Someone new joins your company and their permissions give them access to a specific folder with some old documents that should have been moved or deleted.

      Free File Sync and Share services (EFSS) which are commonly used raise similar concerns. Numerous organizations have unwittingly exposed their data to unauthorized parties by using “free” cloud services. If you still rely on these services to share files with colleagues or business contacts, you should consider who else you might be sharing confidential files with.

    2. Intellectual Property (IP) Loss – More than just a footnote to the problem of UFTs and unauthorized data access, IP loss is a serious issue worth considering on its own. All too often we hear about security breaches in the media and how a manager or leader thought their corporate or organizational sharing tools were secure enough to store and share important data and information. Assumptions like this are usually discovered to be incorrect when it is too late to reverse the damage.

    3. Regulatory Non-Compliance – Organizations where UFT use is rampant would not be prepared for a regulatory audit. When it comes to compliance there are some important facts to note:

      At least two US states require the use of encryption for certain kinds of file transfers.
      Most US states now have data-breach laws on the books.

      Many industries increase their non-compliance risk by allowing UFTs for sensitive data. To maintain compliance, you should be able to produce a comprehensive audit trail with logs of who accessed what content and when the access took place. When an auditor or compliance representative comes asking for the detailed information it will be discovered that unmanaged file transfer tools are not robust enough to include this type of information, and if there’s multiple UFT tools your organization will not even know where to start looking.

    4. Efficiency Limitations – Many organizations still use email for file transfer. In addition to not being secure, using email has security and file size limitations for file transfer and can hinder organizational efficiency and burden IT with time-consuming, expensive troubleshooting activities.

    EXAMPLES

    • UFT could be any transfer of data or information by a user via a solution that is not being managed by an organization or business.

    Managed File Transfer (MFT)

    The movement of data/information is common practice in most if not all business operations today. More than likely this is the transfer or sharing files or business information. MFT enables businesses to transfer or share files and information in a controlled, secure, centralized manner – between users and systems – outside or inside and organization.

    Managed file transfer (MFT) is much more than a desktop application that utilizes file transfer protocols. MFT utilizes admin level security controls, automation and supports secure protocols such as HTTPS, SFTP, FTPS. This solution enables businesses to safely and securely share or transfer high levels of valuable business information. MFT is known to be a more secure method than UFT because there’s someone within your organization managing the platform. There is typically a user interface (UI) with the ability to enable visibility and control, but your organization is responsible for managing many additional aspects of the system beyond the software layer including the application, patching, security updates, and more.

    Managed File Transfer is usually implemented to replace outdated legacy file transfer configurations written with code or implementing a companywide policy for the first time. This evolution typically improves agility and efficiency by removing a time-consuming chore from your IT team. Choosing MFT software instead of building it yourself saves time that can be allocated towards other digital transformation goals such as big-data, cloud-first initiatives, and anything else your company is prioritizing. Historically, MFT solutions are operated on a company’s in-house infrastructure whether on prem or their public or private cloud to achieve tight unification with internal systems and administrators.

    Risks

    1. Cost of Ownership – Most businesses consider cost as the top deciding factor when choosing an MFT solution. Managing and implementing an MFT solution can be expensive. Initially the software purchase can be costly but when it’s paid off it is owned by the business.

      The cost of hardware or the environment needed to run an MFT solution adds up. Especially when considering high availability and disaster recovery.
      Choosing to host data, files and information on owned hardware/servers can be an issue. Imagine sharing a 1 GB file with 10’s or even a hundred or more external parties – the impact that it will have on your allowed bandwidth usage is something to consider.

    2. Management and Support – Once you launch your MFT solution you will need ongoing management and support. That can get expensive too.

