Advanced Cyber Solutions

MOVEit Managed File Transfer

Cloud based secure managed file transfer platform, supporting FTP/FTPS/SFTP/ASx/HTTPs access. Support for authentication sources such as LDAP and Azure AD, with added MFA. File encryption on disk, configurable permissions, sharing with outside third-parties and full tamper evident audit logging.

Features

  • Support for FTP/SFTP/FTPS/ASx/HTTPS
  • Authentication with Azure AD, LDAP, SAMLv2, ODBC, Local Accounts
  • File encryption with FIPS 140-2 validated AES265bit
  • Ad-Hoc file sharing by email invitation
  • Build in multi-factor authentication
  • Tamper-evident Audit logging
  • Granular permissions for access to files and folders
  • Full REST API
  • Folder sharing with external parties
  • Desktop client for drag-and-drop file downloads and uploads

Benefits

  • Share files with internal and external users securely
  • Replace FTP/SFTP servers with a secure alternative
  • Secure access to files with federated identities and MFA
  • Secure publically files using file encryption
  • Link automated file workflows with a single point
  • Guaranteed logs detailing when files were downloaded/added
  • Share files with the click of a button using email

Pricing

£124 to £156 per user per year

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

5 8 6 6 5 3 8 4 0 6 6 6 6 7 2

Contact

Advanced Cyber Solutions

Chris Payne

+442032903417

chris.payne@advancedcyber.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Uptime of 99.9%, with 43 minutes of maintenance scheduled per month.
System requirements
  • Microsoft IE, Edge, Chrome, Mozilla Firefox or Safari.
  • Microsoft Windows, Mac OS X or Linux operating system.
  • MOVEit Client - Microsoft Windows or OS X (Optional)
  • Ad-Hoc Plug-in - Microsoft Outlook (Optional)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support will accept technical support tickets on a 24/7 basis. SLA of 2 hours for a response to all raised tickets, within UK office hours (09:00 - 17:30). Support provided from Galway, Ireland and Boston, MA, USA.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels 2 Hour response SLA during UK office hours (09:00-17:30). Support is included in the license cost. A technical account manager will be provided, cloud support engineers will be dynamically assigned tickets based on availability and capability.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Every purchase of MOVEit Cloud includes a 2-hour web-based training class, where we will take the administration team through the customisation options and answer any questions they may have.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Either the customer or Ipswitch can provide an extract of information at the end of a contract period.
End-of-contract process Customers are offered subscription renewal three months before the expiration of their current subscription period. If the renewal is not accepted and the service is to be cancelled, the customer is provided with a date upon which the service will become unavailable.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service No technical differences. The service can be accessed via a dedicated app, available for Android or Apple devices; or using their mobile web browser.
Service interface No
API Yes
What users can and can't do using the API Full REST API available.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment No
Customisation available Yes
Description of customisation Customisation of language, logos, colours and schema. Automated email templates and technical support contact information can be customised also. There are various options such as turning on user-led password resets which can also customise the interface, enabling the functionality.

Scaling

Scaling
Independence of resources MOVEit Cloud has licensed restrictions on user accounts and usage of the service, which allow us to ensure that the service is scalable and efficient for all our customers. Customer accounts are split over multiple hosted tenants.

Analytics

Analytics
Service usage metrics Yes
Metrics types MOVEit Cloud contains reporting capabilities which can list number of files uploaded/downloaded, cumulative size, user activity and more.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra support
Organisation whose services are being resold Ipswitch

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach User information can be exported using the REST API. Reports can be downloaded in HTML or CSV format. Files can be downloaded using one of the supported file transfer protocols. FTP/FTPS/SFTP/HTTPS.
Data export formats
  • CSV
  • Other
Other data export formats Files will be exported in their native format
Data import formats
  • CSV
  • Other
Other data import formats Files can be uploaded in their native formats.

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks SSH/SFTP encryption and file hashing.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability MOVEit Cloud has an uptime of 99.9% and a support response SLA of 2 hours, inside of support hours.

Compensation for downtime is at the discretion of the service provided and evaluated on a case-by-case basis.
Approach to resilience Available on request.
Outage reporting Public status website and email for planned outages.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication Local user accounts, LDAP, ODBC.
Access restrictions in management interfaces and support channels Access to administration accounts can be restricted by IP address mask and accessing protocol. MOVEit cloud also blocks accounts and IP addresses which fail to authenticate successfully after a number of attempts.
Access restriction testing frequency Less than once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication Local Accounts, LDAP, ODBC.

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Available on Request
PCI DSS accreditation date Available on Request
What the PCI DSS doesn’t cover Available on Request
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security No
Security governance certified No
Security governance approach MOVEit cloud is certified for PCI-DSS and has a yearly audit to ensure compliance with the GDPR. Data centres are SOC2 compliant.
Information security policies and processes None.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Ipswitch has a dedicated MOVEit cloud team who assess impact before each software release is applied. That release is then applied to a non-production version and assessed for outcome before changes are made live.
Vulnerability management type Undisclosed
Vulnerability management approach MOVEit Cloud and the wider MOVEit software is assessed regularly against SANS and by a third-party. The results are not publicly disclosed, however any vulnerabilities are placed into the development queue for repair in the next release.
Protective monitoring type Undisclosed
Protective monitoring approach The MOVEit cloud operations team are responsible for the ongoing monitoring of the solution, using a variety of tools. They have strict processes for reporting breaches and containing them.
Incident management type Undisclosed
Incident management approach Incidents are reported to senior management and dealt with based on the recommendation of the MOVEit cloud operations teams and the choices of management. MOVEit cloud complies with all requirements of the GDPR and obligations for incident reporting as a data processor.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £124 to £156 per user per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Full access to MOVEit cloud for 30-days.

Service documents

Return to top ↑