File transfer, often done by e-mail attachment or FTP, is relatively straightforward. However, when you add in governance and other compliance issues, even FTP can create drama in the IT department. Since FTP is often overlooked, we checked out a few vendors who offer Secure File Transfer or Managed File Transfer solutions. One of them, Proginet, gave us an exclusive one-on-one.
You would think that with all the FTP and File access solutions on the market, Managed File Transfer, either from e-mail, desktops, NAS, or just about any medium you can imagine, would be easy. After all, you can encrypt files on the fly, and share them across a wide range of software and platforms with ease by using one of a hundred vendors. Why then, we wondered, was there such a spark in the MFT and SFT market?
Proginet has a single, very simple focus, and that's to move data. As a company it aims to secure data and move it quickly -- that’s all. Secure File Transfer should be easy but, as we learned, it’s not. We spoke with Proginet’s CIO Kevin Bohan, who told us about himself, the company, and everything in-between in an open but informative discussion.
The Tech Herald (TTH): Tell us about yourself and your company.
Kevin Bohan (KB): In 1989, I joined Proginet as a quality assurance engineer and we were one of the first file transfer vendors. At that time we were developers of XCOM, which supported 22 different operating systems, and has generated over $1 billion in revenue over the 20 plus years it has been on the market.
The products of those days were primarily focused on transferring data through systems internally; today, of course, the world is a different place. Via the Internet, data is exchanged across continents between partners and there are business advantages and obligations to protect that data along with a need to adhere to privacy regulations. Proginet has developed the next generation of file transfer and just last year Gartner issued its first Magic Quadrant report on ‘managed file transfer’, an indication that the market is becoming more visible by the users.
As the Grateful Dead might put it, ‘What a long, strange trip it’s been!’
TTH: Michael Osterman of Osterman Research says Managed File Transfer should be one of the top-five priorities in IT in just about any enterprise. Why’s that so?
KB: I think that the IT community is increasingly embracing ‘best practices’. Surveys of IT professionals show a high degree of respect for PCI DSS, which identifies 12 areas for anybody that accepts credit cards to get a grip on when it comes to protecting sensitive data. These 12 requirements identify many areas of security that organizations have had long adhered to such as: install and maintain a firewall, not using vendor supplied default passwords, use and regularly update antivirus.
When I look at these 12 areas I see perhaps four that may not have received the same attention as the others, they are; Protect stored cardholder data, Encrypt transmission of cardholder data across open, public networks, Track and monitor all access to network resources and cardholder data, and Regularly test security systems and processes.
Requirement 4: Encrypt transmission of cardholder data across open, public networks is clearly one that many organizations have overlooked, but are now starting to take steps to get their arms around. MFT is designed to address this specific weakness and provides organizations with many other benefits. I believe that this is the reason that Michael Osterman has identified MFT as one of the top five priorities.
TTH: Who are some of the companies you hold as clients? What have you been able to do for them?
KB: We have clients ranging from the Fortune 100 to small architecture and law firms, to U.S. government agencies. I’m half-kidding when I say if I were to tell you who those government agencies are, they might have to kill me.
In all seriousness, regardless of particular verticals or industries, they all have common needs – an effective way to share information between systems and/or business partners and a way to track what info has been shared, by whom, and when.
[The] key is making it as easy possible to share information without requiring technical or professional services, and without a user having to modify his/her behavior to deploy robust MFT.
At this point in the interview, we talked a little about Slingshot, one of the products Proginet offers for email attachment management. Slingshot is just one of four different products offered by the company. Another, aimed at MFT, is called the CyberFusion Integration Suite. The CFIS has five components that allow a company to send files of any size to anyone anywhere, regardless of platform.
Slingshot interested us because of its features and usage. Unlike MFT, which is aimed at larger enterprises, Slingshot is almost universal when it comes to company size, anyone would benefit from having it. Not to mention, Slingshot has the same scope as CFIS, where file size doesn’t matter, and everything is secured.
TTH: What about SMBs, how can the little guy benefit from Slingshot?
KB: Slingshot 1.6 has an Outlook plug-in that provides an enhanced capability to send, secure, and control attachments, thus solving all of the major problems associated with email attachments – size, space, security, and control.
Additionally, [it] enables a user to send any size file to anyone with Internet access, even if the user doesn’t have an email account or doesn’t have access to their email system.
