There is no shortage of tools or various ways of accomplishing this task, if your users are sufficiently capable or you are just doing it yourself.
My point is that the technology is available. Most solutions, large or small, will involve an SSL-encrypted session or enhanced FTP service like SFTP. But the root problem is management of these services. My stance is that I am a fan of self-service for all skill levels. So, for the marketing employee who needs to get a 2 GB-compressed file to the advertisement agency every day for the next few weeks as new company commercials are edited and produced, a one-timer IT service can get old very quickly.
Various IT operations will have a wide range of secure file transfer requirements. Topics such as file types, restricted content, bandwidth usage, cost, access control, delegation, storage requirements, backup requirements, and other factors are a starting point for determining the best way to approach a solution. Smaller shops may be able to stand up a small Web server with externally facing access and manage one-at-a-time large transfers.
Larger enterprises will spend more time identifying the requirements and management policies so that the solution becomes a user-friendly tool. That is important, because if the mechanism is not user friendly, users will find another way to transfer content. This can include costly or insecure mechanisms.
What, then, is the nirvana of large, secure file transfer? It would be a service that meets the following requirements:
- Is easy to use for non-IT employees as a tool that is part of their job
- No involvement of IT, except for installation, upgrades, and policy definition
- Is easily accessible for external parties from an invitation from authorized internal person
- Has robust logging of transfer and access of content
- Active Directory integration
- Application and storage both hosted internally
- Policy and delegation for management
- Compliance requirements maintained
Ideally, IT would use a solution that would be internally administered and provided like other "commodity" items such as e-mail and Web access. The requirements listed above is my short list of requirements for a secure file exchange implementation.
In my initial research, I had pointed out four commercial solutions that can provide solutions for this need. I am inclined to look first at the Accellion Managed File Transfer for an enterprise solution. Remember that everyone's needs may vary, and the use case for large, external file transfer may vary widely from organization to organization. What have you done to identify your requirements for secure file transfer? Share your comments below on what you have learned along the way.
Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.