Managed File Transfer Asserts Data Governance In Transit

Moving staggering volumes of data is the lifeblood of business, commonly in large files, from massive batch file transfers of transactional data to that really big e-mail attachment that gets kicked back because it exceeds the corporate attachment size limit. Enterprises are challenged to scale their mass file transfer capabilities to meet increasing business demands -- new partners, new customers, new business initiatives -- while assuring security and exercising governance over the movement of data.

The managed file transfer (MFT) market has grown rapidly as enterprises seek unified management over the mass movement of information across the WAN, out to the Internet, to partners, suppliers, service providers, for example. It's perhaps a $500 million a year market, but it's difficult to size because of the range of products and services that overlap with other business management and integration vendor offerings. In 2008, Gartner estimated the market at $450 million with a year-to-year growth of more than 20 percent, but a year later expanded their coverage from 20 to 45 vendors and did not include a market estimate.

The common alternatives, rooted largely in mainframe technology, are home-grown point-to-point FTP solutions; security is typically handled through secure transfer mechanisms, such as SSH or FTP using SSL/TLS.  These do not scale easily, so new operations that require moving very large amounts of data are difficult and costly to ramp up. "People continue to do point-to-point FTP or SSH file transfers that are completely unmanaged," said Kevin Paddock, Web consultant supervisor for the state of California's Office of Technology Services. Paddock oversees a secure managed file transfer service, offered to state agencies, based on Axway's Secure Transport product. "They see it as the lowest cost alternative, not realizing that when they replicate it many times, they now have an unmanaged jumble."

In contrast to industrial-strength data movement operations, the other side of the file transfer problem is the exchange of large files by individuals, often referred to as ad hoc transfers. Typically, individuals or workgroups, stymied by file attachment size limits, send files via Internet email applications, such as Gmail, free FTP clients, unauthorized file shares, or on removable storage media (USB drives, DVDs, etc.). MFT can bring this type of file transfer under the corporate governance umbrella. "We can give people ad hoc technology and enforce the use of those technologies," said Frank Kenney, VP of global strategy at MFT vendor Ipswitch File Transfer.  "We make capabilities dead easy to easy and enterprises have the right policies in place about how to use them."

One of the key issues in both scenarios -- large batch file and individual transfers -- is the lack of governance to assure that the handling of information is meeting corporate policy compliance, security and regulatory requirements. MFT products provide visibility and validation through dashboards, reporting, real-time updates on data transfer and audit trails. "Things like file transfer over an SSH tunnel solves the security issue, but how do I know you solved it? How do I give my partners proof that you solved it?" said Kenney. "You're not just talking about a security issue. It's a management issue, visibility issue."MFT products are offered as appliances, software, virtual appliances and, more recently, cloud services. The service model, exemplified by California's program, can work well within organizations. Regulatory compliance was the initial driver for the service, said Paddock, as a state agency was willing to underwrite a way to securely transfer protected health information (PHI) for HIPAA compliance. "Since then, customers have all sorts of data that was being delivered in various ways," he said. "Some use cases we didn't anticipate came upon us, but we knew this was a product we could build a service on."
 
This model could easily be applied to an enterprise with internal customers, for example, in a private cloud, which could leverage the products' management, visibility and reporting capabilities, including charge-back to internal clients. The California agency charges a fee to pay for the service, but it's strictly up to individual agencies to decide if they want to pay for it. "We can just offer the service," Paddock said. Those who see the light understand the importance of being able to track transfers."

With a wide range of products and services to choose from, enterprises should weigh several key criteria in their selection process: