The Shortcut Guide to Secure, Managed File Transfer

by Don Jones


Every company in the world moves files around - between systems, between business partners, and between employees. But not many companies do so securely or in a managed fashion that supports auditing, compliance, automation, and workflow. In The Shortcut Guide to Secure, Managed File Transfer you'll learn about traditional and emerging concerns related to file transfers, including the ad-hoc, person-to-person file transfers that are often the least managed, least secure, and least visible way in which your company's sensitive data moves around. You'll also learn about the modern solution space for securing and managing file transfers, and learn how to define your company's unique business needs and evaluate solutions to provide more security, more automation, better workflow, and better reliability.


Chapter 1: How to Tell if You Need Secure, Managed File Transfer

If your organization is like most, you probably move more than a few files from place to place. There are probably several—if not hundreds of—vendors or business partners that you transfer information to, perhaps in an XML file or even a comma-separated values (CSV) file that was exported from a spreadsheet or database. Some of these file transfers may happen on a regular, scheduled basis; I'm betting that more than a few of your organization's file transfers happen on-demand, in a more ad-hoc fashion. You probably move files within your organization as well, either between departments or perhaps even between divisions.

One reason you may have started reading this book is the word "secure" in the title, although the word "managed" may have pulled you in, too. More and more organizations are grappling with that "security" word these days, either because they're simply tightening their own internal controls over their corporate information or because they're subject to industry requirements or legislative requirements that force them to secure and audit certain types of information. As more data flies back and forth across our private and public networks, we have good reason to become more concerned about who else might be reading that data—hence the focus on security.

If you've read the previous two paragraphs and thought, "Yes, this is my organization," then you've found the right book. I wrote this book specifically for organizations that need to move data from place to place, and need to do so in a secure, auditable, managed fashion, no matter what kind of data they're moving.

In Chapter 1 of The Shortcut Guide to Secure, Managed File Transfer, you will learn about the many organizational needs for file transfer. You will also learn about the different file transfer scenarios that may apply to your business, as well as the security and management requirements of each.

Chapter 2: Common File Transfer Myths

As I work with consulting clients and as I speak with IT professionals at various conferences and tradeshows, I encounter more than a few misconceptions and bad assumptions related to file transfer. Some of these myths range from relatively minor misunderstandings to extremely major beliefs that actually hold back the person's entire organization. Let's play "Mythbusters" and examine some of these myths. I'll look at the most common ones I run across, explain where they came from—because many of them do, in fact, contain a nugget of truth—and see how they hold up to cold, hard facts.

Chapter 3: Mapping Business Requirements to Technical Capabilities - Creating Your File Transfer Shopping List

By this point, you're probably ready to start considering a secure, managed file transfer solution for your company, or even for a specific department, division, or project. Before you start doing Google searches on "managed file transfer," however, you need to have a solid list of your requirements in mind. Although a lot of managed file transfer solutions are remarkably similar in basic capabilities, each of them does offer unique features that, depending on your needs, may be advantageous or disadvantageous to your organization. In this chapter, I'll examine specific business requirements that you may have and translate those to the technical requirements of a file transfer solution.

It's important for me to acknowledge that I can't determine which of these business requirements are important for your business; that's up to you. What I can do, however, is cover the ones that are important to a variety of businesses, explain why each one might be important, and let you use that information to construct your own shopping list for file transfer capabilities.

Chapter 4: Evaluating and Selecting a Secure, Managed File Transfer Solution

By now, you're ready to construct your file transfer shopping list, if you haven't done so already. With that list in hand, you can start evaluating file transfer solutions. Chapter 4 focuses on the task of actually evaluating a file transfer solution against your capabilities shopping list. I'll show you a technique for scoring different solutions on your list, and cover some of the often-overlooked details that can save you a lot of time and money—after all, nobody likes to acquire a solution only to find out weeks or months later that the features you bought aren't quite what you were hoping for.