Managed file transfer (MFT) is a longstanding, well-accepted way for organizations to share business files point to point, quickly, reliably and securely. And while it may have lost its newness and “coolness,” it’s no less effective. That said, MFT is becoming cool again as it morphs and expands to play a critical role in moving large sets of Big Data as well as traditional business files to, from and through clouds.
Defining MFT in the cloud
Companies and vendors alike are in a quandary when it comes to defining exactly what constitutes MFT in the cloud. This vagueness is particularly apparent when an organization issues a request for proposal (RFP) that includes an MFT component and the vendor struggles to determine if that requirement is within its ability to fulfill.
Such confusion further hinders companies that are considering moving B2B processes to the cloud or that are comparing multiple cloud service providers. Many times, a component of the outsourced process requires managed file transfer. The industry would benefit from a definition that clearly delineates the requirements for MFT in the cloud. Here’s a suggestion for the definition:
MFT in the cloud is the secure and reliable transfer of data to, from and between clouds, regardless of file size.
Simple, clear and concise. By defining MFT in the cloud and explaining its key components and useful options, this article clarifies this emerging service and provides advice to organizations on what to look for in a cloud services provider.
Breaking down the definition
Security: A key requirement of managed file transfer, whether traditional or cloud based, is the secure transfer of files between two points. How security is ensured is up to the concerned parties, but it’s driven by a host of industry compliance regulations and laws such as The Payment Card Industry’s Data Security Standard (PCI DSS), HIPAA, the Gramm-Leach-Bliley Act and Sarbanes-Oxley (SOX).
It can be achieved by securing the communication session by sending files through a secure pipe using a secure protocol such as SSL or SSH. Alternatively, files can be encrypted and sent over an insecure protocol. Some organizations do both. They send encrypted files over a secure protocol to guarantee data security both in transit and at rest. Conversely, using FTP in the clear to move unencrypted files would not be considered managed file transfer as it would fail the security requirement.
Reliability: Provisions must be in place to ensure files are reliably sent and received. This means that the receiving entity must be available to receive files and process them. When using MFT to move files to the cloud, the Service Level Agreement (SLA) should specify availability requirements and the timeframe within which files will be processed. Using a communication standard such as EDI-INT AS2 helps to meet these criteria by adding acknowledgments and non-repudiation of data to the solution set.
Size: MFT was invented to solve the problem of securely transmitting large data files between trading partners. But what defines “large?” That’s really between the companies involved to define, agree upon and enable. When transferring files to a cloud service provider, defining the size of files to be moved falls under the SLA.
But there’s another aspect to file transfer today. With the proliferation of Big Data generated from consumer, B2B and social networking sites and other Internet sources, it could mean transferring small files occasionally or even streaming files continuously. An MFT cloud service should be able to handle all required types of transfers.
In addition to providing for the secure and reliable transfer of any size file to and between clouds, MFT cloud users benefit from these “nice-to-have” extensions: restart and auditing.
Restart: On occasion, the transmission of a large file will stop before it’s complete. When that happens, transmission of the file starts again at the beginning. For a very large file, this could mean an unacceptable time delay. Some MFT cloud providers offer the ability to “restart” an interrupted transmission at the point it failed. This extension is highly valuable when delivery time is crucial to the business.
Auditing: The ability to track the files — when they were sent, opened and deleted — and produce an audit report is important for business analysis and in some cases, for legal purposes and regulatory compliance. Many MFT cloud providers offer the ability to audit file transfers. This could be considered a requirement for some based upon auditing requirements or the type of business data movement involved. With the proliferation of Big Data and requirements of data federation, auditing in some scenarios may make or break an MFT solution.
Advice on selecting an MFT cloud service provider
Clearly, any MFT cloud service provider should at minimum ensure the secure, reliable transfer of any size file. Because customer requirements must be a subset of the provider’s capabilities, it makes sense to choose an MFT cloud service that goes beyond these basic requirements.
Those providers that offer advanced extensions are typically more innovative and experienced and they have a more mature MFT solution, which inspires a higher level of customer confidence while providing an easy upgrade path for when those capabilities might be needed.
It’s also important to choose an MFT cloud provider that is willing to tailor the SLA to the customer’s specific requirements at the beginning of the business relationship and be flexible enough to adapt the agreement if those requirements change. For example, a customer’s definition of “large” may change over time. If the provider cannot support that change, the customer will be put into the difficult situation of having to either re-architect the business process or shop for a new provider.
As more organizations move their back-office processes to the cloud, and with the rise of Big Data and files moving at an increasing rate, managed file transfer is adapting to the cloud model. Unlike traditional MFT that transmits files point to point between trading partners’ facilities, transmitting files to the cloud requires an agreement with the cloud provider and an SLA to ensure secure, reliable and timely transfers and ensure customer confidence.
Robert Fox is the Director of B2B/EAI Software Development at Liaison Technologies, a global provider of secure cloud-based integration and data management services and solutions based in Atlanta. An original contributor to the ebXML 1.0 specification, the former Chair of Marketing and Business Development for ASC ANSI X12, and a co-founder and co-chair of the Connectivity Caucus, he can be reached at email@example.com.