A common need in a segmented network environment is to import and export files between different zones. File transfer and file sharing is done both between people and machines, using several different technologies depending on the environment. However, file transfer can quickly become a challenge when the zones also have different security classifications.
Any type of communication between security zones implies that one or more information flows must be allowed between the zones. Transferring files from a sensitive zone to a less sensitive, and less secure, zone risks exposing the sensitive zone to attacks originating from the less sensitive zone. The very existence of an information flow exposes systems on both sides of the flow to various security related risks.