Control IP, Demonstrate Compliance, Focus on Core Business

Managed File Transfer (MFT):

A Secret Corporate Weapon

www.seeburger.com
 I N T R O D U CT I O N

Executive Summary
How many times have you struggled to send a large file to someone, particularly when you are in a hurry?
How often has your business suffered (along with your nerves) when a file arrived late for system processing,
or even at all? If the answer to these questions is ‘lots’, then you will be pleased to know help is available…

…we no longer have to put-up with restricted e-mail attachment sizes (typically 8MB), nor do our systems
remain at the mercy of outdated forty-year-old transfer protocols such as FTP. The new world order consists of
a little-known secret corporate weapon known as MFT, and when deployed properly can help you:

1. Control
Intellectual
Property (IP)

2. Demonstrate
Compliance

3. Focus on
Core Business

This paper uses three real-world business scenarios to illustrate how MFT can deliver the above core benefits.

We hope that you find this paper informative and use it as motivation to change the file transfer landscape
within your organization for the better (no matter which vendor you choose to embark upon your MFT
journey with).

On behalf of all the MFT team,

Ian N Goldsmith
Business Development Director

2
Putting Your Business Front and Centre
To be clear from the outset, this is not your average whitepaper written and published by a software vendor
supplier. Why? Because the most important thing to your professional life, i.e. your business, is going to be
placed front and center stage from the outset. What good is it if the virtues of a particular technology are
extolled before fully understanding the extent of the challenges and requirements faced by businesses?

The credibility of such business understanding not only
derives from our 30-year history as a software vendor in
helping over 10,000 customers the world over securely
exchange information on a daily basis, but also because of
the author’s personal involvement with helping all manner of
business’s securely move files throughout a 25-year career
in IT. He also has first-hand experience of being placed in
highly pressurized situations requiring large and sensitive
files to be delivered by a deadline. What’s more, because
the appropriate corporate tools were not made available,
he was left with no option other than to resort to ‘unfit for
purpose’ solutions to simply get the job done. Not pretty, not
clever, just needs must situations that could have otherwise
been avoided with a little foresight and investment in the
right technology solutions such as MFT.
It is this experience (and more) that this paper draws upon
in order to bring your attention to the right way to move files
around with MFT, without having to resort to last ditch risk
laden measures that could have a negative impact on you
and your company further down the line. This paper does so
by identifying three main business scenarios that capture
all manner of file transfer usage requirements the author
has witnessed over the years. It is hoped that at least one
business scenario can be clearly identified with, and that
the scenario(s) resonate enough into prompting a change to
the file transfer landscape within your organization by way
of deploying an MFT solution.

3
 S C E N A R I O S

Business Scenario #1:

New Product Development
Imagine the scenario where a product development team needs to securely collaborate with development
partners by way of sharing CAD drawings, image renderings etc. so as to quickly ready a new product for market
and thus gain competitive edge. In parallel to the development of the product, the marketing team needs to
securely engage advertising agencies to produce print and video ads in time for the new product launch.

Product Dev. Team Product Dev. Partners

Marketing Team Advertising Agencies

CAD BMP

PSD MOV

Figure 1 – Human-Oriented File Transfer

Potential Solution: Use Technology That Is Already In Place (and ‘freely‘ accessible)
The above scenario could relate just as much to a service being developed rather than a tangible product per
say. The highlighted words above show the operative parts of the requirement, no matter a product or service,
i. e. files that are fundamental to the development and marketing of the offering need to be securely shared
outside of the organization.

This essentially boils down to a requirement for humans In trying to address the requirement of human-oriented file
to be able to share files securely with other humans as transfer by way of technology that is already in place, or
depicted in Figure 1. This is known as human-oriented file personally accessible to employees, chronologically this is
transfer. typically how things pan-out:

One option to meet this human-oriented file transfer 1. Try sending the files with corporate e-mail, but realize
requirement (as we will see throughout all of the business they are too big for the e-mail server, therefore…
scenarios) is to use whatever technology is already in place, 2. Try compressing the files (ZIP’ing), but realize they are
even if it is not ideally fit for purpose. In this case, the option still too big for the e-mail server, therefore…
nearly always extends to employees’ personal choice of 3. Try sending the files with personal e-mail, but realize
technology not approved by their employer (and thus not only the smaller files get through, therefore…
under corporate control) when the corporate tools can’t a. Use a personal file sharing service such as DropBox,
get the job done. This situation is not without problems as Hightail etc.
illustrated below. AND/OR
b. Write the files to physical media such as a USB Stick,
Flash Drive, Disc etc. and post/courier.
Product Dev. Team Product Dev. Partners
Marketing Team Advertising Agencies
Using the technologies highlighted above that are typically
x security CAD BMP x control already in place and that are accessible for ‘free’, will get
@ the job done to a certain extent. However, this is not without
introducing some major risks.