Slingshot 1.6 integrates seamlessly with e-mail systems so that users can easily share and transfer files of any size. Attachments travel a parallel path to the e-mail server and are stored on the Slingshot server. This eliminates attachment clutter from the e-mail server, mailbox, and .PST files. Slingshot 1.6 provides total security by encrypting attachments while in transit between the sender and recipient and while at rest awaiting receipt.
The attachment data store can be placed behind firewalls and DMZs for additional layers of data security. Slingshot 1.6 creates logs and time stamps for every step of the process to provide customers with total control, auditability and compliance with organizational policies and industry regulations.
TTH: Why is FTP not enough anymore considering all the security available for it, including alternatives to fast encryption, logging and auditing, and storage from various software vendors?
KB: The problem with FTP is the underlying protocol itself of FTP. It doesn’t have the guaranteed delivery and error handling required by mission critical applications. As a result developers are often left to developing their own workarounds to the limitations of FTP that add complexity, overhead and cost. By going with managed file transfer solution you get an easy to use mission critical file transfer solution from the get go. People tend to believe that FTP is free, when in fact it can be quite costly. You have to write a bunch of applications to cover for a poor transfer solution
I like to compare FTP to MFT by making a comparison to regular mail versus Federal Express, with a bit of a surprising twist. Sending a letter from New York to L.A. costs 42 cents via regular mail…it can get there, and then again it might not…Fed Express is a delivery solution that people pay a lot of money for – between $20 and $30 -- so that they can absolutely, positively, be sure their package gets to its destination on-time. MFT is robust like Federal Express...when you absolutely, positively need to know that your file has been delivered on-time.
But where MFT is different than Federal Express: MFT actually isn’t costly like Federal Express is compared to the 42 cent stamp delivery approach. MFT can actually be less costly than FTP, because FTP in the end isn’t really that no frills postal delivery you would think it is. FTP ends up being a lot more expensive when the developers at the enterprise have to build those applications around the inadequacies of FTP. As for MFT, [it] doesn’t have to have a premium price tag when delivered via a vendor like Proginet. In fact, MFT can be both economical and robust at once.
TTH: How is what you offer any different or better than MFT solutions from Axway or Sterling Commerce (AT&T)?
KB: Today Axway and Sterling are the market share leaders. We’ve actually had several enterprises come to us and say they want to switch to Proginet because their existing MFT provider is driving them nuts with the inflexible software license structure.
They recognize that Proginet is better, cheaper, and faster. The CFI Suite is our fourth generation of file transfer and we learned a lot over the last 20 plus years. We have acceleration technology that allows us to transfer files faster over long distances than any other products.
We offer technology at lower price point than the vendors mentioned, and we are the only vendor that enables file transfer for application to application, between businesses, and between end users or the user to user file transfer. The other players don’t have the single solution that can make all that happen, across all platforms, whereas we do.
TTH: What are three things a company should consider when looking at MFT options, not just when assessing your company, but anyone offering MFT solutions?
KB: First you have to understand what your file transfer needs are and aren’t. Typically we find there are three areas of needs: application to application, between businesses, and between end users for file transfer. What you have to do is see if a vendor can address these three areas of needs, and if they are able to provide a single solution as opposed to a patchwork approach
Secondly, which is an extension of understanding your needs, you need to assess how many platforms your business and your business partners operate upon. And you have to ask if the file transfer solution you employ can support the various platforms (e.g. Windows, Unix, iSeries and the mainframe)
We all know that file transfer is one aspect of the larger business process. Transferring data from one system to the other is just a part of leveraging mission critical data. To be both efficient and strategic, you want to automate as many things as possible, such as error recovery, data transformation, pre- and post-processing of data and the list goes on.
I just mentioned three things that you want to consider when looking at MFT options. Just as important, you want to assess the vendor’s ability to provide you a solution that addresses your particular needs as opposed to settling for a cookie cutter, one size fits all solution that’s sold by a vendor to every Tom, Dick or Harry customer.
TTH: Lastly, what are your strengths and weaknesses as a vendor? Where do you exceed and where are you lagging but working to improve?
KB: Our strength is our understanding of the market and where it is going and our flexibility as far as licensing models, pricing options and willingness to work with the customers. And the area where we need to improve is our sales & marketing, and one of the key areas for improving that is strengthening our direct sales model but at the same time forging key partnerships with OEMs, systems integrators, VARs, and resellers.
As Proginet expands its market reach, exchanging files with other business partners who leverage CFI will make it easier to users to exchange files.
Want regular updates from The Tech Herald? Follow us on Twitter.
Interested in a more interactive TTH? Join our Facebook Group.