Advanced Cyber Solutions

MOVEit Managed File Transfer

Cloud based secure managed file transfer platform, supporting FTP/FTPS/SFTP/ASx/HTTPs access. Support for authentication sources such as LDAP and Azure AD, with added MFA. File encryption on disk, configurable permissions, sharing with outside third-parties and full tamper evident audit logging.

Features

  • Support for FTP/SFTP/FTPS/ASx/HTTPS
  • Authentication with Azure AD, LDAP, SAMLv2, ODBC, Local Accounts
  • File encryption with FIPS 140-2 validated AES265bit
  • Ad-Hoc file sharing by email invitation
  • Build in multi-factor authentication
  • Tamper-evident Audit logging
  • Granular permissions for access to files and folders
  • Full REST API
  • Folder sharing with external parties
  • Desktop client for drag-and-drop file downloads and uploads

Benefits

  • Share files with internal and external users securely
  • Replace FTP/SFTP servers with a secure alternative
  • Secure access to files with federated identities and MFA
  • Secure publically files using file encryption
  • Link automated file workflows with a single point
  • Guaranteed logs detailing when files were downloaded/added
  • Share files with the click of a button using email

Pricing

£124 to £156 per user per year

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

5 8 6 6 5 3 8 4 0 6 6 6 6 7 2

Contact

Advanced Cyber Solutions

Chris Payne

+442032903417

chris.payne@advancedcyber.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Uptime of 99.9%, with 43 minutes of maintenance scheduled per month.
System requirements
  • Microsoft IE, Edge, Chrome, Mozilla Firefox or Safari.
  • Microsoft Windows, Mac OS X or Linux operating system.
  • MOVEit Client - Microsoft Windows or OS X (Optional)
  • Ad-Hoc Plug-in - Microsoft Outlook (Optional)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support will accept technical support tickets on a 24/7 basis. SLA of 2 hours for a response to all raised tickets, within UK office hours (09:00 - 17:30). Support provided from Galway, Ireland and Boston, MA, USA.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
2 Hour response SLA during UK office hours (09:00-17:30). Support is included in the license cost. A technical account manager will be provided, cloud support engineers will be dynamically assigned tickets based on availability and capability.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Every purchase of MOVEit Cloud includes a 2-hour web-based training class, where we will take the administration team through the customisation options and answer any questions they may have.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Either the customer or Ipswitch can provide an extract of information at the end of a contract period.
End-of-contract process
Customers are offered subscription renewal three months before the expiration of their current subscription period. If the renewal is not accepted and the service is to be cancelled, the customer is provided with a date upon which the service will become unavailable.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
No technical differences. The service can be accessed via a dedicated app, available for Android or Apple devices; or using their mobile web browser.
Service interface
No
API
Yes
What users can and can't do using the API
Full REST API available.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Customisation of language, logos, colours and schema. Automated email templates and technical support contact information can be customised also. There are various options such as turning on user-led password resets which can also customise the interface, enabling the functionality.

Scaling

Independence of resources
MOVEit Cloud has licensed restrictions on user accounts and usage of the service, which allow us to ensure that the service is scalable and efficient for all our customers. Customer accounts are split over multiple hosted tenants.

Analytics

Service usage metrics
Yes
Metrics types
MOVEit Cloud contains reporting capabilities which can list number of files uploaded/downloaded, cumulative size, user activity and more.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Ipswitch

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
User information can be exported using the REST API. Reports can be downloaded in HTML or CSV format. Files can be downloaded using one of the supported file transfer protocols. FTP/FTPS/SFTP/HTTPS.
Data export formats
  • CSV
  • Other
Other data export formats
Files will be exported in their native format
Data import formats
  • CSV
  • Other
Other data import formats
Files can be uploaded in their native formats.

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
SSH/SFTP encryption and file hashing.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
MOVEit Cloud has an uptime of 99.9% and a support response SLA of 2 hours, inside of support hours.

Compensation for downtime is at the discretion of the service provided and evaluated on a case-by-case basis.
Approach to resilience
Available on request.
Outage reporting
Public status website and email for planned outages.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
Local user accounts, LDAP, ODBC.
Access restrictions in management interfaces and support channels
Access to administration accounts can be restricted by IP address mask and accessing protocol. MOVEit cloud also blocks accounts and IP addresses which fail to authenticate successfully after a number of attempts.
Access restriction testing frequency
Less than once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication
Local Accounts, LDAP, ODBC.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Available on Request
PCI DSS accreditation date
Available on Request
What the PCI DSS doesn’t cover
Available on Request
Other security certifications
No

Security governance

Named board-level person responsible for service security
No
Security governance certified
No
Security governance approach
MOVEit cloud is certified for PCI-DSS and has a yearly audit to ensure compliance with the GDPR. Data centres are SOC2 compliant.
Information security policies and processes
None.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Ipswitch has a dedicated MOVEit cloud team who assess impact before each software release is applied. That release is then applied to a non-production version and assessed for outcome before changes are made live.
Vulnerability management type
Undisclosed
Vulnerability management approach
MOVEit Cloud and the wider MOVEit software is assessed regularly against SANS and by a third-party. The results are not publicly disclosed, however any vulnerabilities are placed into the development queue for repair in the next release.
Protective monitoring type
Undisclosed
Protective monitoring approach
The MOVEit cloud operations team are responsible for the ongoing monitoring of the solution, using a variety of tools. They have strict processes for reporting breaches and containing them.
Incident management type
Undisclosed
Incident management approach
Incidents are reported to senior management and dealt with based on the recommendation of the MOVEit cloud operations teams and the choices of management. MOVEit cloud complies with all requirements of the GDPR and obligations for incident reporting as a data processor.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£124 to £156 per user per year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Full access to MOVEit cloud for 30-days.

Service documents

Return to top ↑