PSD MOV
USB
x visibility x speed

Figure 2 – Existing Technologies and their Associated Risks

4
Recommended Solution: Managed File Transfer (MFT)
By making an MFT solution available to the Product Product Dev. Team Product Dev. Partners
Development and Marketing teams, they will be able Marketing Team Advertising Agencies
to securely collaborate with development partners and
advertising agencies alike in order to maximize competitive security CAD BMP control
advantage without compromising security. This is achieved
by mitigating against the risks associated with conventional
existing technologies such as e-mail, ZIP compression,
PSD MFT MOV
physical storage + post/couriers.
visibility speed

Figure 3 – Benefits of MFT for new Product Development

A Comparison: E-Mail/Physical Media/File Sharing Services versus MFT

E-Mail/Physical Media/File Sharing Services MFT

x E
 -Mail is sent in the clear (unencrypted) making
Security it incredibly easy for information to be gleaned
should it be intercepted. The same is true of
data written to physical media which is then
posted.
E-Mail is encrypted, meaning that even if it were
intercepted, its contents are unlikely to ever be
compromised. Additionally, most MFT solutions
now support two-factor authentication.

x U
 sing personal e-mail and file sharing services
means that data is no longer corporate
Control controlled. The same is true when using a
postal/courier service to deliver physical
media, i.e. control is lost.
Third party personal e-mail accounts, file
sharing services and postal services/couriers
are no longer needed, therefore total corporate
control over the exchange of files can be
exercised.

x W
 ith personal e-mail and file sharing services,
Visibility there is no corporate visibility into activity.
The same is true when using a postal/courier
service (albeit reduced with tracking services).
Every file transfer activity is logged in the MFT
server. This is presented as a visible audit-
trail, especially important when demonstrating
compliance.

x W
 riting files to physical media and posting/
couriering introduces unwanted delay – slow-
Speed ing product development down and potentially
jeopardizing competitive advantage.
With a simple plug-in, a corporate’s regular
e-mail client can be utilized for sending files
securely, meaning no time is wasted in having
to switch to a separate interface to use the MFT
solution.

Summary
If running the risk of security being compromised, control
being relinquished, visibility being diminished and speed
being restricted is acceptable to your business, then go-
ahead and utilise what is already available to you by way of
corporate e-mail, physical media and third party file sharing
services. Alternatively, with the investment of just a little
bit of time, effort and money into an MFT solution, the risks
mentioned above can be easily mitigated against.

5
 S C E N A R I O S

Business Scenario #2:

Subsidiary Data Exchange
Imagine the scenario where sales performance and inventory data files from each subsidiary need to be
sent securely and in a timely fashion to HQ (Headquarters) on a daily basis. Conversely, price adjustments,
promotions and catalogue updates need to be distributed from HQ to all subsidiaries on a periodic basis.
The highlighted words above show the operative parts of the requirement, i.e. files that are fundamental to
the day-to-day operation of the business need to be securely exchanged on a timely basis.

What this typically translates to is a requirement for local/ Headquarters Subsidiaries

regional Electronic Point of Sale (EPOS) and Stock Control
systems to be able to exchange files securely with a master
Enterprise Resource Planning (ERP) system at HQ as depicted Idoc DAT
in Figure 4. This is otherwise known as system-oriented file
transfer.

SQL TXT
As before, one option to meet this system-oriented file
transfer requirement is to use whatever technology is
already in place within an organization, even if it is not
Figure 4 – System-Oriented File Transfer
ideally fit for purpose. This situation is not without problems
as illustrated in Figure 5.

Potential Solution: FTP?

As soon as any system-oriented file transfer requirement presents itself, the incumbent technology that is
nearly always turned to is File Transfer Protocol (FTP). Despite being invented in the 1970’s, it is still in wide-
spread use today due to its epidemic spread as something that is perceived as ‘free’. The protocol itself may
indeed be free, but the costs involved with the upkeep of an FTP based landscape very quickly accumulate,
e.g. the writing and maintenance of scripts (to make-up for the lack of functionality in the protocol), the
programming/scheduling of file transfers, the labor needed to monitor/correct incomplete file transfers and
duplicate files, etc.

A common alternative and/or additional solution to FTP Headquarters Subsidiaries

is that of shared storage. This typically takes the form of
either System Attached Network (SAN) or Network Attached
Storage (NAS) devices. These are essentially shared storage x cost Idoc DAT x audit-trail
areas on physical disks that can be made available to FTP
systems via granting of the appropriate access permissions.
Undoubtedly, shared storage solutions can be incredibly
SQL TXT
useful for sharing files between systems providing the x speed x compliance
permissions are tightly controlled and the remote access
channels from the subsidiaries are kept secure. However,
Figure 5 – Existing Technologies and Their Associated Risks
the major downside to such a technique for file sharing is
the lack of a centralized activity log that can be used for
audit trail/compliance purposes, let alone providing any
notion of non-repudiation (unequivocal proof that a file sent
by one system is indeed the file read by another system).

6
Recommended Solution: Managed File Transfer (MFT)
By using an MFT solution to exchange files between the Headquarters Subsidiaries
subsidiaries’ EPOS/stock control systems and HQ’s ERP
system, the business can operate safe in the knowledge
that the sales information used to control current stock cost Idoc DAT audit-trail
levels and predict future levels is accurate, and that
pricing adjustments, promotions and catalogue updates
are accurately reflected with consistency across the entire
SQL MFT TXT
business ecosystem.
speed compliance

Figure 6 – Benefits of MFT for Subsidiary Data Exchange

A Comparison: FTP/NAS versus Managed File Transfer (MFT)

FTP/NAS MFT

x S
 upporting a ‘free’ protocol such as FTP incurs
a cost of employing staff with the technical
Cost competence to manage frequent changes to
the IT landscape, e.g. script maintenance,
scheduling, remedial file action etc.
MFT empowers businesses with limited techni-
cal knowledge to monitor and control file trans-
fer activity easily and cost effectively through a
simple User Interface (UI).

x U
 sing a protocol such as FTP often results in un-
desired delay due to incomplete files, duplicate
Speed files, incorrectly named/located files etc.
If a file transfer were to be interrupted mid-
flight, e.g. loss of network, loss of power etc.,
then automatic checkpoint/restart capability
ensures that time is not wasted in transferring
the file from the beginning again.

x S
 hared storage doesn’t provide an activity log
Audit that can be used for audit trail purposes – let
Trail alone providing any notion of non-repudiation
in the event of a file dispute.
A comprehensive audit trail captures all file
transfer that has taken place across the entire
MFT landscape.

x C
 ontrolling what can and can’t be transferred 
With increasing demand to uphold internal
Compli- is difficult to implement without a rules based standards and comply with external regulations,
ance approach. a ‘single source of truth’ audit trail provides
demonstrability of compliance.

Summary
If you are comfortable with the potential risks of costs esca-
lating, speed being restricted, audit trails lacking and hav-
ing no notion of compliance, then go-ahead and utilise what
is already available to you by way of FTP and shared storage.
Alternatively, with the investment of just a little bit of time,
effort and money into an MFT solution, the risks mentioned
above can be easily mitigated against when exchanging
subsidiary data.

7
 S C E N A R I O S

Business Scenario #3:

Significant Event Reporting
Imagine the scenario where both convenience and expediency are needed by customers and members of
the general public when using their mobile devices to capture and securely post evidence (still imagery,
video footage, descriptive words, GPS data etc.) of significant events in near real-time, e. g. vehicle
accidents, crimes in progress etc. The highlighted words above show the operative parts of the requirement,
i. e. people need a convenient, expedient and secure mechanism for capturing and securely posting evidence
in an effort to help insurance companies and police forces conduct their business efficiently.

In reality this means providing a method for insurance
companies and police forces to obtain the recorded evidence
stored on peoples’ mobile devices. Such evidence would
typically consist of still pictures, videos, written descriptive
words, GPS location data etc. This needs to ultimately end-up
in the hands of the insurance companies and police forces so
that it can be processed accordingly as shown in Figure 7. This
is otherwise known as human-to-system file transfer.
Both the insurance industry and police forces are generally
binary when it comes to appetite for embracing new
technology. That is, they tend to either be technology
adverse OR they are all in for digitalization wherever
possible. For those that prefer to remain paper/process
based, this will ultimately lead to customer dissatisfaction
for a number of reasons, e.g. having to wait for seemingly
inordinate amounts of time for claims to be processed
(let alone payments made), having to provide the same
information numerous times (often due to poor process/
form design), not knowing where their claim is in terms
of progress through the system etc. For those insurance
companies and police forces that embrace digitalization,
there stands a higher chance of improving the quality of
service provided. However, if they elect to do this by trying
to utilize existing technology that is already in place, there
may very well turn-out to be problems as illustrated below.
Customers Insurance Companies
General Public Police Forces
JPG JPG
MOV MOV
Figure 7 – Human-to-System File Transfer

Potential Solution: Use Technology That Is Already In Place

The crux of the challenge in question is not only i) how to securely extract the evidence from hundreds of
different models of mobile devices (let alone the different operating system types and versions running on
them) and store it on the servers accessed by the insurance companies and police forces respectively, but
also ii) how to associate the collected evidence with the person submitting it and also the people that it
relates to, e. g. third parties, victims of crime, perpetrators of crime etc.

This is a situation very similar to that illustrated in Business company or police force. This is all rather long-winded and
Scenario #1: New Product Development on page 4. That is, too technical for the average customer and member of the
the first attempted method of transfer will involve the user public. Also, there will be concerns that highly sensitive
trying to e-mail the evidence from their mobile device to a evidence will be stored on the service providers’ servers, of
generic e-mail address for the insurance company or police which the geo-location of data cannot be restricted.
force. To re-cap, not only is e-mail sent in the clear but the
e-mail server limit will most likely restrict the amount of x security x simplicity
JPG JPG
evidence that can be sent – not a good situation. File sharing
@
apps. such as DropBox and Hightail will most probably then
be turned to as they have a much higher threshold in terms
of data volume. The problem however is that the user will MOV MOV
have to download and install (if they haven’t already) an x speed x control
app, register an account, upload the information to their
storage area, and then make it available to the insurance Figure 8 – Existing Technologies and their Associated Risks

8
Recommended Solution: Managed File Transfer (MFT)
With MFT, a freely available app can be given to users and General Public Police Forces
members of the public that guides/prompts the user through
the whole process of securely sharing the captured evidence security Idoc DAT simplicity
on their mobile device with their insurance company or local
police force. This not only takes the onus away from the user
in having to figure out their own way of sending the evidence,
but also ensures that no details are missed during a time SQL MFT TXT
when the user may not be thinking clearly owing to highly speed control
stressful situations, e. g. being involved in a vehicle accident,
witnessing a crime in progress etc. Figure 9 – Benefits of MFT for Human-to-System Significant Event Reporting

A Comparison: E-Mail/File Sharing Service versus Managed File Transfer (MFT)

E-Mail/File Sharing Service MFT

Security x E
 -Mail is sent in the clear, i.e. it is not encrypted. Evidence is sent across a secure channel from
This makes it incredibly easy for information to directly within the app.
be gleaned should e-mails be intercepted.

x The average user will not have the technical A simple to use single app ensures the user
capability to download, install, register, and submits all necessary elements of evidence
Simplicity use a file sharing service app such as DropBox, with the minimum of complexity.
Hightail etc.

x E
very minute wasted in submitting evidence
Speed ultimately affects the quality of service. In the
case of crime reporting this can be critical to
catching the perpetrators of crime.
No time is wasted in the user having to figure-
out their own method for sending evidence.
Additionally, pre-registering users on the app
saves time by them not having to enter their
credentials.

x 
With the use of file sharing service apps. such
as DropBox, Hightail etc., highly sensitive data
Control
is no longer under the control of the insurance
company or police force.
The app enables complete in-house control of
potentially highly sensitive data, meaning the
risk of it being stored on third party file sharing
servers (where data cannot be geographically
restricted) is negated.