      Who is responsible for the management and support of your MFT solution? It will likely be an internal team. Ongoing support is usually outsourced by the provider if you use a hosted solution.
      Hosted services usually function in data centers that are high availability. These providers usually offer load-balanced solutions with guaranteed uptime out of the box in the SLAs for an additional cost, and add another layer to your administration.
      Scaling your MFT solution can be tedious and daunting. Hosted environments in the public cloud typically offer on demand or touch of a button scalability, but that still requires multiple parts of an IT team to interact: the systems admin in control of the MFT solution and the infrastructure team administrating the cloud it is operating on.
      Disaster recovery and backup of your data can prove to be very costly when purchased with an MFT solution package. The best hosting providers might include disaster recovery as a service (DRaaS), but the vast majority sell this with a significant additional cost for implementation and ongoing management.

    3. Deployment – Launching an MFT solution has its challenges and can be a time suck on teams that are already taxed. You will need firewalls to open ports, the solution design, how it operates within the corporate structure, and rules for access that must be well defined and implemented.

    EXAMPLES

    • NEXTCloud
    • ServU On-Premise
    • SmartFile On-Premise

    MFTaaS

    Managed File Transfer as a Service (MFTaaS) is a cloud based MFT solution that enables organizations to securely transfer and share files and data by combining the security, efficiency, and automation of MFT with the benefits of SaaS. The MFTaaS solution provider will be responsible for infrastructure, fault tolerance, load scaling and balancing, patching, development, and any software or security updates that may occur. MFTaaS is hosted by your MFT provider as a SaaS solution with the added benefit of removing hardware (IaaS) administration needs, PaaS administration needs, and additional administrative headcount needs for your organization to host your own file transfer solution.

    The billion-dollar global marketplace is pushing advancements and innovation to rapidly evolve. This means that there are innovative solutions popping up that will increasingly change the landscape as the marketplace advances and established providers such as Sharetru continue to develop the platforms.

    MFT solution providers have been challenged with making their robust solutions available on the cloud. The available options are single tenant (dedicated IaaS) or multi-tenant instances (shared IaaS), with different options and plans available for the platform. Software vendors are widely focused on providing a robust platform versus dedicating time and resources to building out large professional service teams. However, at Sharetru we focus on both!

    Risks

    1. Control – There is less control over configuration, and you typically will not be provided with root access to your infrastructure. Additionally, you cannot choose the cloud your solution is deployed in so it’s important your organization is comfortable with the IaaS and PaaS layers your provider has chosen. You also cannot opt-out of, or pushback updates.
    2. SecurityYou must rely on and trust your vendor to handle the security. The MFT vendor you choose you be responsible for managing all aspects of Infrastructure and platform security. This includes high availability, disaster recovery, and fault tolerance.
    3. Compliance – You and your vendor will share the responsibility for your organization's data security in some cases. The cloud MFT provider you choose will be responsible for the security of the network and the encryption at rest and in transit. Your organization is responsible for what is done with the data before upload, and after it has been transferred (access controls, etc.). You will also need to stay on top of ensuring your vendor is providing you with the controls necessary for the regulations and requirements needed for your organization to be compliant, and that you have implemented them correctly. In most cases, you are held responsible as the data owner if your partner is not compliant.

    EXAMPLES

    • Exavault/Files.com
    • SmartFile
    • Globalscape EFT
    • Progress MoveIt

    Conclusion

    More and more organizations are making the move toward digital transformation as they grow and scale. This means there is a need for a secure and reliable way to automate and modernize their IT operations. They need to be able to bridge internal teams, partners, systems, and data with the highest security standards throughout the business.

    Today we reviewed key factors to consider when you are weighing out the advantages and risks of a file sharing/file transfer solution. The choice you make will most likely be guided by the budget and scope of requirements for your organization. No matter what, there is a Managed File Transfer (MFT) solution for your organization. Sharetru is a robust solution that can simplify operations and streamline costs. Reach out to one of our Secure File Transfer experts to learn more about our MFTaaS solutions.

     

    Brendon Ainsworth

    Brendon, Sharetru's CRO & VP of Sales, brings diverse industry experience, excelling in GCP & AWS infrastructure certifications.

    Other posts you might be interested in

    View All Posts