Celebrating Twenty Years of Managed File Transfer Excellence (and Security)

by | Apr 15, 2024

Experience is a great teacher. And when you’ve been doing the same thing for two decades, you can get pretty good. How good? At Coviant Software we’ve been 100% focused on providing the best possible secure managed file transfer (MFT) software for twenty years, and if you subscribe to the 10,000 hours theory put forth by Malcolm Gladwell in his book Outliers, that makes us experts more than four times over. That’s practicing the same pursuit for eight hours a day, five days a week, for 20 straight years and, by that measure, it’s safe to say that Coviant Software has earned the right to be considered experts in our field.

During that time, we’ve learned a few lessons in what to do—and what not to do. At the top of the no-no list is prioritizing convenience over security. We’ve never done this, but some in our industry do seem to have made questionable decisions when designing their products. Often there’s pressure from the C-suite, under orders from private equity ownership, to emphasize ease-of-use and eliminate “extra” steps that might be seen as inconvenient. The problem is, when these inconveniences are intended to protect valuable data, the risks outweigh the benefits.

Our Journey Began 20 Years Ago

Of course, it doesn’t have to be that way. The secure-by-design philosophy pre-dates our founding in 2004 and was followed for the first iteration of our Diplomat MFT solution, which grew out of a project undertaken on behalf of a large and prestigious regional hospital. Because the purpose was to manage the transfer of financial data, we knew security had to be integral to the product’s design. A major challenge we addressed then was to not only make sure the product was secure, but to make those security features easy.

The encrypt/decrypt process is complicated, and it is especially complicated for individuals who are not used to working with software at the command line level. It was imperative that every file be encrypted using OpenPGP and that every transfer be protected using the secure transport protocol SFTP. But merely supporting those standards isn’t enough because it you rely on people to do the work, they’ll either skip those steps, find workarounds, or make a mistake.  It is unrealistic to expect employees in a busy organization to manually encrypt and decrypt thousands of individual file transfers each day.

Instead, we designed the Diplomat MFT solution with process automations to automatically handle the more complex actions involved in file transfers, including file encryption and decryption. When you take that approach, you enhance security because those essential steps are integral to the process and happen without the need for a human being to do anything extra and thus eliminate the chance of human error.

Secure-by-Design from the Start

Another secure-by-design choice we’ve embraced for our twenty years of operations is secure deployment. This is often overlooked but is of vital importance to maximizing data integrity and network security. Back in 2004 cloud adoption hadn’t yet become a mega-trend, but digital supply chains were, and deploying administrative dashboards outside the firewall, exposed to the public internet, made it easier for administrators and partners to access resources. But it also made it easy for cybercriminals to access those resources. That is especially risky for a software product that handles high value, highly sensitive data. And the risks would become obvious in 2023 when several managed file transfer platforms, most notably GoAnywhere and MOVEit, were exploited by the Cl0p ransomware gang who then used their access to those products to breach more than 2,600 organizations (both directly and through the digital supply chain) and compromise the private data of 90 million people. The common element in the MOVEit and GoAnywhere breaches was the deployment of administrative dashboards outside of network firewalls.

Another lesson we’ve learned and followed over our twenty years is the importance of continuous testing and improvement. We listen intently to our customers when they provide feedback. Most often those comments are along the lines of, “It would be really nice if Diplomat MFT could do a certain task.” (That’s how we came to add file replication capabilities after Qlik announced it was sunsetting its popular Repliweb product.) Occasionally we’ll hear some constructive criticism, as well, and every such interaction is discussed internally as we seek to improve product utility and performance. But we also pay close attention to the cybersecurity alerts, including the Cybersecurity & Infrastructure Security Agency’s (CISA) CVE feed.

Join Us on Our Journey

Any alert that is relevant to our products gets examined to make sure the associated vulnerability is not present in Diplomat MFT, or corrected if it is. Testing, retesting, and improving our products is a continuing process for us, even while other products remain static. There is simply no excuse for any vendor to skimp on ongoing investments for any product it is actively selling and supporting. It’s not consistent with our passion for product excellence and for our determination to remain atop the ratings as delivering our industry’s finest customer and technical support.

It has been our distinct pleasure designing, developing, delivering, and supporting the world’s best secure managed file transfer solution for the past twenty years. It is our intent to continue to do so for the next twenty years. We appreciated every customer that has joined us for the ride (including that first customer, who is still with us today!) and invite you to consider Coviant Software Diplomat MFT to securely and reliably handle your most critical file transfer needs.