Decision Maker

Managing File Transfer with MFT and P2P

There's probably a dozen or more ways this is getting done in your shop. Here's what you need to know to create a supported, secure solution for everyone.

In "Jurassic Park," Dr. Malcolm famously states, "Nature always finds a way." Less than 10 minutes later, the island is overrun with dinosaurs, people are getting eaten and everything's in chaos. The lesson: Don't try to stop things that are going to happen anyway.

Users tend to always find a way as well, and in the absence of a supported solution for a particular need, they'll make one up on their own -- and you and your business might not be happy with the results. File transfer is a great example. Your users have a job they need to get done, and often don't realize the ways in which their ad hoc file-sharing mechanisms might be less than secure. You need to provide a supported solution that lets your users get their jobs done while maintaining the security and integrity of your company's data.

Managed File Transfer
Managed File Transfer (MFT) is likely one of the hottest and fastest-growing new IT solution categories out there. MFT covers two distinct scenarios:

  • System-to-system: This usually consists of regularly scheduled transfers, such as product catalog files or other data being transmitted between companies. MFT solutions often provide detailed workflow options, automation and scripting controls, and much more. When you say "MFT," this is the transfer type most people think about.
  • Person-to-person (P2P): This is a newer MFT application, and it consists of ad hoc file transfers between individuals both internal and external to your organization. The latter scenario is what most companies allow to happen in a completely uncontrolled fashion, but with the right MFT solution you can provide easy-to-use tools for your users. Some P2P implementations require the use of a special proprietary client application. That can be a hassle for internal deployments and completely impractical for external users. However, it does provide a high degree of both security and manageability, along with good ease of use. Other implementations rely on Web-based interfaces, which require no deployment and can be made more easily accessible to external users.

P2P File Transfer Features
In a business file-transfer solution, you should be on the lookout for some specific features:

  • Permissions: You should be able to control who can use the solution, and you may even want to provide basic filters -- such as file types that can be transferred -- as additional controls.
  • Encryption: Don't worry about key strength or other technical details; look for solutions that are FIPS 140-2 certified, meaning they're approved for use by both the U.S. and Canadian governments.
  • Auditing: MFT is about more than plain "security" -- it's also about control. Keep track of who transfers what to whom, when, how and how often. This is critical if your company is dealing with industry or legislative security requirements.
  • Managed: Numerous management features can be incorporated into an MFT solution, including secure wiping of transferred files, limits on the number of times a file can be transferred and so on.

Keep in mind that "secure" does not necessarily equal "managed" -- MFT solutions always incorporate security, but secure file-transfer solutions don't always incorporate the higher-level manageability features found in an MFT solution. If you don't need managed features, then simply obtaining a secure file-transfer solution that has a P2P or ad hoc module may be sufficient.

About the Author

Don Jones is a multiple-year recipient of Microsoft’s MVP Award, and is an Author Evangelist for video training company Pluralsight. He’s the President of, and specializes in the Microsoft business technology platform. Follow Don on Twitter at @ConcentratedDon.


comments powered by Disqus

Subscribe on YouTube