Sure, FTP is the easiest way to get a large file to an outside party — but is that the best way? There are better ways to service the need to securely exchange files in a manageable fashion, including managed file transfer services.
How many times have you fielded the question about how to move large amounts of data between external parties? Sure we can set up a file transfer protocol (FTP) server or e-mail the materials, but that frequently leaves much to be desired on many sides. The permissions and access model of FTP does not lend itself to a well-managed configuration. E-mail, on the other hand, is not intended to be a mechanism to move large files between organizations. Further, there is no standard on maximum message attachment size limits by mail servers or spam filtering mechanisms.
Savvy end users may discover Web services such as FileBucket to provide files for exchange to other parties, but there are clear risks to copyrighted material, intellectual property, and sensitive data. Many organizations block Web sites such as FileBucket for this reason. With this dilemma, what options does a network administrator have to address this often legitimate need?One popular choice is to internally provide a service using an account model that is time limited and tied to specific access so that the advertising agency does not have access to the HR consultant's files, for example. While this can be accomplished through services such FTP, the administration level is quite high to establish access and accounts. What has become now a viable option is a managed service that can provide a secure file exchange. The managed file transfer service space has many offerings, such as Tumbleweed SecureTransport, Ipswitch MOVEit DMZ, Sterling Commerce's Managed File Transfer, and various Accellion products. While the offerings vary in complexity, feature level, and technologies in use, the important takeaway is that there are managed options to address this need.
Unfortunately, due to protections in place such as blocking large e-mail attachments or public file exchange sites, potentially private data is exchanged via personal Web mail or physically sent on media to the intended recipient. In order for a managed file exchange mechanism to be implemented, there needs to be adequate training and endorsement from management and the users. Ideally, a secure, managed file transfer would be easier for users to exchange files, making it the natural choice. But, if tracking the movement of sensitive data outside the organization and to external organizations is a priority, it may be worth investigating some of the managed file transfer services.