A Managed File Transfer (MFT) service is a platform that moves data between systems and people in file format. This description sounds like FTP. However, an MFT includes security measures and action logging.
These two elements are essential for businesses that need to provide compliance to data protection standards, such as HIPAA, PCI DSS, SOX, and GDPR.
It is the record-keeping that is the distinctive feature of MFT because just about all FTP utilities offer secure options such as SFTP and FTPS. Those two secure versions of FTP are the main protocols used in MFT systems as well. Another identifying feature of MFT systems is that they are more than just a file transfer utility. They are usually integrated into a file storage system, so the MFT will store your sensitive documents in an encrypted format and record all access attempts and changes.
Here is our list of the eight best-managed file transfer services:
- ActiveBatch EDITOR’S CHOICE A job scheduler and task automation suite that includes secure managed file transfer functions. This is a cloud-based service.
- Files.com (FREE TRIAL) A cloud platform for storage and forwarding files that includes distribution tracking and user identification.
- Serv-U Managed File Transfer Server (FREE TRIAL) A file transfer management system with a Web interface and mobile app for users and the ability to track activities from an administrator account. It runs on Windows Server and Linux.
- FTP Today A cloud-based service that gives your business a virtual private data center.
- Tresorit A cloud platform that provides collaboration and distribution functions and tracks all actions on files.
- Accellion Kiteworks A content firewall that offers a range of secure file distribution that can be accessed as a SaaS system or installed on a private cloud.
- Citrix ShareFile a cloud platform for secure file transfers, process automation, and distribution tracking.
- Progress MOVEit Transfer Channels all file transfer activity through one location where interfaces can be controlled and monitored.
About secure managed file transfers
FTP is a very old protocol. In fact, it pre-dates the Internet and the TCP/IP protocol stack that FTP now belongs to. FTP is an application that sits on top of the TCP/IP stack, which, in theory, only goes up to the Transport Layer.
Unfortunately, although it is very well established and efficient, FTP is not secure. The protocol does not include any provision for authentication or encryption. Therefore, two adaptations of FTP were created: SFTP and FTPS.
SFTP is known as Secure FTP and also FTP over SSH. FTPS is known as FTP/Secure and also FTP over SSL. SSH is the Secure Shell. There is a little difficulty in combining FTP and SSH because FTP uses two simultaneous connections and SSH usually only has one. SSL is the Secure Socket Layer. In truth, SSL no longer exists. It was replaced by Transport Layer Security (TLS) a long time ago. However, tech insiders still refer to SSL when they really mean TLS. This is the secure protocol used to protect HTTP, creating HTTPS.
When you use a managed file transfer system, it is likely that the actual secure transfer protocol at its heart will be either SFTP or FTPS.
An MFT system can be hosted on-premises or in a private cloud and it is very suitable for delivery by Software-as-a-Service (SaaS).
A common feature of many MFT services, no matter where or how they are hosted, is a Web interface for administration. The user part of the system can also be accessed through a browser-based interface or through an app. It is also possible to find MFT services that are implemented as plug-ins for other well-known interfaces, such as an email system, a productivity suite, or an operating system’s file manager.
MFT can be implemented as a cloud drive that includes collaboration features for file sharing. In this scenario, the main benefit of the MFT system is that users don’t have to attach files to emails. Instead, the user adds the recipient’s email address to a list of permitted recipients and then the system will automatically send out a notification to that recipient with an access link in it. Or it generates a link for the file owner to copy and paste into the body of an email.
However, keep in mind, the important feature of MFT system is activity and file access logging. Other useful features offered by some MFT services are watermarking and distributed copy identification that enables investigators to work out exactly who leaked a confidential document.
The best Managed File Transfer Services
A managed file transfer service doesn’t necessarily need to be a cloud service. However, if it is, there are accountability issues to be taken into account if your specific need for an MFT system is to comply with a data protection standard.
When examining the MFT market we developed a list of selection criteria. These are:
- Secure, encrypted file transfers
- A central management console to control user accounts
- Individual accounts for users to make each accessor identifiable
- File event logging
- A Business Associate Agreement (BAA) that complies with data protection standards
- A free trial or money-back guarantee for a risk-free assessment
- A good mix of services that is priced to offer value for money
Applying these selection criteria bought us to a list of candidate-managed file transfer services, which we then ranked.
ActiveBatch is a cloud-based task automation and job scheduling service that includes a managed file transfer module. The big advantage of the ActiveBatch system is that it makes integrating secure file transfers into wider workflows very easy.
The console for ActiveBatch is accessed through any standard Web browser and it includes a graphical interface for setting up tasks. You can create a file transfer workflow, integrate a file transfer step into a wider workflow, or create your own file transfer module that can operate as a standalone service or be plugged into other workflows that you set up later.
However you chose to implement your file transfer workflow, you can set up a schedule to get it to run automatically within the ActiveBatch console. This is a great tool for regular transfers for system maintenance, such as managing log files, backing up configuration images, or distributing documents.
ActiveBatch has pre-written processes to integrate with other products, such as ERPs and data warehousing systems. It is also able to interface to other cloud platforms to automate tasks and transfer files to and from. The list of platforms that ActiveBatch will work with includes Azure and AWS.
The secure file transfer utility can transfer files in parallel, send the same file to multiple destinations, pause and restart transfers, and recover from a lost connection in mid-flow. The transfer system offers SFTP and FTPS options and all data movements are logged. The reporting function and security protection make ActiveBatch a suitable managed file transfer service for businesses that comply with HIPAA, SOX, PCI DSS, or GDPR.
ActiveBatch is our top pick for a managed file transfer utility because it integrates into a wider system of task automation. As with other MFT services, this system includes security for transfers and an activity-tracking feature that makes it suitable for use in businesses that need to follow data protection standards.
Get a demo of ActiveBatch: advsyscon.com/en-us/demo/get-started
Operating system: Cloud based
Files.com is a cloud platform that acts as a store and forwarding system for files. Each user gets an individual account on the platform, which enables activity tracking. It is possible to add 2FA to account access routines, enhancing. The account space is fully encrypted for further protection. There is an administrator account with the plan that has access to activity data and performance tracking utilities.
The Files.com platform acts as a mediator for all file distribution activities. Files get loaded to the platform over a secure connection and then recipients are sent links to those files in their location on the Files.com server.
File owners can decide the level of access to grant to others and it is possible to revoke access rights. All activities on each file are logged. The system administrator can also use the Files.com storage space for automated processes, such as backup and syncing of directories that contain sensitive data. The service is able to give a signed Business Associate Agreement to those customers that are following a security standard that requires it, such as HIPAA or PCI DSS.
Files.com is a subscription service with a rate that is calculated on the number of user accounts needed. The base plan gets 1,000 GB of storage space but that can be increased. The Files.com system can be integrated with cloud storage services, productivity suites, and collaboration systems. You can get a Files.com account on a 7-day free trial.
Files.com is a leading managed file transfer service because it includes all of the requirements for security and control of files while also allowing the flexibility to use the system for a range of other business functions, such as team collaboration or folder backups. The Files.com service is suitable for file transfers in environments that need to comply with data protection standards, such as HIPAA, SOX, and PCI DSS.
Start 7-day free trial: signup.files.com/signup3/welcome
Operating system: Cloud-based
While most of the systems on this list are cloud-based platforms, Serv-U is a package that you install on-premises and manage in-house. This option is suitable for businesses that don’t want to let their sensitive data held outside their premises because most of the cloud platforms include an element of storage for the files being transferred.
Although the package is a system you host yourself, its interface operates as a Web system. Users get a browser-based interface and mobile apps to access the file transfer service, so it looks and feels like a cloud service.
A big advantage for those following a data protection standard is that there is no need for a BAA because all of the responsibility for data storage and control is kept in-house. The system logs all file transfer activities, which is important for compliance auditing. The system can also be used to manage workflows that implement automated file transfers.
The secure transfer protocols available with this service include SFTP, FTPS, and HTTPS. The system can operate with IPv4 and IPv6 addressing. The service will also manage the receipt of files from external sources and it is particularly efficient at managing the transfers of very large files.
The Serv-U MFT software installs on Windows Server or Linux and it is available for a 14-day free trial.
FTP Today is a secure file transmission system that has all of the features needed in an MFT. Users access the service through a Web interface and mobile apps and require individual user accounts. Those interfaces can be white-labeled for use by managed service providers. The administrator console has control over user activities and all file functions are logged.
The security services of FTP Today are excellent. The system employs 2048-bit RSA encryption to protect files in transit and 128-bit AES encryption for files at rest on the FTP Today service – this is a cloud platform that mediates transfers. The service is certified under ISO 27001 and its data centers are SSAE18 SOC2 audited. Transfer protocol options include SFTP, FTPS, FTPES, and SCP.
