Information exchange has become the livelihood of all businesses day in and day out. Whether it’s exchanging information on a moment’s notice or planning a reoccurring delivery between people or systems or both. Hundreds of millions of files are exchanged on a regular basis representing a significant amount of money. In fact, it is estimated that if any of the largest financial institutions lost the ability to transfer data, the world economy could greatly be affected.
In this article I’m going to discuss, at a high-level, the key attributes that all managed file transfer environments should have or at least have a plan to integrate in the near future. People will choose to use an environment that is simple and easy to understand. Keep in mind not everyone is technical and they will use the method to exchange information that is the quickest and easiest.
Outlined below are some of the key items that you must consider when planning your environment.
- Who – System to system, person to person, person to system, system to person
- When – Ad-hoc delivery, registered reoccurring delivery
- Feature/Functionality – File manipulation, translation, transformation, delivery of a file from one sender to many receivers or many senders to one receiver, encryption/decryption, file retention strategy for resends, ability for authenticated users to reset passwords and resend files on demand, file push/pull/get use cases, White Labeling/Branding capability for web interfaces, file sharing
- Customized Features – It is not recommended to have more than 15% customized features as this will make your next upgrade difficult or nearly impossible (my goal has always been <10%). Understand why a feature is needed before you add it and stick to industry best practices
- Overall Security Strategy – Protect your DMZ, do not allow incoming ports and IP’s to be exposed, use Multi-Factor authentication, encrypt data at rest, data in motion and data in use, layer your environment from DMZ to LAN, use API’s to prevent engineers from directing logging in to an admin. server, Key/Certificate management strategy, File scrubbing/AV scanning, Data Loss Prevention (DLP), Whitelist/Blacklist, file deletion strategy, intrusion detection method, manage all access including privileged access, do not share credentials at employee or customer level
- Hardware Strategy: Physical or virtual
- Storage Strategy
- Network Strategy: Load balancers, URL’s, security
- Application Strategy – MFT, Secure Email, EFSS, you should not make your customer have to install a special client to communicate with you
- Development platform – First test and plan your changes and code here
- UAT/CAT platform – Test with your end users and manage the log data for negative and positive outcomes to code changes and potential problems
- Sustained resiliency production system, geographically deployed
- Disaster recovery platform (if applicable), backup strategy
- Systems - Customer On Boarding System to include automated provisioning, Chargeback Billing System, Customer Support System to show route attributes and contact information, Track & Trace System that can be accessed at authorized user level and send notifications, MIS Reporting System
- Capacity management strategy
- Upgrade strategy – Dot releases every 12-18 months, full release upgrades every 24 months when applicable, Compatibility strategy
- Patching strategy
- Migration strategy from legacy platforms to strategic
This list above is not inclusive of all items that you may need, but it is quite detailed and important that you include the items discussed. Your actual deployment could consist of just a few servers all the way up to several hundred in a large firm.
Firms are painfully realizing that they must allocate funds and plan accordingly to securely move and protect data the right way. The outcome of not properly planning the deployment could actually cost you more in the long run. I strongly recommend staying on a regular patching and upgrade schedule. Sometimes the benefits are not always visible as an added feature of functional item, but rather as an invisible security path, strategic code deployment for a future release or a performance and capacity management item or even a compatibility standard.
I spent most of my career in this industry planning, optimizing and supporting Managed File Transfer Systems. The responsibility is significant when you think about the possible implications of a serious extended outage or security breach leading to information loss.
Plan, test and execute!