The Intricacies of File Transfer in 3D: How SFTP and MFT Work Together to Supreme Effect

July 13, 2022 Security and Compliance, MOVEit

Behold, the New Age of secure file transfer is upon us. Next-level file transfer protocols like FTPS, HTTPS and SFTP have already announced their presence on the world stage in some style. The best part? They’ve brought with them a slew of security perks that were once only a reserve of Cyber movies (FTP, please stop reading this).

But if you’re like any other forward-thinking IT professional, you know too well that these protocols cannot pull any weight on their own. They need to be embedded in some sort of transfer solution or server to become whole and fully functional.

Enter MFT (Managed File Transfer).

Some think that MFT and SFTP cannot correlate. Others, perhaps oblivious of the very building blocks that make up MFT, casually dismiss SFTP as just any other flimsy standalone protocol. Believe me, that’s nothing more than some empty talk— yada, yada, yada.

But just in case you’re among the skeptics, this blog will clear the fog around this topic once and for all. In it, you’ll learn how SFTP and MFT work together, plus the mechanics of it all. You wouldn’t want to miss for the world. Let’s go!

But First…A Quick Look at the Acronyms in Question

What is SFTP?

Think of SFTP, or Secure File Transfer Protocol, as a more advanced version of FTP. If both of these protocols were Cadillacs, FTP would probably be the good ol’ Cadillac De Ville (iconic, yes, but a little too rugged and rigid) while SFTP would be the Cadillac Escalade (newer and ultimately safer).

At its core, SFTP is essentially a secure FTP protocol that transmits files over secure shell (SSH). SSH, ladies and gentlemen, is the protocol that SFTP uses to move files securely across any ecosystem—enterprise or otherwise.

Of course, SFTP also implements AES, Triple DES, and similar algorithms to encrypt files in-transit. However, it’s the SSH protection layer that gives it a clear distinction over other file transfer protocols.

What is MFT?

Aah, MFT (Managed File Transfer). Before we start showering praises on this incredible, ground-breaking solution, let’s first look at its definition.

MFT is simply a solution that encompasses all aspects of file transfer processes—including security, workflows, auditing and administration—from a single, do-it-all interface.

And it goes much further. The “managed” part of MFT works to give you centralized visibility, access and control over your data infrastructure as well as internal and external transfers.

Now, let’s quickly shift gears and focus on the gist of the matter (shall we?)

Answering the Million-Dollar Question: Can SFTP and MFT Work Together?

Heck yes!

These two were made for each other—more like Harvey Specter and Michael Ross from the popular TV series Suits, or John Wick and his dog Daisy in the blockbuster movie John Wick.

While it’s true that SFTP is inherently a security protocol, it forms a fundamental part of the MFT setup. In retrospect, MFT wouldn’t be what it is today if SFTP wasn’t in the mix from the get-go.

The SFTP & MFT Combo Explained: How the Two Actually Work Together

Put these two acronyms together (something like MFT SFTP) and you’ll literally be walking in a pool of alphabets.

Jokes aside, SFTP and MFT really do make the perfect couple, and that’s largely due to the fact that MFT allows for multiple protocols and connectors—one of them being SFTP.

Let’s paint up how this combo works together using a simple file transfer workflow:

Step 1: Original File Begins Its Journey from the MFT Solution/Plugin

Say you need to send a confidential file to someone in a remote office.

Maybe it’s an audit report for a trading partner, a sensitive document bearing a patient’s personal information, or maybe it’s a financial document for a business partner. Whatever the scenario, you can send the file to a third party using an MFT solution like MOVEit Transfer.

Ideally, the file in question can follow many different paths to reach its intended destination. For instance, you can:

  • Automatically send it directly through the managed file transfer workflow
  • Send it via a web client (access to the MFT solution from a browser)
  • Place the file in a dedicated folder that the recipient can connect to securely for download (hey there, MOVEit Secure Folder Sharing)

Once this step is locked in, it’s time to bring SFTP protocol into the equation.

Step 2: Your MFT Solution Encrypts the File Using SFTP

After you drop your file in a secure, highly-monitored folder or upload it to your web browser, your MFT solution receives the data and secures it in a few different ways.

Managed file transfer can encrypt your files using FIPS 104-2 Validated Cryptography or the OpenPGP standard, among others. As for the actual in-transit data, your MFT solution can leverage one of SSL/FTPS, SSH/SFTP, AS2, or HTTP/HTTPS protocols to encrypt it. But for the sake of this blog, we’ll narrow down our focus to SFTP.

And so the journey begins…

It all starts with the MFT solution sending the data through the SSH protocol that’s ingrained within SFTP. While it’s in there, this data is encrypted throughout the entirety of its journey. And when it’s in full flow, the chances of interrupting, obscuring, or compromising it are virtually zero.

To ensure maximum security and ultimately make the transmission tick, SSH uses modern encryption:

  • Advanced Encryption Standard (AES) to encrypt the data

SSH really does bring forth the best ammunition when it comes to securing in-transit data. AES is one of those, and boy does it do a pretty good job! It’s essentially a symmetric block cipher that leverages complex mathematics (look away, math critics) and the unique properties of prime numbers to encrypt data with a key—the length of which determines the difficulty of breaking the cipher. Typically, this means the use of AES-256 or AES-128 algorithms, which use a 256-bit or 128-bit key respectively (good luck breaking a message that requires 2256 different combinations!).

  • A Hashing algorithm to determine data integrity

While there are many hashing algorithms out there for protecting in-transit data, SSH leverages the best of them all: SHA-2.

A “hash” is a unique alphanumeric value created by processing the data through a hashing algorithm. The idea is that if the data is run through the same hashing algorithm, it will produce an identical hash. Similarly, if the data produces a different hash than the one provided, it’s a clear indication that it’s been modified.

The bottom line? There’s nothing that SFTP and MFT can’t accomplish together. Like David and Jonathan of the bible, SSH/SFTP and MFT work hand-in-hand to ensure that the data in transit reaches its final destination unperturbed and secure from prying eyes.

Step 3: Encrypted File is Delivered to the Recipient and Decrypted

Still on our “confidential file” analogy…

When the MFT file transfer file leaves your server, it’s sent to whatever location you indicated for the recipient—whether that be an email address, a designated folder on another server, and so on.

From there, the recipient at the remote office grabs the file, decrypts it, and if need be, translates it.

However, you’d be wrong to think that the SFTP/MFT magic ends there.

Looking Far Beyond the Horizon: Does the Magical Duo of SFTP and MFT Support Compliance?

You bet your bottom dollar it does!

Transactions specific to a number of industries often contain highly sensitive data. For example, in the insurance business, policy information often changes hands between carriers. Similarly, in the healthcare sector, patients are regularly exchanged between hospitals, doctors and payment providers. This information may contain birth dates, addresses, social security numbers, names, and other confidential information.

Guess which solution industry actors prefer for transferring mission-critical or otherwise sensitive data?

SFTP-supported MFT, of course!

It goes without saying that loss of sensitive data can result in immense financial expense, drawn-out lawsuits and public embarrassment for the affected company. Something as simple as complying to the regulations that define the dos and don’ts of securing sensitive data can prevent organizations from falling into such pitfalls head-first.

These regulations include (but are not limited to):

PCI DSS: Requires that credit card numbers be encrypted while “at rest” and “in motion”. Failure to do so can result in heavy fines and potential loss of your merchant account.

The GDPR: Requires organizations that offer serves to EU residents meet several privacy rules that relate to data portability, inventory, data breach notification, and more.

HIPPA: Holds healthcare institutions accountable for the privacy of their patients’ records.

SFTP-enabled MFT facilitates seamless compliance to the aforementioned regulations through:

  • Workflow automation
  • End-to-end visibility and control
  • Tracking
  • Robust data protection through encryption
  • Logging
  • Reporting
  • Failover and delivery assurance

At this point, I know you’re probably wondering: “How do these functionalities remotely relate to SFTP and compliance for that matter?”

Great question!

Remember, SFTP is a secure transfer protocol in and of itself. Which means that without the security capabilities that it brings forth, MFT solutions wouldn’t be able to hit the protection threshold that regulations like GDPR and HIPPA so strictly demand. In other words, you can’t claim to be GDPR- or HIPPA-compliant if SFTP isn’t in your managed file transfer setup. It’s that simple.

In the same vein, there wouldn’t be anything to “track”, “control”, or even “report on” if data gets stolen while in transit. And as you well know, having complete oversight over in-transit data is crucial to keeping trading partners and customers happy. No one would get an ounce of sleep knowing fully well that their mission-critical files could be intercepted by malicious actors any minute. Having a complete picture of a typical file transfer workflow is what a SFTP-enabled MFT is truly about.

So, again, we arrive at the same point as in all the other sections: SFTP and MFT are undoubtedly a match made in heaven.

What about FTP? Can It Work With MFT?

Heck no! Not even in FTP’s wildest dreams.

MFT has evolved greatly in the past couple of years. While some MFT solutions still support FTP connections, this protocol is gradually being phased out, with more and more organizations opting for the more secure SFTP.

Put differently, FTP can’t work with MFT simply because credentials and sensitive files sent over this protocol are transferred “in the clear.” This means your information is inherently at the mercy of cyber-attackers, and anyone with the know-how can access and intercept the files you send via FTP. Oops.

Along with the encryption capabilities it’s so blatantly lacking, FTP is also missing features like integrity checking and on-the-go authentication. Mind you, these features are the very hallmark of SFTP, and by extension, MFT.

From this analogy alone, it’s easy to deduce the most obvious point of all: SFTP is a few notches better than FTP. It’s not even close. For this reason alone, it deserves to eat at the same table as MFT.

MOVEit Offers The Best of Every World, and Then Some

If you’re still stuck on procuring a standalone SFTP software, that’s fine. The least we can do is point you in the right direction.

Our first and only stop in this quest is Progress. If you are need of an effective SFTP Client for Windows, look no further than Progress’s WS_FTP Professional. By far the world’s most popular commercial client, WS_FTP Professional supports SSH/SFTP transfers (duh!), 256-bit AES encryption, FIPS 140-2 validated cryptography and OpenPGP file encryption. And for the sake of guaranteeing delivery and validating that transferred files have not been compromised in any way, there’s SHA-256 and SHA-512, both of which are adept at checking file integrity.

Need a Secure FTP business-grade server that’s based on windows? You’ll definitely do well with WS_FTP Server.

However, for those of you want to experience the full perks of SFTP in a native MFT environment, MOVEit File Transfer is unarguably your best bet. Our one-of-its-kind MFT even dares to go beyond typical SFTP, providing file encryption at rest and during transfer, robust management and user access capabilities, cyber security, as well as workflow automation.

WS_FTP Server, WS_FTP Professional Client and MOVEit Transfer are all proven to be secure, reliable and a cut above every other file transfer software out there. It’s up to you to take that leap of faith and add to the statistic of IT professionals who are actually leading from the front, not merely spectating from the sidelines.

Give MOVEit a trial today!

Victor Kananda

Read next Why HealthCare Needs Secure File Transfer—and How to Get it