Advanced Cyber Solutions

MOVEit Managed File Transfer

Cloud based secure managed file transfer platform, supporting FTP/FTPS/SFTP/ASx/HTTPs access. Support for authentication sources such as LDAP and Azure AD, with added MFA. File encryption on disk, configurable permissions, sharing with outside third-parties and full tamper evident audit logging.


  • Support for FTP/SFTP/FTPS/ASx/HTTPS
  • Authentication with Azure AD, LDAP, SAMLv2, ODBC, Local Accounts
  • File encryption with FIPS 140-2 validated AES265bit
  • Ad-Hoc file sharing by email invitation
  • Build in multi-factor authentication
  • Tamper-evident Audit logging
  • Granular permissions for access to files and folders
  • Full REST API
  • Folder sharing with external parties
  • Desktop client for drag-and-drop file downloads and uploads


  • Share files with internal and external users securely
  • Replace FTP/SFTP servers with a secure alternative
  • Secure access to files with federated identities and MFA
  • Secure publically files using file encryption
  • Link automated file workflows with a single point
  • Guaranteed logs detailing when files were downloaded/added
  • Share files with the click of a button using email


£124 to £156 per user per year

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

5 8 6 6 5 3 8 4 0 6 6 6 6 7 2


Advanced Cyber Solutions

Chris Payne


Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Uptime of 99.9%, with 43 minutes of maintenance scheduled per month.
System requirements
  • Microsoft IE, Edge, Chrome, Mozilla Firefox or Safari.
  • Microsoft Windows, Mac OS X or Linux operating system.
  • MOVEit Client - Microsoft Windows or OS X (Optional)
  • Ad-Hoc Plug-in - Microsoft Outlook (Optional)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support will accept technical support tickets on a 24/7 basis. SLA of 2 hours for a response to all raised tickets, within UK office hours (09:00 - 17:30). Support provided from Galway, Ireland and Boston, MA, USA.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
2 Hour response SLA during UK office hours (09:00-17:30). Support is included in the license cost. A technical account manager will be provided, cloud support engineers will be dynamically assigned tickets based on availability and capability.
Support available to third parties

Onboarding and offboarding

Getting started
Every purchase of MOVEit Cloud includes a 2-hour web-based training class, where we will take the administration team through the customisation options and answer any questions they may have.
Service documentation
Documentation formats
End-of-contract data extraction
Either the customer or Ipswitch can provide an extract of information at the end of a contract period.
End-of-contract process
Customers are offered subscription renewal three months before the expiration of their current subscription period. If the renewal is not accepted and the service is to be cancelled, the customer is provided with a date upon which the service will become unavailable.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
No technical differences. The service can be accessed via a dedicated app, available for Android or Apple devices; or using their mobile web browser.
Service interface
What users can and can't do using the API
Full REST API available.
API documentation
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Customisation available
Description of customisation
Customisation of language, logos, colours and schema. Automated email templates and technical support contact information can be customised also. There are various options such as turning on user-led password resets which can also customise the interface, enabling the functionality.


Independence of resources
MOVEit Cloud has licensed restrictions on user accounts and usage of the service, which allow us to ensure that the service is scalable and efficient for all our customers. Customer accounts are split over multiple hosted tenants.


Service usage metrics
Metrics types
MOVEit Cloud contains reporting capabilities which can list number of files uploaded/downloaded, cumulative size, user activity and more.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra support
Organisation whose services are being resold

Staff security

Staff security clearance
Staff screening not performed
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
User information can be exported using the REST API. Reports can be downloaded in HTML or CSV format. Files can be downloaded using one of the supported file transfer protocols. FTP/FTPS/SFTP/HTTPS.
Data export formats
  • CSV
  • Other
Other data export formats
Files will be exported in their native format
Data import formats
  • CSV
  • Other
Other data import formats
Files can be uploaded in their native formats.

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
SSH/SFTP encryption and file hashing.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
MOVEit Cloud has an uptime of 99.9% and a support response SLA of 2 hours, inside of support hours.

Compensation for downtime is at the discretion of the service provided and evaluated on a case-by-case basis.
Approach to resilience
Available on request.
Outage reporting
Public status website and email for planned outages.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
Local user accounts, LDAP, ODBC.
Access restrictions in management interfaces and support channels
Access to administration accounts can be restricted by IP address mask and accessing protocol. MOVEit cloud also blocks accounts and IP addresses which fail to authenticate successfully after a number of attempts.
Access restriction testing frequency
Less than once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication
Local Accounts, LDAP, ODBC.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
Available on Request
PCI DSS accreditation date
Available on Request
What the PCI DSS doesn’t cover
Available on Request
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
MOVEit cloud is certified for PCI-DSS and has a yearly audit to ensure compliance with the GDPR. Data centres are SOC2 compliant.
Information security policies and processes

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Ipswitch has a dedicated MOVEit cloud team who assess impact before each software release is applied. That release is then applied to a non-production version and assessed for outcome before changes are made live.
Vulnerability management type
Vulnerability management approach
MOVEit Cloud and the wider MOVEit software is assessed regularly against SANS and by a third-party. The results are not publicly disclosed, however any vulnerabilities are placed into the development queue for repair in the next release.
Protective monitoring type
Protective monitoring approach
The MOVEit cloud operations team are responsible for the ongoing monitoring of the solution, using a variety of tools. They have strict processes for reporting breaches and containing them.
Incident management type
Incident management approach
Incidents are reported to senior management and dealt with based on the recommendation of the MOVEit cloud operations teams and the choices of management. MOVEit cloud complies with all requirements of the GDPR and obligations for incident reporting as a data processor.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£124 to £156 per user per year
Discount for educational organisations
Free trial available
Description of free trial
Full access to MOVEit cloud for 30-days.

Service documents

Return to top ↑