1 Managed File Transfer: Insights and Best Practices Steven Jordan Director, Supply Chain Solutions.

1

Managed File Transfer:Insights and Best Practices

Steven Jordan

Director, Supply Chain Solutions

Agenda

• Axway Overview

• Context: a brief history of file transfer

• Managed File Transfer Overview

• File Transfer Patterns

• Best Practice Approach

• Q&A

About Axway• Serve 11,000+ Customers Globally• 1,700 Employees • Global Company -- key US offices in

• Phoenix, AZ• Redwood City, CA

• 31 US security patents / 15+ years of R&D• Acknowledged Innovator and leader

• Leaders Quadrant – Gartner Managed File Transfer (MFT)

• Leaders Quadrant – Gartner Business to Business Integration (B2Bi)

• Leaders Quadrant – Gartner Email Encryption

CustomersCustomers

Multi-Nationals

Government

Financial Services

Fortune 500

| © 2010 Axway | All rights reserved. 4

A Brief History of File Transfer

A Data Driven World

Over 80% of all business and organizational information is exchanged via files

File Size

Co

nfi

den

tial

/ C

riti

cal

Low

High

0 MB 10 MB 100+ GB1 GB

LegalContracts

LegalContracts

Image / MediaImage / Media

Source Code / Software

Source Code / Software

CAD FilesCAD Files

Media / VideoMedia / Video

EDIEDI

Funds Transfer

Funds Transfer

Sales Collateral

Sales Collateral

Sales DataSales Data

Application-to-application (A2A)Application-to-application (A2A)

Credit Card DataCredit Card Data

Volume, size, type and frequency of data exchange is unpredictable C

omm

unity

Siz

e

Structured

Person to

Person

Business to

Business

System to

System

Un-structured

Small

Large

© 2009 Axway - Confidential and proprietary. All rights reserved. 5

Intellectual Property (IP) Protection

• IP protection is widespread and costly– An overseas partner pirates a software title and sells it in local stores– A sales manager leaves for a competitor – takes contacts and clients– An employee inadvertently e-mails an M&A term sheet to a wrong e-mail address– A data tape containing retiree data falls of a truck en route to a backup facility

– Gartner/AMR Research

© 2009 Axway - Confidential and proprietary. All rights reserved.

6

U.S. Department of Commerce estimates that counterfeiting and piracy cost U.S. businesses $250B+ a year

Average cost for data breach is $202 per record, $6.6M per breach, 69% of which is associated with lost business (Ponemon Institute)

Files are being transferred everywhere

DMZ ftp server

ftp server

ftp server

Applicationserver

Applicationserver

Applicationserver

ExternalVendor

ExternalCustomer

InternalUser

ExternalPartner

PartnerSystem

PartnerSystem

Rogue ftpserver

ftpSMTPPhysical Media

FTP – The De Facto Standard

•Most Common Internet File Transfer Method•Client / Server Architecture

Client initiates all connections•Many Variations Of FTP, (Vendor Customizations)•FTP Problems

No EncryptionUser Names and Passwords Are In The ClearNo Integrity CheckingNo Checkpoint RestartNo TrackingNo ManagementFTP Scripting


Managed File Transfer Overview

Managed File Transfer ( MFT )According to Gartner

• The Gartner “Managed File Transfer Suites: Technology Overview” report identifies a managed file transfer suite as having the following functionality:

– Secure Communications: This entails a collection of commonly used protocols and technologies used for transporting and ensuring the authentication, privacy, non-repudiation and authorization of data between two or more entities.

– Management: This is the ability to monitor and control the data (regardless of size) throughout the file transfer.

– Integration functionality: Adapters or exposed application programming interfaces.

– Streaming input /output: This capability enables the MFT Suites to overcome physical hardware limitations and operating environment limitations.

– Checkpoint/restart capabilities: This capability lets the user resume incomplete file transfers as a result of interrupted transmissions, accidental or otherwise.

