Managed File Transfer (MFT)

MFT vs. SFTP: Six benefits of modern Managed File Transfer

MFT-vs-SFTP

MFT stands for Managed File Transfer, while SFTP stands for Secure File Transfer Protocol. They represent two ways of sharing data, but MFT technologies have evolved so much that it’s hardly a fair comparison. We’ll define MFT and SFTP and highlight the differences between the two, then discuss the benefits of cloud MFT for the modern enterprise.

Debating MFT vs. SFTP is like debating automobile vs. horse-drawn carriage. Sure, you could use FTP or SFTP to transfer mission-critical files – after all, some people still prefer getting around via horse-drawn carriage – but why would an enterprise slow itself down with such a basic technology?

Where it all began

Before we get into a discussion of MFT vs. SFTP, we must first briefly discuss the foundation from which they came.

FTP, or File Transfer Protocol, is where it all began. FTP is a network that allows files to be transferred between computers. It does this through a Transmission Control Protocol/Internet Protocol (TCP/IP) connection.

The end user’s machine is commonly referred to as the local host (or client) in an FTP transaction. A remote host, generally a server, is the second computer participating in FTP.

How does FTP work

Both computers must be network-connected and correctly set up to transmit data over FTP. To access these services, servers must be configured to execute FTP services, and clients must have FTP software installed (such as FileZilla).

FTP can be extremely useful, but it has its limitations: auditors are wary of organizations that continue to use FTP to transfer sensitive data, especially after the FBI warned of the inherent security weaknesses of anonymous FTP servers. Their experts say that cybercriminals could use an FTP server in anonymous mode to store malicious tools or launch targeted cyberattacks.

Secure File Transfer Protocol (SFTP)

This is where SFTPSecure File Transfer Protocol – comes in. It sends files through an encrypted connection, similar to secure shell (SSH).

SFTP gives users various options to test a connection for authentication. These include:

  • User IDs and passwords
  • SSH keys
  • A password plus SSH key combination

how does SFTP work

SFTP is especially useful for businesses looking for a way to enhance the security of their file transfer operations and user access.

What is MFT? (Managed File Transfer)

While SFTP enabled more secure file transfers, Managed File Transfer (or MFT) solutions layer on automation, reporting, and compliance – and additional security features. MFT is a technology platform that manages file transfers, as the name suggests, and can move large volumes of unstructured data. But it goes well beyond that.

A Managed File Transfer solution differs from a plain File Transfer tool like the FTP or SFTP client/server combination by offering technical capabilities that earned it the prefix “Managed.” These capabilities include:

  • Guaranteed delivery that leverages ‘retry’ and ‘resume’ options to ensure a successful delivery of files and recovery from failed transfers.
  • File integrity to certify that the file was not altered accidentally or voluntarily (think “man-in-the-middle”) during its transit.
  • Non-repudiation or the ability to prove that a file was sent by one party to another by using digital signatures for each participant.
  • Automation of file transfer-related activities and business processes, both pre- and post-transfer, and on success or error.
  • End-to-end reporting on file transfers. Notification of successful file transfers (acknowledgement) all the way to the sending business applications.
  • Global visibility and auditability on administrative (configuration) and runtime (transfer) operations.
  • End-to-end security for data in-transit and at-rest, with support for PKI.

All these criteria are characteristics of a Managed File Transfer solution and represented the boxes that vendors had to check during a Request for Proposal (RFP) processes back in the early days.

Six benefits of MFT solutions

Over time, the technologies and industry requirements (especially around compliance and risk management) have evolved, putting more pressure on MFT vendors to come up with new points of differentiation. Here are six of those benefits to keep in mind when adopting a Managed File Transfer solution:

  1. Increased support of internet-based protocols, like HTTP/S, SWIFT, AS2/3/4, SFTP, or FTPS.
  2. File Transfer Acceleration using internal mechanism (like file compression) and new technology capabilities (ex: pTCP or parallel TCP sessions).
  3. Bandwidth and priorities management at the partner and transfer levels.
  4. Native integration with third-party services (e.g. identity and access management, anti-virus, data loss protection solutions).
  5. Extension capabilities to add new protocols or processing steps as part of the solution, in a safe and sustainable way.
  6. Scalability and high availability to adapt to increasing demand and always-on service.

With the first evolution of the MFT stack, one could say that those enhancements were mainly geared towards “high control.” The IT/MFT team, now organized in Center of Excellence (CoE) and offering a shared service to the rest of the company, is responsible for the data movement inside and outside the walls. They must face a myriad of new demands from their business counterparts, ranging from technical to business needs.

