Successfully Deploying Managed File Transfer: How to Fix Your Fragmented MFT Environment
Executive Summary The compliance requirements continue to emerge and leveraging secure communications is an imperative for organizations. The emerging reporting needs for business and government are putting strains on legacy FTP implementations and IT organizations due to risk, limited control and ongoing operational and management difficulties.
Many companies are looking for alternatives to FTP with security being one of the main drivers.
Managed File Transfer solutions appear to promise a secure alternative that can deliver additional benefits.
So why do most companies still use a wide array of different tools to move files?
This white paper offers insights to help companies look at their Manage File Transfer implementation in a more intelligent way.
Download PDF of "Successfully Deploying Managed File Transfer: How to Fix Your Fragmented MFT Environment"
Introduction – Why is FTP So Prevalent and What Can We Learn From It? File transfer has become critical to providing IT services that support the business. The mix of applications and computing platforms that interoperate together to support most businesses has become increasingly complex. The majority of application integration is being performed at the file level and FTP is the most widely used tool.
FTP has become the de facto standard for moving files between servers and applications. Unfortunately, this has occurred because of faulty rationale, largely because FTP is readily available, is seemingly a low or no-cost option and application developers know how to use it.
While widely used, FTP is not the best tool for the job. Why?:
FTP is not secure
FTP it is not robust or reliable
FTP implementations vary between platforms
FTP provides no central visibility
FTP is difficult to audit
Yet, we can learn a great deal from its success. The basis for FTP’s wide deployment has been determined by the very characteristics that are needed for any solution that wants to enjoy such a high level of acceptance:
Readily Available – We don’t have to perform an installation each time we need to use it.
Low or No Cost – Each deployment does not have to justify a capital expenditure.
Existing Knowledge – People know how to use the tool.
All of these attributes lead to the ability to deploy and implement at the drop of a hat. So we should hold these characteristics in the forefront of our minds as we look to overcome the barriers that will hinder an MFT implementation.
Market Drivers – Why Isn’t FTP The Right Solution? Corporate responsibility and compliance mandates have started a movement within IT to reevaluate how files are moved, both internally and between external domains. Secure FTP solutions using SFTP and FTPS are being investigated along with a growing number of Managed File Transfer solutions.
Solutions built around SFTP/FTPS appear to have the capability to resolve the basic security needs, but they still suffer from some of the base FTP flaws. These solutions also introduce a whole new level of implementation and maintenance effort for security including key generation and management.
Of course, it is difficult for companies evaluating solutions to meet their compliance needs because most compliance mandates including HIPPA, GBLA and SOX are not specific about how companies can technically fulfill these requirements. So, if you are unable to answer these questions with your current solution, how are you going to address the emerging state level requirements?:
FTP clients and servers are not aligned to meeting these business requirements or the technical requirements of the IT organization. However, most secure file transfer solutions, MFT or otherwise, use industry standard protocols that meet at least the base levels of security.
Additionally, consideration should be placed on those attributes that enable successful deployment and support governance. Deployment is important because an inability to successfully deploy MFT means a failed MFT project. Governance is a key issue because it is the real intent of compliance regulations.
Is Managed File Transfer the Right Solution? Managed File Transfer is attractive because this class of solutions appears to address more than just the need for security. Managed File Transfer solutions purport to offer additional features that address visibility, manageability and reliability concerns.
However, Managed File Transfer vendors have provided their solutions in isolation from the management of the processes that create and consume the data. File transfers are part of your business flow. You need to do more than just secure and manage the movement of the data between servers.
A quick poll of the Managed File Transfer vendors in Gartner’s Managed File Transfer Magic Quadrant, or for that matter, any vendors you might find by “Googling” Managed File Transfer, shows that they all deliver the following ‘table stake’ functionality:
Security
Visibility
Manageability
Reliability
Compliance
These “table stakes” are NOT focused on how the movement of files fits into the business processes that you manage within your organization.
How to Succeed with Your Managed File Transfer Implementation Successful Managed File Transfer projects need to focus on the following areas:
User acceptance
Business context
Ability to deploy
In order to address these areas, you need to revaluate the “table stakes” Managed File Transfer criteria outside of how they merely affect the transfer of files between servers. In doing this, additional criteria will also become apparent.
The goal is to consider how Managed File Transfer can be successfully deployed and managed within your existing infrastructure, the one you use to manage your business process today. This will enable you to achieve a level of governance that applies to the whole service that you are delivering to the business. Additionally, you will meet or exceed the corporate responsibility objectives you have.
Evaluating the “table stakes” Managed File Transfer criteria against their ability to drive user acceptance, business context and your ability to deploy involves the following criteria: it must be widely accepted and easy to deploy.
User acceptance requires that the following criteria be addressed:
The solution must be available everywhere
Each project must not have to justify the expense of Managed File Transfer
Make it part of your infrastructure
Whatever you do, make sure that Managed File Transfer is provided as part of your base IT infrastructure. A Managed File Transfer solution has limited value if it cannot quickly be deployed everywhere you need it. This includes not having to purchase new licenses for every project. It is not useful if it hard to use or requires extensive training.