Summary
If running the risk of security being compromised, simplicity
being abandoned, speed being restricted and control being
relinquished is acceptable to you, then go-ahead and utilise
what is already available by way of regular e-mail and file
sharing services. Alternatively, with the investment of just a
little bit of time, effort and money into an MFT solution, the
risks mentioned can be easily mitigated against.

9
 C U S T OM E R S U C ESS S TO R I ES

What Some of Our Customers Say About MFT

Flexible and secure data interchange with external development partners

BSH Hausgeräte GmbH – largest household appliance manufacturer in Europe

The objective of BSH was to complete the new set up of the entire file transfer process with external development
partners to a single solution from one source within the framework of a PDM/PLM consolidation. During this process,
factors such as future security, modern interfaces and up-to-date technologies were to be taken into account. At the
end of the decision making process, SEEBURGER‘s MFT solution was chosen as best fit.

“With the new, future-proof software, everything is provided from one single source. BSH has also been able to make
significant savings due to the phasing out of the old ad-hoc transfer solution.”

Hartmut Weber, Service Manager of EDI, Factories at BSH Hausgeräte GmbH

> Read more

Highest security levels and easy-to-use services for its customers

Raiffeisen Informatik GmbH – leading technology service provider to banks and insurance co.‘s

Raiffeisen Informatik chose SEEBURGER‘s MFT for its highly configurable technology and comprehensive technical
capabilities to add to its customer-friendly service offering for its banking and insurance customers.

“In addition to providing an easy to use service and the technical specifications needed, SEEBURGER also offers a
flexible licensing model based on actual usage of the service. This means our customers are using a high value, lower
cost service.”

Johannes Freudl, Team Leader – Managed File Transfer, Raiffeisen Informatik GmbH
> Read more

AllianderAlliander N.V. – leading distributer of energy such as electricity, (bio)gas and heat

“We evaluated seven different MFT platforms before selecting SEEBURGER. Within Alliander we saw resistance to using
an MFT platform in the beginning – because NAS shares are so easy to implement. Today we see an understanding for
Managed File Transfer and it’s now a prerequisite for every project.”

Joop Aalbers, Application Consultant at Alliander

> Read more

10
S U M M A R Y

Three Core Business Benefits of MFT

The previous pages have conveyed just some of the many benefits to be gained with MFT by way of three
business scenarios. These benefits can in fact be rolled-up into three core overarching business benefits of
utilising MFT in the file transfer landscape as shown in Figure 10.

1. Control Intellectual Property (IP) – After its people, a

company’s most prizde asset is its intellectual property
(IP). Without an appropriate IT solution in place, leakage 1. Control
of IP can cause potential harm on multiple inextricably Intellectual • Security
linked fronts, e.g. loss of competitive advantage, Property (IP) • Control
financial penalties incurred for negligence, share value
depreciation, brand trust issues amongst the markets
etc. With an MFT solution in place, risks such are these
are vastly mitigated against. • Visibility
2. Demonstrate • Audit Trail
2. Demonstrate Compliance – Adhering to changes such Compliance • Compliance
as GDPR without an appropriate IT solution in place can
not only prove to be challenging, but also costly in the
case of incurred penalties. These regulatory rules are
challenging to implement, especially in a sprawling IT
landscape that never seems to stay static. With an MFT 3. Focus on • Speed
solution in place, regulatory rules can be reflected in the Core Business • Cost
workflow and centrally managed to easily accommodate • Simplicity
future changes.

3. Focus on Core Business – The most successful companies

are those that are able to execute against their plan/ Figure 10 – Three Core Business Benefits of MFT
vision without being sucked into the vacuum of non-
core business activity, e.g. figuring out how to move
computer files around that contain sensitive/important
data (often large in size). Without an appropriate IT
solution in place, staff waste valuable time in trying to
manipulate outdated tools and inappropriate practices
into performing a job they were never designed to do.
With an MFT solution in place, employees and machines
are empowered to send files containing sensitive data
to the right place at the right time, all with maximum
efficiency and with the minimum of fuss.

We hope that you found this paper informative and will use
it as motivation to change the file transfer landscape within
your organisation for the better (no matter which vendor you
choose to embark upon your MFT journey with).

Lastly, for simplicity’s sake we would encourage you to seek

out an MFT supplier that is able to provide all permutations
of human-oriented and system oriented file transfer
requirements from a single solution.

11
www.seeburger.com

www.seeburger.com/global-offices

01/2019 © SEEBURGER AG