In this model, the MFT CoE operates as a gatekeeper for the requested services, reviewing each of them for approval, and implementing according to their own Operational Level Agreement (OLA), regardless of customer urgency.

At the time, this was a viable option to answer changing needs while complying with internal policies and industry regulations such as HIPAA, PCI, DSS, or GDPR. But years later, things have evolved, and it is not enough to face the new dynamic and modern way of working inspired by the digital trend.

Initiatives like mobile app development, aggregating and exchanging big data, consolidating legacy systems into a corporate solution, moving infrastructure to the cloud, or using a hybrid deployment all point toward a new interest around “high productivity.”

How can IT support business teams who are under pressure to continuously and rapidly innovate, to roll out new services to their users frequently, and to accelerate their development and deployment cycles?

The next generation of cloud MFT

From a Managed File Transfer perspective, this comes down to a next-generation solution that delivers leading file transfer product functionalities, which can be controlled via a granular set of administrative and operational APIs (for headless operations).

It goes without saying that this solution should support – but more importantly, leverage – the latest features offered in the cloud to offer capabilities like geo-distributed and zero-downtime architecture, whether deployed on premises, in the cloud, or in a hybrid fashion. For example, MFT as a Service in a multi-tenant cloud is a cost-effective solution that allows enterprises to offload risk while benefiting from integrated security and management.

This next generation is about offering a solution, rather than a set of products. A solution provides a customer-centric experience, unified between its different elements and enriched with by-products and services to accelerate user adoption.

A first example can be pre-configured artifacts (e.g. composite APIs, configuration templates, scripts, connectors, etc.) developed and shared by the MFT community. These components are leveraged by the MFT CoE to implement self-service capabilities that give more autonomy to end-users & app developers. The MFT CoE becomes an enabler on the Managed File Transfer solution for the business teams and plays a more proactive role by defining and organizing the MFT service portfolio ahead of users’ requests.

Another example is the availability of on-demand added-value services, which may not reside in the solution itself, but augment it from a vendor platform hosted in the cloud. The MFT CoE can sign up for services that can be temporary (like a conversion/migration tool) or perpetual (like a visibility add-on, an on-boarding solution or an MFT-oriented configuration management system). Those subscription-based services are ready-to-use and can be adjusted on the fly to fluctuating activity, therefore helping to deliver a very fast ROI and time-to-market for MFT CoE.

Finally, an MFT CoE exists in most companies. And since we’re stronger together, it’s imperative that they can ask their questions, share their use cases, and request some best practices to be more creative in serving their business. An active community of users needs collaborative tools or portals, public and private events to share their knowledge, which in turn benefit the vendors by proposing new ideas to enhance their Managed File Transfer solutions.

MFT vs. SFTP: Which is right for you?

In the end, both MFT and SFTP protocols work to protect data in transit. Both use passwords and user IDs to authenticate who is sending and receiving. But it’s hardly a fair fight: SFTP is cheap and will get a file from point A to point B, but it will show its limitations as soon as you need to begin scaling. And companies that are still using basic FTP aren’t just missing out on efficiency and performance: they expose themselves to security breaches.

MFT offers added protection and value. You can use multiple protocols, streamline your transfers, and MFT can help you with automation, compliance, or auditing.

MFT is more suited for companies transferring files as a mission-critical part of their work. For example, the IRS used its MFT solution to collect and consolidate data from offshore financial accounts of U.S. taxpayers.

It can also be crucial in supply chains that depend on many different actors working together. RailInc coordinates millions of rail-asset movements each year with MFT – more than 450,000 file transfers per day – which help shippers, rail equipment owners, and transportation management providers manage rail shipment and equipment data.

If your organization requires high availability and integration, and if compliance, security, and scalability are non-negotiable, you probably need MFT.

This isn’t your father’s MFT. Modern cloud solutions like Axway Managed File Transfer can provide your organization with a secure, reliable way to share information with your employees, customers, and partners.

Not only will you enjoy centralized control over the entire ecosystem, but Axway MFT can decrease the time it takes to create and deploy file transfers by up to 90 percent at high availability.

So, whether you’re sharing files with someone across the street or around the world, let Axway help you make sure it gets to its intended recipient safely.

Download our white paper to learn how today’s cloud-enabled MFT improves security and governance with centralized control over your entire MFT ecosystem.