The file space of FTP Today is protected by a managed intrusion detection system. Security measures that this service deploys include hacker blacklisting. Account administrators can impose extra controls, such as tied devices to identify each user access location and geo-fencing that restricts access. So, valid users can be automatically blocked if they go out of the country and try to access the service.
If you are working to HIPAA or PCI DSS standards, you will need a signed BAA from FTP Today. This is only available with the Premium plan. Other benefits of that higher plan are 2FA for user access control and the ability to link accounts in FTP Today to a Single Sign-On system.
Tresorit is a cloud-based file sharing service that is G-Cloud 9 approved. It has all of the security and control mechanisms that qualify it as an MFT. This system can be used for file transfers or for collaboration within its secure environment.
Files are encrypted on the user device before they are transferred. The owner of the file, which could be an administrator account, is the only person able to decrypt it. The transmission to the Tresorit server is also secure and access to the company’s file space is governed by authentication procedures.
The entire file space is also encrypted, with the decryption key embedded in the 2FA access procedures needed by the holders of user accounts. Users gain access through a Tresorit Web interface or a mobile app, which ensures end-to-end security for the transmission of data from the drive to the viewer.
Each user on an account with Tresorit can be identified and all actions on files are recorded for audit purposes. It is possible to withdraw previously granted access and it is also possible to blacklist a device.
Tresorit provides a BAA to its business customers and the service is available on a 14-day free trial.
6. Accellion Kiteworks
The Kiteworks system is a cloud platform that is termed a “content firewall.” The platform includes a number of specialized tools, including a managed file transfer service. This system offers accountability through recipient identification that is implemented with a copy serial number embedded in the metadata of a transferred file.
There are a number of configuration options for Kiteworks. The cloud platform is one of those and customers who are working with HIPAA or PCI DSS get a signed BAA. It is also possible to get the service as a software package for installation onsite or on a private cloud. In these two circumstances, a BAA is not needed.
Kiteworks uses 256-bit AES encryption for transfers and when files are at rest. This service doesn’t automatically include cloud storage. If that option is used, the file space is protected by AES encryption as well. Accellion Kiteworks has ISO 27001 certification and is validated to FIPS 140-2 Level 1.
The Kiteworks system can be used for sharing files if they are held on the Accellion server. Team members can be granted access to individual files and it is possible to set up shared folders. Each user can comment on a file or communicate through a messaging system. The original owner of the file is notified if any actions occur on it.
The administrator gets an event feed on all files, which creates an audit trail. The Kiteworks system can be integrated into Office 365 or Outlook and even when in this mode, all file actions are logged.
Kiteworks is a subscription service with a rate per user per month. You can get a demo to assess the system.
7. Citrix ShareFile
Citrix ShareFile is a cloud-based platform that offers a range of secure file services that include file storage, collaboration, and transfer options. The security, tracking, and access control features of the secure FTP module in this platform qualify it as an MFT service.
This service is an implementation of FTPS. By mediating its transfers through its servers, acting as a proxy, ShareFile is able to simplify the complexities that you would face managing your own FTPS service. This is an adaptation of FTPS that has an easy-to-use browser-based interface for users and a controlling console for administrators.
The ShareFile service integrates into Outlook as a plug-in. In this mode, the service uploads attachments separately to its own server and then places a link to the stored file in the email. The recipient is then able to view the file over a secure connection or, if the sender allows it, download the file.
Citrix will provide a signed BAA for clients that are operating a HIPAA or PCI DSS compliant environment. ShareFile is available for a 30-day free trial.
8. Progress MOVEit Transfer
Progress MOVEit Transfer is a secure FTP system that includes user identification, logging, and controls that mark it as a managed file transfer system.
Transfers can be carried out on-demand or as part of automated workflows. It is suitable for work needed by users or as part of administration background processes. Files are protected by 256-bit AES encryption and the entire service qualifies as being compliant with HIPAA, PCI DSS, and GDPR.
Progress offers MOVEit Transfer as a cloud service in North America and Europe. The system is also available for an on-premises installation or on a private cloud. It can be paid for through the Azure marketplace and set up on an Azure account.
The service offers a single point for all transfers, including traffic logging that links the user account to each action. A companion service, called MOVEit Automation helps administrators assemble workflows that can include secure file transfers.
MOVEit Transfer is available for a 30-day free trial.