This article provides the detailed features comparison needed when the need for file transfer moves from occasional to operational.
You’ve probably heard the axiom, “In an information economy, data is king,” and know that data theft has become a multi-billion-dollar global industry. You have likely arrived at the point where the daily transfer of files and documents between internal systems and external partners is now a core business process. At the intersection of these three vectors is the question, “What is the difference between FTP and Managed File Transfer (MFT)?”
Do You Need Managed File Transfer or Just an FTP Server?
This question is most often posed by the IT professional whose organization is evolving from one with an occasional, non-critical need to transfer files to one in which file transfer is becoming a mission-critical, core business operation.
The answer depends on some fairly straightforward questions:
- Do you only need to transfer files occasionally?
- If the transfer doesn’t happen, will anyone be upset if the file isn’t available until tomorrow?
- Is there a good chance that the files contain sensitive, proprietary, or protected data?
Depending on the answers to the questions above, the wrong choice can lead to significant consequences like spending too much for a file transfer solution or worse fined for non-compliance with a data protection regulation.
File Transfer Protocol (FTP) has been around for longer than most of us have been involved with computers. In its earliest manifestations, it was a simple way of moving files from one computer to another. However, for those familiar with its limitations, it is clear that its creators never envisioned today’s security threat environment.
While basic FTP has been enhanced with SSH and SSL along the way, for organizations that routinely transfer sensitive documents containing proprietary or regulated data, FTP servers have become a compliance liability. Auditors are highly skeptical of companies that still use FTP to move sensitive data, especially after the FBI has warned of the inherent security flaws with anonymous FTP servers.
Managed File Transfer (MFT) solutions came into the market more recently to overcome many of the shortfalls of FTP. As the name implies, MFT adds management features required as the need for file transfers grows from occasional and non-critical to high-volume and mission-critical. Not so evident from the title, MFT solutions also provide a large number of security and compliance features that are either unavailable or just too hard to add on to off-the-shelf FTP products. Setting up something similar on FTP servers prove to be a maintenance issue for IT teams, and they also lead to FTP sprawl. Scripting, although a cheap, ad hoc way of setting up the same functionality as an MFT solution, causes more headaches than necessary.
The Advantages of Managed File Transfer vs. FTP
We’ve created a useful eBook for IT professionals trying to decide between FTP and MFT called Why IT Teams Migrate to MFT. It goes into a lot more depth on the considerations you need to weigh to make the right decisions.
As opposed to FTP being a server model, a Managed File Transfer system can be thought of as one huge centralized file transfer system that includes:
- Integrations with your security architecture
- Failover and delivery assurance
These are enterprise-class solutions upon which core processes, like the medical billing and payment systems of a hospital, can be built. For instance, a single implementation may include multiple transfer servers, workflow automation systems, and cloud-based transfer services, all under management from a centralized console.
Additionally, managed file transfer systems are designed to assure data security for organizations that have core business processes that require the exchange of files containing sensitive data with external parties. In these cases, there is also a concern of compliance with data protection mandates such as PCI-DSS, HIPAA, ISO-27001, GDPR, CCPA, and others in which substantial fines are levied in cases of data exposure, loss or breach.
What’s more, states in the US are rapidly passing data protection laws. Ultimately, every business will be responsible for personally identifiable information (PII) that is processed and stored regardless of industry.
Some of the more valuable features of MFT, in this case, are integrations with pre-existing security infrastructure such as anti-virus, data loss prevention (DLP), and access control systems. Another key feature of many managed file transfer systems in centralized logging and compliance reporting.
A full treatise on the benefits of MFT over FTP and use cases where an organization would choose one over the other would occupy multiple blog posts. Hopefully, this post gives you a good idea of where to focus your investigations on finding the appropriate solution for your organization.
How Far Can You Extend FTP, SFTP, and FTPS?
There is a difference between FTP and Secure FTP. FTP, while commonly used to refer to both, is a minimalist protocol that enables upload and download of files to a server with rudimentary access control. You may be familiar with this if you have ever staged a website. Often the FTP server on the hosting company’s web site can be accessed in ‘Anonymous’ mode (i.e., without a password). This is fine if its a personal website. But if it is a business, you want more protection and would look for an SFTP server.
FTPS is another, less prevalent option. These use secure protocols, SSH or SSL, to encrypt your files in transit.
SFTP servers also range in capabilities from basic to fully-loaded. On the basic end would be free, open-source solutions like FileZilla. Free solutions should always come with the caveat that you get what you pay for. But if your transfer needs are occasional and there is no business impact if the file never gets downloaded or accessed, they may be just the ticket. On the high-end are solutions like Progress’ WS_FTP Server.
Just as it is possible to transform a car you purchase off the lot to a high-performance, fuel-guzzling road monster, you can extend your SFTP server to some pretty extreme use cases. But the point is, SFTP servers are designed to be just that – servers. They are not, in and of themselves, enterprise-class solutions. If your organization has multiple departments with different usage needs, you’ll likely need different servers, and therein lies the problem – the potential for FTP server sprawl.
One of the most common complaints of IT organizations that implement MFT is, “We have too many FTP servers!” Each server requires its own administration. The servers may exist on multiple platforms with different script types, operating systems, security vulnerability update needs, maintenance costs, etc. If compliance with a data protection regulation or mandates such as PCI-DSS, HIPAA, ISO-27001, or GDPR is a concern, you should be aware that many auditors view multiple FTP servers as a ‘red-flag’ indicating probable non-compliance.
Other Useful Resources
We’ve also created a useful tool entitled “The Managed File Transfer Buyer’s Guide.” We designed this checklist to help IT managers choose the best file transfer solution for them.
It might not be a surprise at this point that Progress sells a managed file transfer solution. MOVEit, lets you manage, view, secure, and control all file transfer activity through a single system. MOVEit reduces the need for IT hands-on involvement and allows for user self-service as needed. It provides the perfect solution for secure file transfer to meet security and compliance needs in any industry and company size while reducing administration time and costs.
We also sell both FTP clients and servers as well as managed file transfer solutions. WS_FTP Server and WS_FTP Professional Client are proven to be reliable and secure file transfer solutions and support the latest secure file transfer protocols.