Axway 2010 MFT Survey Results

Axway interviewed 150+ IT Executives that manage file transfer operations

...here are some key findings

88% - concerned about violation of security mandates and preventing data loss via human driven data exchange

83% - still use FTP for external data exchange

78% - concerned about internal/external visibility and monitoring of data file exchanges

44% - currently use unmanaged methods for sending files too big for corporate email exchanges

Axway 2010 MFT Survey Results


File Transfer Patterns

Application Integration Pattern

• Internal File Movement Between Systems– Peer-to-Peer / File Bus– Hub and Spoke

• Automated and Process Driven• Centralized Governance• Multi-Platform Considerations

Do you have visibility to the data? (i.e., more than system monitoring)

Are your internal systems secured?(at a minimum no FTP)

Business to Business (B2B) Pattern

• Connecting with other organizations– Standards driven– Context aware

• Community and partner lifecycle management are essential

• Automated and process driven• Flexible security• Often requires data services

– Validation– Transformation– Routing

Are your current tools able to address your needs?

Do you have the business involved to help manage your trading community?

Multi-Site Integration Pattern

• File movement between systems across sites (hub/spoke or peer to peer)

• Centralized governance and site management

• Automated and process driven• Broadcast/Collect• Multi-platform considerations

Deploy and manage multiple connections (efficiently)

Automate, Automate, Automate

Portal File Services Pattern

• Connecting the human web experience and MFT

• Web portal exposing a business service• User access and management (LDAP/AD,

SSO, On-boarding)

• Transparent integration with end user workflow and backend systems

More than ease of use(secure and efficient file exchange beyond the portal)

Seamless and complete integration(no hops, batching, or queuing)

Ad-Hoc File Transfer Pattern• Unplanned processes between humans• Two models

– Repository based (persistence for sharing)– Recipient based (targeted to individual or group)

• User access and management– LDAP/AD– SSO– On-boarding

• Policy based control of file access and transfer

Can you audit and govern H2S/H2H exchange?(controlling the humans is a must!)

Define security up front and stand your ground

Humans

Systems

File Transfer Patterns

1. Application Integration

2. Multi-Site Integration

3. B2B

4. Portal File Transfers

5. Ad hoc & email

Aut

omat

edIn

tera

ctiv

e

Sec

urity

/ V

isib

ility

/ G

over

nanc

e


MFT Best Practices

Centralize via a MFT Gateway


Corporate Network

HTTP/S

FTP/S

SSHFTP

EDIINT

DMZ

Mainframe

Other

Windows

Customer

Self Service

Internet

UNIXMFT

Gateway

1. Close gaps to the external

2. Set priorities beyond consolidation

3. Stage the scope of pattern coverage

4. Rollout effort based on needs

Edge Server

Web Server

Optimize B2B and Internal Integration


Corporate Network

HTTP/S

FTP/S

SSHFTP

EDIINT

Mainframe

Other

Windows

Customer

Self Service

Internet

UNIXMFT

Gateway

Application Integration

Business to Business

Edge Server

Web Server

DMZ

Extend Internal File Exchange


Corporate Network

HTTP/S

FTP/S

SSHFTP

EDIINT

Mainframe

Other

Windows

Customer

Self Service

Internet

UNIXMFT

Gateway


Business to BusinessT

T

T

T

Multi-Site Integration

Edge Server

Web Server

DMZ

Cover The Human Element


Corporate Network

HTTP/S

FTP/S

SSHFTP

EDIINT

Edge Server

Mainframe

Other

Windows

Customer

Self Service

Web Server

T

T

T

T

Ad-Hoc File Transfer

Internet

UNIXMFT

GatewayMulti-Site

Integration


Portal File Services

Business to Business

DMZ

Managing Your File Transfer Patterns

• Scope out growth and complexity of data framework– Define and prioritize critical ‘exchange relationships’– S2S, B2B, A2A, P2P, B2P, B2C, etc.

• Quantify and qualify data content relationships– Outline support for business types, groups, or departments– Update compliance to standards and regulations

• Account for risk factors– Consider both external and internal security event paths– Identify the risk types (data loss, intellectual property theft, data privacy

breach, compliance violations, etc.)

• Set realistic coverage objectives– What level?– How comprehensive or complex?

© 2009 Axway - Confidential and proprietary. All rights reserved.

25

Questions/Discussion

For more information visit: www.axway.com

1 Managed File Transfer: Insights and Best Practices Steven Jordan Director, Supply Chain Solutions.

Documents

Transcript of 1 Managed File Transfer: Insights and Best Practices Steven Jordan Director, Supply Chain Solutions.