MOVEit → xEvolve Migration Guide.
Why regulated teams are leaving MOVEit, and the six-step path to a cleaner regulated file-transfer platform.
Get the full migration whitepaper.
Drop your details and we'll send the full whitepaper — protocol mapping sheet, partner cutover checklist, and decommission attestation template.
Why migrate.
- May 2023 — Cl0p mass exploitation (CVE-2023-34362). A SQL-injection zero-day in MOVEit's web transfer interface was exploited at scale by the Cl0p ransomware group.
- ~2,700 organisations compromised, ~93 million records exposed across US federal agencies, state governments, energy operators, healthcare payers, and professional services firms.
- Root cause: legacy ASP.NET monolith with direct SQL database access from request handlers — a class of vulnerability that recurs whenever a new endpoint is added.
- Five further zero-days patched by July 2023 (CVE-2023-35036, CVE-2023-36932, CVE-2023-36933, CVE-2023-36934, CVE-2023-36935), each disclosed and patched within the same campaign window.
Protocol parity.
xEvolve ships adapters for SFTP, FTPS, S3, Azure Blob, AS2, HTTP(S), SCP, WebDAV, and the long tail of legacy endpoints your partners still run. Existing flows map over without re-keying partner integrations or rebuilding automation scripts.
Where partners need a fixed endpoint, you publish a stable hostname with a custom domain and an optional vanity URL — the protocol underneath can change without your partner noticing.
Migration in 6 steps.
- 01
Inventory your transfers and partners
List every scheduled transfer, ad-hoc drop, partner endpoint, and credential. Most teams find 20–30% of flows are dormant — cut those before you migrate.
- 02
Provision an xEvolve Environment
Spin up a dedicated Worker, D1 database, and R2 bucket in the EU region of your choice. Your environment is single-tenant from day one — no shared databases, no co-mingled audit trails.
- 03
Map protocols and wire SSO
SFTP, FTPS, S3, Azure Blob, AS2, and HTTP(S) adapters replace your existing endpoints one-for-one. Connect Entra ID or any OIDC provider for SSO and TOTP for MFA.
- 04
Parallel-run old and new
Run MOVEit and xEvolve side-by-side for a full business cycle. Reconcile delivery receipts and audit logs before you touch a single production partner.
- 05
Cut partners over, one cohort at a time
Move partners in waves — internal first, then low-volume external, then high-volume trading partners. Each cutover is reversible for 14 days.
- 06
Decommission MOVEit
Export your final MOVEit audit trail for retention, revoke credentials, and stand the legacy instance down. We provide a decommission checklist and signed audit attestation.
What you gain.
-
Zero published CVEs
No zero-days in 2024 or 2025. Built on Cloudflare Workers with no legacy ASP.NET surface area and no direct SQL database access from request handlers.
-
Dedicated tenant isolation
One Worker, one D1 database, one R2 bucket per Environment. Audit trails and file payloads are never co-mingled with another customer.
-
EU data residency
Pick the EU region at provisioning. Files, metadata, and audit logs stay there — backed by EU-only support and EU-only backup cycles.
-
ISO 27001 / DORA / GDPR audit packs
Pre-mapped controls, signed attestation reports, and an exportable evidence bundle your auditor can ingest on day one.
Ready to move?
Run a 30-day trial Environment alongside MOVEit. When you're ready, we help you cut over.