The 8 ‘moving house’ considerations you need to work through
1. Your place or mine?
(Planning where your Secure File Transfer should live)
2. What level of security is enough to motivate you to move?
3. Should you alert the neighbours?
(And will they care?)
4. Can you maintain the same neighbourhood relationships despite moving?
5. Will moving give you the chance to modernise?
6. What should you pack?
(Do I still need those "special configurations" or customisations?)
7. How much more room will you need at your new place?
8. Selling the move
1. Your place or mine?
(Planning where your Secure File Transfer should live)
In considering a move from your current offering, one of the most important decisions is where it will run?
So, what are you thinking? Do you plan to run your new Secure File Transfer in your own cloud tenant or on premises? As an SaaS offering with your vendor?
Or a little bit of both? Regardless, key considerations are your security requirements as an application, your organisation’s posture on security and privacy, and where the data will reside.
Generally, if you think of going cloud or hybrid, and the destination you have in mind doesn’t support data residency in your country of origin, then forget it. You may as well buy a house with bathrooms in another country.
If you’re leaning towards the cloud, then you also need to keep your SLAs in mind. Often, “4 9s” is overkill. And 99.9%, or maybe even 99%, is more than adequate due to the fact it’s a “transfer” solution not a retention application per se, and the required response time on that data being transferred via files. Keep in mind, the higher the SLA, the more costly it becomes.
Do-It-Yourself or Done-for- You? (Do you want a hands- on or hand-off relationship?)
Do-It-Yourself or Done-for-You? (Do you want a hands-on or hand-off relationship?)tion, or are you hanging out to hand it over to someone else? This is an interesting consideration. Historically, many companies preferred to hand over responsibility to a systems integration partner while continuing to run the infrastructure on their own premises or tenant.
While the burden of admin and management is lightened, it can be a costly model. Perhaps you already have in-house specialist knowledge, skills, and capabilities? Or maybe you have a long-running contract with a partner or SI that has these skills. In that case, you may wish to take all or part of the responsibility for the application’s utilisation and management but gain the advantage of letting someone else run the infrastructure in the cloud. Or maybe you want to keep the whole thing on your own tenant?
A move to the cloud will make your life easier. But the question is, how much easier do you want it to be? If you move to the cloud and leave the management to your vendor, you only need to request the service and receive its benefits over time. What’s that worth to you?
2. What level of security is enough to motivate you to move?
In many cases, your file transfer application has to deliver secure movement of data across the threshold of your department, organisation, partner ecosystem - and potentially wider to end customers. Before doing anything, you need to identify precisely what your current security requirements are and what you’d like to see improved. In other words, there’s no point in moving if you’re not going to maintain or potentially strengthen your security posture.
So, as a minimum, you’ll need a good handle on your organisation’s view on security and privacy in the cloud and the requirements you’ll have for any vendors you’ve shortlisted. And, of course, there’s also the potential that a regulator for companies in regulated industries also has its own view. Consulting your security and privacy office early and identifying the compliance expectations around SOC, ISO, regulatory, BCP, and general security will smooth the evaluation process.
3. Should you alert the neighbours?
(And will they care?)
Moving your Secure File Transfer solution is often a little more involved than moving house. Why? Unlike simply letting your friends and family know that you’re off, cancelling the bin collection, setting up a mail redirection and moving, your secure file transfer solution often has specialised connections to third parties. And these parties need to know as they’ll need to work with you to establish a new connection. It’s like letting Amazon or Uber Eats know your new delivery address and updating your credit card details. If they can’t connect, they can’t deliver.
In most cases, these IP connections must be whitelisted for added security, making access to your new location “invite only”. But be warned, out of everything involved in moving from your current offering to a new Secure File Transfer, this will likely take the longest in terms of time once you begin the move.
While it’s easy for the vendor to do the whitelisting work, you’ll need to be aware that it’s likely that you’ll have to follow up and make sure your partners pay attention to your “new address”.
However, you do have another option. In today’s cloud offerings, you can Bring Your Own IP (BYOIP) address. If you take this approach, your current IP address can be ‘transferred’ to the cloud service. This means there’s nothing for your third-party partners to do; it’s business as usual.
To note: A BYOIP requires approval from your networking and infrastructure team. But it’s one of those tasks that can be asked and answered before you start.
4. Can you maintain the same neighbourhood relationships (i.e. the applications your file transfer interacts with) despite moving?
Shifting inevitably impacts those around you - for example, your neighbours, local shops, and tradies. But the good news is that moving doesn’t have to destroy the connection you value and wish to maintain - as long as you understand that file transfer solutions don’t live in a vacuum. If you look beyond the file transfer part, there’s a transform to/from process that brings data from other applications into files.
So, before moving, it’s very (very) important to understand what applications your Secure File Transfer solution talks to and how. Why?
Sometimes, a change to the route, even if for the better, may disrupt the actual flow – a further consideration.
