A  necessary step in any spend analysis initiative with a third party is the  physical transfer of spend data.  There are  various possible approaches, from obviously insecure ones such as physically  mailing media to seemingly secure approaches such as FTP and secure https encrypted  websites (what we use in Ariba Spend Visibility).  Which is really the most  secure?

Interestingly, FTP  is not as secure as many would think. As a recent article on TechNewsWorld  (www.technewsworld.com) points out, FTP's biggest shortcoming is that even  encypted FTP sessions are not fully secure once the data stops moving and is at  rest since it sits on the FTP or SFTP server in plain text.  If that server is  connected to the internet, the data is at risk of being shared.  Hence, FTP actually violates WebTrust for security  reasons.  Something to think about.