It must be able to enforce security Providing security for files in transit is an inherent part of the protocols utilized by Managed File Transfer. However, providing the capability to implement security does make your file transfers secure. Security needs must be addressed from the perspective of enforcement. Consider how you can ensure that your needs are met, not just that you can meet them. Security should also enforce controls for servers and networks, not just data movement itself.
It must provide visibility to everyone who needs it Managed File Transfer solutions provide visibility and auditing tools targeted at providing a central view of all file transfer activity. Typically, these tools are additional to the tools the data center already uses to manage the business applications and processes. Interoperability with these tools makes Managed File Transfer easier to deploy and much more visible within its business context.
User acceptance is also dependent on visibility and governance being made available to the business stakeholders that ultimately have the responsibility for supporting the business. These personnel don’t have access to the tools used by the data center. Don’t hinder their ability to perform their jobs by requiring that they have to interface to the data center to get this information.
It must provide business context This means the ability to manage and monitor file transfers in relation to the processes that create and consume the data. Additionally, being able to leverage the current IT infrastructure to achieve this is a key requirement for Managed File Transfer. Using different tools to manage the file transfer component of business processes makes a data center less productive.
Stonebranch – Intelligent File Transfer Stonebranch’s Infitran™, our Intelligent File Transfer solution, delivers advanced capabilities that address needs above and beyond just moving files between servers and applications.
Adaptive Infitran provides proactive monitoring that adapts to changes on the fly. Our Intelligent File Transfer solution does not need to be redesigned every time there is a change in your environment.
Business-driven Visibility Stonebranch’s Infitran is unique in providing visibility beyond just the transfer of data. Our Intelligent File Transfer solution makes information about all file transfers available, no matter how, where or by whom they are initiated. Visibility is also expanded to encompass the applications and processes that create and consume data. This provides a comprehensive view of the file transfers in relation to the overall business workflow to which they belong.
Moreover, Infitran interoperates with the data center’s scheduling and automation tools, providing complete visibility for all scheduled and automated event-driven file transfers. This visibility is integrated to the processes that the data center manages that create and consume the data. It also leverages the existing infrastructure in the data center so it does not require a separate or additional ‘console’ that is specific to just the file transfer processes.
Complete Management Infitran interoperates with existing automation and job scheduling tools, providing file transfer management that is not only end-to-end from the file movement perspective but also provides a top-to-bottom integration with application processes.
This interoperability means that the personnel that provide 24 x 365 management and monitoring for the processes that create and consume the data can perform the same function for the file transfers. This is achieved using the same tools, so no retraining is necessary.
Additional advantages of using these same tools for managing file transfers can be realized through consistent planning, reporting and audit methodologies for all application processes. The following core components are required to deliver a holistic platform for your MFT requirements:
Proactive Monitoring Our Intelligent File Transfer solution extends management by exception monitoring to encompass file transfers. This leverages your existing policies, practices and tools to react to both data and process abnormalities, enabling remediation through instant tracking.
Data center staff, applications staff and business stakeholders can perform monitoring. Comprehensive and intuitive filtering allows these groups to quickly find the information about file transfer activity that they need. Examples are failed transfers, successful transfers, how much data was transferred, or what were the attributes of the transfer (encryption, source, destination, etc).
Enforcement Infitran enables users to define, implement and enforce policies that control the security of data, servers and networks. Infitran provides a layered approach to security enforcement that controls access to data, servers and protects networks. Base operating system security is honored for server and file access rights. Additional security enforcement is provided to augment this, providing access control and a choice of authentication methods such as x.509 certificates.
Data encryption can be enforced in a way that ensures compliance requirements are always met. For example, a server hosting a PCI compliant application can only send or receive files that are encrypted. Networks are protected by not exposing inbound ports through a firewall.
Measurement Infitran enables your organization to report on data related to all aspects of file transfers specific to user needs. Valuable data is preserved for compliance reporting. Additionally, the data center standard reports produced from their scheduling and automation infrastructure will also include Infitran file transfer activity. All file transfer events that are related are recorded in a central database that can be extracted for reporting and auditing purposes.
Rapid Provisioning Infitran quickly adapts to mission-critical business needs. Our solution was designed to rapidly deploy and scale to your organization.
Simplified implementation enables rapid deployment throughout any environment. A common infrastructure and scripting language means that deployments are not platform-specific, enabling a more rapid deployment capability.
User’s access to servers and files is managed via operating system security. Also, user’s access to Infitran is centrally managed. All Infitran installation materials and documentation are delivered electronically via the customer area of the Stonebranch Web site. This ensures that customers can always access the most current versions and documentation.
All Infitran functions and components are delivered in a single install package for each platform. Native operating system packaging simplifies installation. Infitran license keys are not CPU specific. This simplifies deployment and ensures business continuity.
Conclusion and Next Steps Successfully replacing FTP with an enterprise-wide Managed File Transfer solution that delivers security, visibility, manageability, reliability and compliance involves evaluating these requirements within a business context and learning from the widespread success of FTP.