As a starter, File Transfer is pretty straight forward - getting a packaged data, in form factor ranging from a simple text file to a multi-GB folder containing multiple files in complex sub-directory hierarchy relationship, from point A to point B electronically.
Secure, on the other hand, is the part that people have a wide range of opinions on.
Some people take a narrow view of security and only consider secure file transfer in technical terms. The considerations tend to focus on protocols and methods of encryption such as the use of SSL and SSH in flavors like HTTPS (HTTP over SSL) or SFTP.
My contention is that technical security is a necessary but insufficient condition - ability to be secure technically is just the table stake to be in the game, in other words. Why? Because technology does not operate in vacuum.
At the organizational level, there are three typical drivers for being Secure:
- Regulatory and compliance requirements - think HIPAA and Sarbanes-Oxley (SOX) as the most recent and prominent examples.
- Protect institutional assets such as intellectual property (IP) and confidential information - think of all the IP involved with the outsourced activities most organizations engage in these days.
- Build and maintain a trusting relationship with outside stakeholders - I would hate to be the CitiFinancial representative to tell customers and partners that their information is lost.
That's the $64 question, as the saying goes.
Coming up next: how companies meet their Secure File Transfer requirements without killing the IT staff or inciting end user riot. (Hint: Secure File Transfer Appliance, SFTA.)