Secure Managed File Transfer: A Deep Dive into GoAnywhere MFT and Globalscape In the modern enterprise landscape, the secure and efficient exchange of data is a critical business function. Organizations must move vast amounts of sensitive information between internal systems, remote employees, and external trading partners while adhering to strict compliance regulations. Managed File Transfer (MFT) has emerged as the premier solution for these needs, going far beyond the capabilities of basic FTP or SFTP. Two of the leading solutions in this space are GoAnywhere MFT and Globalscape EFT , both now under the umbrella of Fortra . While they share the goal of securing data in transit and at rest, they offer unique strengths tailored to different organizational requirements. What is GoAnywhere MFT? GoAnywhere MFT is a comprehensive secure file transfer solution designed to automate and centralize data exchange. It is widely recognized for its robust automation capabilities and user-friendly interface, which allows teams to manage complex workflows without extensive coding or scripting. Key Features of GoAnywhere MFT
Enhancing Enterprise File Transfer Security and Automation with Globalscape GoAnywhere MFT Abstract As organizations face increasing threats from cyberattacks and require compliance with data protection regulations (GDPR, HIPAA, PCI-DSS), Managed File Transfer (MFT) solutions have become essential. This paper examines Globalscape GoAnywhere MFT, a commercial solution that provides encrypted, auditable, and automated file transfers across internal systems and external partners. We analyze its architecture, key features (including the new GoAnywhere MFT 7.x interface), security protocols, deployment models, and its role in replacing legacy FTP servers and scripting. 1. Introduction Traditional file transfer methods such as FTP, SFTP, and custom scripts lack centralized auditing, granular access controls, and robust automation. GoAnywhere MFT addresses these gaps by offering a single platform for:
Secure protocols: SFTP, FTPS, AS2, HTTPS, and native cloud connectors. Workflow automation: No-code/low-code graphical designer for complex transfer logic. Visibility: Detailed logs, reports, and real-time alerts.
2. System Architecture GoAnywhere MFT follows a modular architecture: | Component | Function | |-----------|----------| | GoAnywhere Gateway | Reverse proxy / DMZ gateway that hides internal servers from the internet. | | GoAnywhere MFT Agent | Lightweight agent for LAN-to-DMZ transfers without opening inbound ports. | | GoAnywhere Administrator | Web-based management console (users, projects, schedules, certificates). | | Database Backend | Stores configuration, user data, audit logs (supports MS SQL, PostgreSQL, Oracle, MySQL). | Figure 1: High-level architecture showing Gateway in DMZ and MFT server inside trusted network. 3. Key Features 3.1 Secure Protocols and Encryption globalscape goanywhere mft
Supports OpenPGP , AES-256 at rest, TLS 1.3 for transit. Built-in certificate management (create, renew, revoke, trust chains).
3.2 Automation Workflow Designer Visual drag-and-drop interface to build projects containing:
Triggers (time-based, event-based, API call) Actions (encrypt, decrypt, compress, move, email) Conditional logic (if/else, loops, error handling) Secure Managed File Transfer: A Deep Dive into
Example workflow: Watch folder → Pick up CSV → Encrypt with PGP → Upload to S3 → Send email notification 3.3 GoAnywhere MFT 7.x Enhancements
REST API First architecture for complete programmatic control. Web-based file upload form for external users (no client software required). Folder monitoring with subfolder recursion.
4. Security and Compliance | Requirement | GoAnywhere Implementation | |-------------|----------------------------| | Audit trail | Tamper-evident logs; who, what, when, source IP, file hash. | | Data at rest | AES-256 volume encryption or per-file PGP. | | Authentication | LDAP/AD, SAML 2.0, RADIUS, X.509 certificates, MFA (TOTP). | | Compliance reports | Pre-built templates for PCI DSS 4.0, HIPAA, SOX. | 5. Deployment Models Two of the leading solutions in this space
On-premises: Windows, Linux (RHEL, Ubuntu), AIX, Solaris. Docker / Kubernetes: Supported via Helm charts. Cloud VM: AWS AMI, Azure Marketplace, Google Cloud Launcher. GoAnywhere Cloud (SaaS): Fully managed by Fortra (parent company since 2022).
6. Comparison with Legacy FTP | Capability | Legacy FTP Scripts | GoAnywhere MFT | |------------|--------------------|----------------| | Encrypted transfer | Optional (FTPS) | Mandatory configurable | | Automated retries | Custom code | Built-in exponential backoff | | Audit trail | Manual log parsing | Centralized, searchable | | Partner onboarding | Share credentials via email | Secure portal + expiring accounts | | High availability | Difficult | Active-passive cluster supported | 7. Use Cases