In some instances, a change to the file transfer application can cause an additional change to this transformation process and create a gap between what you’re currently doing and what you need to do with the new file transfer application
5. Will moving give you the chance to modernise?
Applications can handle what you want to throw at them in terms of your unique ways to route or process data. But when moving from one file transfer application to a new one, you may want to consider if this is a good opportunity to ‘modernise.’ (Answer: Yes!)
File transfer has been around for a long time, and people don’t always take or have the time to relook at the original flows, routes, or processes you have for moving files to see if they can be improved and made more efficient.
Sometimes, your mandate may just be to get to a new solution as fast as possible (often off the back of a mandate to get to the cloud).
But other times, you may have a chance to look at what you are doing and seek to modernise or optimise the approach.
While the ‘modernise’ approach takes a little more time, an expert voice can help you identify opportunities for efficiency, consolidation and better security. And while you’re thinking about it, moving to a new provider should inherently provide modernisation opportunities. But maybe all you really need to do is some housekeeping. Like removing old and unused flows, customisations and/or accounts or users that no longer really use the application.
6. What should you pack?
(Do I still need those “special configurations” or customisations?)
When considering a change and how quickly you can make it, the second largest activity that can impact the speed of a move is how many specialised configurations and/or customisations you may have in your current environment and what needs to happen once they are moved.
So, ask yourself – do I need to pack them all? No, you don’t. This could be a great time to simplify.
Customisations come in all shapes and sizes and are often generated from a historical requirement using a potentially historical integration pattern due to your current application. Moving to a new file transfer application allows you to reevaluate these configurations and customisations and decide if they’re as good as they can be.
Now is the time to ask if there’s possibly a better way to accomplish the same activity in a more vanilla configuration that will be easier for all moving forward.
Newer and more robust applications that, of course, have not been hacked from a security standpoint, support a lot of options for configuration and customisation. But before you go there, it’s ideal to get a holistic view of the number of customisations and configurations and what they do. This will give everyone a greater understanding of the options available and the effort to move.
7. How much more room will you need at your new place?
Nothing screams disaster like choosing to move and then finding out the new place isn’t as highly spec’d as you expected. Your dishwasher won’t run, and you have terrible bandwidth.
If you’re going with a powerful Secure File Transfer application, you don’t have to worry much about the volume of flows, how they’re designed or how much volume will go through on average. But - you may want to consider the elasticity of the configuration and whether that is enough to handle the volume at peak.
The strongest and most secure applications in the industry can handle all that volume and then some easily. However, you ideally want to have a view of both in order to make sure that the application will do what you want in the cloud. Otherwise, you risk exceeding the usage that the application is rated for, which can be more costly than preparing and having a view.
8. What should you pack?
(Do I still need those “special configurations” or customisations?)
Once you’ve considered all the above points, you’re ready to bring everyone along with you. After all, no one wants to be a Johnny No-Mates and end up home alone.
So, what else does your organisation need to know? What should be on their worry list?
Concern about security posture
Over the last few years, the file transfer pattern has caught the interest of large hacking groups around the globe. Several players in the file transfer space have had critical exposures that have led to reputational and financial loss for their customers. Sadly, you can expect more of the same in the future, so many security teams are looking for better ways to secure and protect data moving via files.
Change in strategy around where the application runs
Nearly all file transfer applications started on the ground (on-prem). Now, most are moving to a cloud tenant. This has resulted in a desire to see the software provider run the application as SaaS.
Staff and expertise churn
Understandably, file transfer isn’t seen as exciting compared with, well, almost anything. This makes it hard to find internal or external resources to support the application in the long term. And personnel churn means changes in training and quality. This can take time and money – a bitter pill to swallow when it happens repeatedly.
Change in integration strategy
If change is in the air where your organisation is revisiting their integration approach, then a fresh approach to Secure File Transfer is often forgotten but clearly a key element to that change. Why? Because while many organisations have tried to make changes to the old pattern of moving files, the partner ecosystem, and regulators, sometimes their own systems prevent that move from being complete.
The ability to keep scaling
While file transfer is a historical pattern that is considered “older” and, dare we say, maybe not even considered “cool”, it’s a critical and necessary one still today. Many organisations continue to grow their file transfer footprint by onboarding more partners and clients, increasing their volume and ramping up their overall expectations of the application’s capabilities. Instead of going away, file transfer is here to stay and scale – not just in performance but in the capabilities required to keep pace with organisational needs.
Cost savings
Although the cloud can be more expensive when you only look at the external costs, when the reduction in your internal costs is factored in, it often turns out to be far cheaper. The hidden costs in a file transfer deployment - like annual security testing, virus scanning, infrastructure, personnel and more - may make a cloud move a better option than just upgrading your on-prem software. And when considering the time it takes to onboard a partner or customer there may even be a lost opportunity cost that should be considered.
Ready to talk about making a move?
