The Most Concerning Security Threats to B2B Partners

What are the threats to B2B security that should concern integrated partners today? The B2B international consultancy conducted a global IT risks survey to determine the answers.

Security should always be on the B2B partnership radar, in this era of high-profile, Big Data breaches. Knowing where to concentrate attention and effort in shoring up security is a critical undertaking.

The IT risks survey, which incorporated almost 2,900 interviews of IT professionals in 24 countries, indicated that preventing breaches and protecting data are their top two concerns, and that both of these concerns have increased in importance since 2012.

One of the leading security challenges is the introduction of mobile, a business necessity for many supply chain participants, and BYOD in particular.

An alarming 35% of participants in the study indicated loss of business data as a result of external attack, and characterized the attacks overall as harder to detect. Another trend is threat to smaller businesses, which are less equipped to respond to security breaches in real time.

The study concluded that major issues have included underestimation of the increasing sophistication of malware, failure to implement adequate mobile device management, and management failure to properly assess the real risks and costs of breaches.

Read More 0

An Introduction to AS4: A B2B Integration Standard That’s Low on Frills, High on Functionality

In the beginning was EDI, and B2B integration standards were born, and it was good. And the value-added networks that carried the EDI settled over businesses everywhere, and that was good, too (if more than a little expensive). And then came the Internet, cheap data transport, and with it EDIINT – a leaner, meaner integration standard than made for lightweight, Internet-based integration.

Pretty soon almost every business had migrated to the Internet for sending and receiving B2B data, and AS2 (a version of EDIINT) became the ruling standard – until web services came along, a standard unto themselves for agnostic interface between systems.

Confused yet? You’re not alone. The world of B2B integration standards is no longer as simple as it once was, and it has evolved rapidly. But it needs to be simple again, because B2B integration is no longer a luxury – it’s a mission-critical necessity, in the Internet-driven, demand-driven, ad hoc business universe that now contains all commerce.

The size of the door

A lean and mean standard for mapping business communications – one that can be rapidly implemented and easily supported – makes all the sense in the world, because it makes B2B integration practical (and affordable) for businesses of all sizes. Where, then, is the problem?

The problem is that web services – the doorway into and out of organizations doing B2B with other organizations – is robust and platform-agnostic, but also very complicated, because web services handle data transfers of many different kinds. This complexity is a barrier in itself, because a great deal of detail must go into sculpting a particular transaction to work within a web service correctly.

AS2 accommodates that complexity, but that makes AS2 itself very complicated. While it may be lean and mean on the data formatting side (which is its most important feature), the protocol side is klunky and difficult.

Think of it this way: web services are doors, yes, but in practice they resemble bank vault doors – heavy, complicated, hard to open and close correctly. That’s what you want, when you’re trucking in a great deal of valuable content.

But what if the content is bite-sized, immediate, simple? Isn’t it a waste of time and brainpower to figure out how to get small and numerous chunks of data through that ungainly door?

Think now of what most organizations really need: a doggy door. Small, simple, sized to admit only what’s important and nothing else.

Enter AS4

AS4 is everything its predecessor is, in terms of B2B business integration. The utility that services business document sharing in AS2 is all there in AS4.

But AS4 is the answer to the doggy-door problem. The bank-vault complexity of web services – which emerges from a broad and complicated technical specification called ebMS – is bypassed by AS4. The AS4 protocol uses, and allows for, only those features of ebMS that are really necessary for conventional B2B integration. All the other forms of data transfer that are accommodated by web services through ebXML are ignored. The machinery for handling them exists, unnecessarily, in AS2, making AS2 somewhat exasperating in practice. In AS4, all of that exasperation goes away, because AS4 only requires the basics, in order to get in and out of the web services doorway.

AS4 is payload-agnostic – meaning that it can be carrying any type of business document, and the transport protocol doesn’t care what it is. A single AS4 message can carry multiple payloads (a must for effective B2B integration). It is friendly to a wide range of security specifications, and supports business receipts (notification of the disposition of the message, once it’s been sent). And it supports ebMS’s One-Way/Push and One-Way/Pull exchange patterns: the first allows transactions to be either synchronous or asynchronous; the second enables endpoint variability.

Put simply, AS4 is following in AS2’s footsteps. The latter simplified the lumbering giant of EDI and made it Internet-friendly, an essential step in the evolution of B2B integration. AS4 has in turn simplified AS2, and made the sharing of messages friendlier still – which removes one of the last excuses for not implementing B2B integration.

Read More 0

B2B Integration is Still Proceeding Too Slowly

B2B integration is progressing all over the world and in many industries, and rapidly so. But as rapid as the adoption has been, it needs to be more rapid still, some studies indicate.

One area where this lag is most evident is e-commerce, where B2B barriers are hindering the entry of developing nations into the global marketplace, by slowing their preparedness to do business with more advanced partner companies. A study by the London School of Economics cites poor technological infrastructure, weak security standards and poor training among the reasons for the lag.

Slow B2B uptake in e-commerce isn’t restricted to developing nations, however. Industry pundit David Levy has cited incorrect predictions by both Goldman Sachs and the Gartner Group that e-commerce sales would be in the trillions by now, but Forrester reported that it is still under $600 billion as of last year.

Per Levy, the lag isn’t due to technology, but inconsistency in business rules. Pricing standards vary wildly in many industries, he pointed out, and shipping and logistics rules are difficult to accommodate, even when the technology is there.

And the slow uptake isn’t only evident in e-commerce. Supply chain partnerships in Latin America are also falling behind in B2B modernization, due to limited Internet availability in many companies, according to Business News Americas.

Read More 0

Retail Data Breaches continue, Consumers remain Shellshocked

Data breaches have set a new record in 2014.  After the massive Target breach where 40 million records were compromised, the latest breach at Home Depot compromised 56 million records. As the consumers had barely recovered from this shock, the news of Shellshock vulnerability came out. This vulnerability potentially affects around half of all websites on the internet (around 500 million), and millions or billions more internet-connected devices such as routers, smartphones. can be easily exploited with 2 lines of code. Companies are still trying to figure out if they are vulnerable or not. It will take weeks or even months to

We all live busy lives, have somewhat of a short term memory and tend to forget about these data breaches. Check out this infographic which captures the data breaches in recent history and shows all the major and minor breaches that you may have forgotten.

There is not a single remedy which can keep hackers at bay. But a combination of security practices can help build a multi-layer protection around the consumer data.

Techniques like encryption using PGP provide s secure and relatively inexpensive mechanism to protect data at rest. That helps protect the data even when the servers and file folders are compromised. Multi-factor authentication, secure B2B transactions and encryption of data at rest can thwart the hackers and keep critical information secure.

Days of using plain old ftp for file transfers are gone. If you are a technology laggard and still use ftp, you should switch to more secure protocols such as SFTP and seriously consider adopting a Managed File Transfer (MFT) solution for securing your enterprise file transfers.

 

Read More 0