A necessary step in any spend analysis initiative with a third party is the physical transfer of spend data. There are various possible approaches, from obviously insecure ones such as physically mailing media to seemingly secure approaches such as FTP and secure https encrypted websites (what we use in Ariba Spend Visibility). Which is really the most secure?
Interestingly, FTP is not as secure as many would think. As a recent article on TechNewsWorld (www.technewsworld.com) points out, FTP's biggest shortcoming is that even encypted FTP sessions are not fully secure once the data stops moving and is at rest since it sits on the FTP or SFTP server in plain text. If that server is connected to the internet, the data is at risk of being shared. Hence, FTP actually violates WebTrust for security reasons. Something to think about.