Secure file exchange management critical to successful transfers
Tuesday, May 12, 2009 12:58 PM
In an earlier post about secure file exchanges, many TechRepublic members came back with a mixed bag of opinions on the topic.
TechRepublic member flhtc and darksidegeek outline how they have invested time and effort into crafting a homegrown solution of sorts based on scripting, front-end interfaces and URL obfuscation. While they will definitely get points for software purchase cost control, there are questions of how well these services will scale and how friendly the interface is for users who are not IT pros.
Smaller shops may be able to craft solutions that work well for the occasional large file transfer. On the opposite side of this, if a large enterprise has a Web development team available internally, this type of of solution could be made with a high degree of quality instead of a collection of scripts copied and pasted off of the Internet. Also in the post, TechRepublic member Jason_Mcc sums up my perspective well. Quoting Jason:
There is no shortage of tools or various ways of accomplishing this task, if your users are sufficiently capable or you are just doing it yourself.
My point is that the technology is available. Most solutions, large or small, will involve an SSL-encrypted session or enhanced FTP service like SFTP. But the root problem is management of these services. My stance is that I am a fan of self-service for all skill levels. So, for the marketing employee who needs to get a 2 GB-compressed file to the advertisement agency every day for the next few weeks as new company commercials are edited and produced, a one-timer IT service can get old very quickly.
Various IT operations will have a wide range of secure file transfer requirements. Topics such as file types, restricted content, bandwidth usage, cost, access control, delegation, storage requirements, backup requirements, and other factors are a starting point for determining the best way to approach a solution. Smaller shops may be able to stand up a small Web server with externally facing access and manage one-at-a-time large transfers.
Larger enterprises will spend more time identifying the requirements and management policies so that the solution becomes a user-friendly tool. That is important, because if the mechanism is not user friendly, users will find another way to transfer content. This can include costly or insecure mechanisms.
What, then, is the nirvana of large, secure file transfer? It would be a service that meets the following requirements:
- Is easy to use for non-IT employees as a tool that is part of their job
- No involvement of IT, except for installation, upgrades, and policy definition
- Is easily accessible for external parties from an invitation from authorized internal person
- Has robust logging of transfer and access of content
- Active Directory integration
- Application and storage both hosted internally
- Policy and delegation for management
- Compliance requirements maintained
Ideally, IT would use a solution that would be internally administered and provided like other "commodity" items such as e-mail and Web access. The requirements listed above is my short list of requirements for a secure file exchange implementation.
In my initial research, I had pointed out four commercial solutions that can provide solutions for this need. I am inclined to look first at the Accellion Managed File Transfer for an enterprise solution. Remember that everyone's needs may vary, and the use case for large, external file transfer may vary widely from organization to organization. What have you done to identify your requirements for secure file transfer? Share your comments below on what you have learned along the way.
Rick Vanover is a systems administrator for Safelite AutoGlass in Columbus, Ohio. Rick has over 12 years IT experience and focuses on virtualization, Windows-based server administration, and system hardware.
Many options available!
Hi Rick. Good article, its something that as specialist in a range of file transfer solutions at Pro2col we deal with on a day to day basis. As you point out each business has its own unique set of requirements but the general feature list remains the same. Depending upon budget there are plenty of options for customers it also depends on how they want to move data - by this I mean does a customer want to share data via email based solutions which require manual interaction or do they want the solution to form part of an automated workflow. Accellion is a great solution but only covers the manual process of sending files and is considered to be at the top end of the price range. Other options include Files2Links for a mid-range priced product with solid feature set or Hermstedt StingRay for the a slightly different feature set. I mention these two as they weren't in your original piece and they are products I've sold in the past. I've seen a number of companies develop their own solutions in the past which invariably come in late, over budget and have major support impacts going forward for the business. Personally, and I appreciate as a company I'm going to have a slightly biased opion here but I can't understand why any Enterprise would develop their own solution when more or less every angle is covered in the marketplace - if you know where to look. Cheers. James
Posted by James Lewis on Friday, May 15 2009 12:02 AM