The Most Concerning Security Threats to B2B Partners

What are the threats to B2B security that should concern integrated partners today? The B2B international consultancy conducted a global IT risks survey to determine the answers.

Security should always be on the B2B partnership radar, in this era of high-profile, Big Data breaches. Knowing where to concentrate attention and effort in shoring up security is a critical undertaking.

The IT risks survey, which incorporated almost 2,900 interviews of IT professionals in 24 countries, indicated that preventing breaches and protecting data are their top two concerns, and that both of these concerns have increased in importance since 2012.

One of the leading security challenges is the introduction of mobile, a business necessity for many supply chain participants, and BYOD in particular.

An alarming 35% of participants in the study indicated loss of business data as a result of external attack, and characterized the attacks overall as harder to detect. Another trend is threat to smaller businesses, which are less equipped to respond to security breaches in real time.

The study concluded that major issues have included underestimation of the increasing sophistication of malware, failure to implement adequate mobile device management, and management failure to properly assess the real risks and costs of breaches.

Read More 0

An Introduction to AS4: A B2B Integration Standard That’s Low on Frills, High on Functionality

In the beginning was EDI, and B2B integration standards were born, and it was good. And the value-added networks that carried the EDI settled over businesses everywhere, and that was good, too (if more than a little expensive). And then came the Internet, cheap data transport, and with it EDIINT – a leaner, meaner integration standard than made for lightweight, Internet-based integration.

Pretty soon almost every business had migrated to the Internet for sending and receiving B2B data, and AS2 (a version of EDIINT) became the ruling standard – until web services came along, a standard unto themselves for agnostic interface between systems.

Confused yet? You’re not alone. The world of B2B integration standards is no longer as simple as it once was, and it has evolved rapidly. But it needs to be simple again, because B2B integration is no longer a luxury – it’s a mission-critical necessity, in the Internet-driven, demand-driven, ad hoc business universe that now contains all commerce.

The size of the door

A lean and mean standard for mapping business communications – one that can be rapidly implemented and easily supported – makes all the sense in the world, because it makes B2B integration practical (and affordable) for businesses of all sizes. Where, then, is the problem?

The problem is that web services – the doorway into and out of organizations doing B2B with other organizations – is robust and platform-agnostic, but also very complicated, because web services handle data transfers of many different kinds. This complexity is a barrier in itself, because a great deal of detail must go into sculpting a particular transaction to work within a web service correctly.

AS2 accommodates that complexity, but that makes AS2 itself very complicated. While it may be lean and mean on the data formatting side (which is its most important feature), the protocol side is klunky and difficult.

Think of it this way: web services are doors, yes, but in practice they resemble bank vault doors – heavy, complicated, hard to open and close correctly. That’s what you want, when you’re trucking in a great deal of valuable content.

But what if the content is bite-sized, immediate, simple? Isn’t it a waste of time and brainpower to figure out how to get small and numerous chunks of data through that ungainly door?

Think now of what most organizations really need: a doggy door. Small, simple, sized to admit only what’s important and nothing else.

Enter AS4

AS4 is everything its predecessor is, in terms of B2B business integration. The utility that services business document sharing in AS2 is all there in AS4.

But AS4 is the answer to the doggy-door problem. The bank-vault complexity of web services – which emerges from a broad and complicated technical specification called ebMS – is bypassed by AS4. The AS4 protocol uses, and allows for, only those features of ebMS that are really necessary for conventional B2B integration. All the other forms of data transfer that are accommodated by web services through ebXML are ignored. The machinery for handling them exists, unnecessarily, in AS2, making AS2 somewhat exasperating in practice. In AS4, all of that exasperation goes away, because AS4 only requires the basics, in order to get in and out of the web services doorway.

AS4 is payload-agnostic – meaning that it can be carrying any type of business document, and the transport protocol doesn’t care what it is. A single AS4 message can carry multiple payloads (a must for effective B2B integration). It is friendly to a wide range of security specifications, and supports business receipts (notification of the disposition of the message, once it’s been sent). And it supports ebMS’s One-Way/Push and One-Way/Pull exchange patterns: the first allows transactions to be either synchronous or asynchronous; the second enables endpoint variability.

Put simply, AS4 is following in AS2’s footsteps. The latter simplified the lumbering giant of EDI and made it Internet-friendly, an essential step in the evolution of B2B integration. AS4 has in turn simplified AS2, and made the sharing of messages friendlier still – which removes one of the last excuses for not implementing B2B integration.

Read More 0

Retail Data Breaches continue, Consumers remain Shellshocked

Data breaches have set a new record in 2014.  After the massive Target breach where 40 million records were compromised, the latest breach at Home Depot compromised 56 million records. As the consumers had barely recovered from this shock, the news of Shellshock vulnerability came out. This vulnerability potentially affects around half of all websites on the internet (around 500 million), and millions or billions more internet-connected devices such as routers, smartphones. can be easily exploited with 2 lines of code. Companies are still trying to figure out if they are vulnerable or not. It will take weeks or even months to

We all live busy lives, have somewhat of a short term memory and tend to forget about these data breaches. Check out this infographic which captures the data breaches in recent history and shows all the major and minor breaches that you may have forgotten.

There is not a single remedy which can keep hackers at bay. But a combination of security practices can help build a multi-layer protection around the consumer data.

Techniques like encryption using PGP provide s secure and relatively inexpensive mechanism to protect data at rest. That helps protect the data even when the servers and file folders are compromised. Multi-factor authentication, secure B2B transactions and encryption of data at rest can thwart the hackers and keep critical information secure.

Days of using plain old ftp for file transfers are gone. If you are a technology laggard and still use ftp, you should switch to more secure protocols such as SFTP and seriously consider adopting a Managed File Transfer (MFT) solution for securing your enterprise file transfers.

 

Read More 0

Managed File Transfer Can Enable Stronger B2B Compliance

Both the importance and complexity of compliance are increasing in industries across the board, healthcare in particular. More specifically, the mutual adherence to compliance standards required of B2B partners in the sharing of data across networks is becoming not only mission-critical, but fraught with consequences when not fully achieved.

The level of technological proficiency required to meet compliance standards is, at this point, profound. Sensitive data must often be encrypted during transmission between B2B partners; temporary copies of data created during transmission must be wiped; every access of shared data must be recorded; all transmissions between partners must have audit trails, and so on.

Managed file transfer may offer a single mechanism capable of handling many if not most of these technical challenges. MFT expert Don Jones, in his recent Tips and Tricks Guide to Managed File Transfer, has pointed out that MFT solutions that are certified by the Federal Information Processing Standard 140-2 are, by definition, encrypted to meet most domestic security standards, for a start.

He also pointed out that MFT can provide most of the deep details of a data transfer: “The MFT solution (a good one, at least) can track who has transferred a file, when a file was transferred, how long the transfer took, to where the file was transferred, what file was transferred, and so on,” he wrote. Businesses with complex compliance requirements should seek an MFT solution that “maps its capabilities directly to compliance requirements, providing underlying technical explanations if you want them, but focusing on that business‐level mapping.”

“It’s not that your business shouldn’t be concerned about the underlying technical implementation; it’s that you should be concerned first about becoming compliant and looking for solutions that map to specific compliance requirements.”

Read More 0