Safety in the Cloud!

 

By Steve Kohler, VP Systems Development at B2BGateway

When our Director of Sales and Marketing asked me how one goes about Securing the Cloud, I thought it was an interesting subject, for certainly that depends on who you ask, what we mean by security, not to mention what you mean by “Cloud”.  In today’s rapidly evolving IT environment, Cloud security is something we should all be concerned with.  Organizations need to make sure their customer data is safe in the cloud, and end users (consumers) should be aware of what the cloud is and how it affects the assets they wish to protect.

The National Institute of Standards and Technology defines cloud computing as:
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

The NIST also defines five essential characteristics that compose the Cloud model, three separate service models, and four deployment models.  The essential characteristics are On-demand self-service, Broad network access, Resource pooling, Rapid elasticity, and Measured service.  While the use of virtualization is not a specific requirement for the Cloud, it typically plays a key role in facilitating cloud offerings.  Multi-tenancy is another aspect of the cloud that is often treated as an integral component, although not part of the formal definition.

The Service Models

Software as a Service (SaaS). - Provides consumers with access to some service or application running on a cloud infrastructure.  The customer does not manage or control the underlying infrastructure such as network, servers, operating systems, or storage.  The customer has the ability to manage customized settings within the application only.

Platform as a Service (PaaS). – Consumers are granted access to an application hosting environment where they have the ability to deploy custom applications they create/acquire using tools/platforms supported by the provider. The customer does not manage or control the underlying infrastructure such as servers, operating systems, network, or storage, but has control over the deployed applications and custom settings within those applications.

Infrastructure as a Service (IaaS).  The consumer is able to provision processing, storage, networks, and other fundamental computing resources.  This allows the customer the ability to deploy custom software such as operating systems and applications.  The customer does not manage or control the underlying infrastructure but can have access to networking interfaces such as firewalls.

The Deployment Models

Private cloud - The cloud infrastructure is provisioned for exclusive use by a single organization.  It may be owned, managed, and operated by the organization or a third party, and it may exist on or off premises.

Community cloud - is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns. It may be owned, managed, and operated by one or more of the organizations in the community or a third party, and it may exist on or off premises.

Public cloud - is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.

Hybrid cloud - is composed of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability.

When we discuss security, we are usually concerned with Logical security and Physical security. 

Logical security protects data by utilizing software safeguards such as authentication methods, authorization, and ensuring user permission levels.  Common examples of this layer are:

·         A username and password combination that was assigned to access a network or shared resource.

·         Token based authentication - a user is able to generate a token such as a cryptographic hash that identifies the user and no password is actually shared as part of the authentication scheme. 

·         Two-way authentication - In addition to providing credentials or a token, the user must respond to a challenge presented by the system before gaining access to resources.  An example would be for the system to present a security question when the user is logging in from a new device or network.

Physical security is responsible for securing access to the infrastructure, datacenters, buildings, and other assets such as employees.  In addition to protecting against unauthorized access or damage by individuals, physical security should also address withstanding natural disasters, climate control and preventing accidental damage.

As you move down the cloud stack, the consumer becomes more responsible for implementing and managing security measures.  For example, an IaaS provider will secure the infrastructure, but it is up to the consumer to implement proper security measures in the operating systems and software they choose to host on the providers system.  At the top of the stack, Saas providers are responsible for the most as they must secure the infrastructure, as well as their networks and applications and provide strong logical security measures to protect customer data.  Regulatory compliance also comes into play, especially when dealing with credit card, healthcare, and financial data (PCI, HIPAA, SOX).

When assets or infrastructure are moved off premise into the cloud, the consumer must make sure that their Cloud Service Provider has adequate Physical controls in place, as well as logical controls to mitigate potential threats that might emerge.  Monitoring of Logs for example, becomes difficult if not impossible when using a Saas provider since the server logs will most likely not be available to the consumer, and contain information for multiple customers. 

Some potential threats present in a cloud environment not found in a traditional datacenter have to do with Virtualization and Multi-Tenancy.  Resource pooling on a virtual machine host increases the risk for noisy neighbors and resource contention.  A guest OS handling high I/O and CPU workload for one Customer could result in poor performance for other guest OS’s, creating a denial of service scenario for the affected Customers.  Attacks against the hypervisor are also on the rise, if a guest OS maliciously attacks and compromises the Host, the other resident guests are now at risk of being compromised.  It is critical to make sure the Cloud Service Provider has adequate security zones (virtual networks, vlans) configured per Tenant and that they adhere to best practices when updating their virtual infrastructure to ensure a secure environment. 

As companies move their data to the cloud to take advantage of the time and cost savings, a comprehensive risk assessment should be made on the assets being moved so that proper Monitoring and Incident response plans can be crafted to deal with potential breaches.  Encryption of data at Rest (at the cloud provider site) and in Motion (data travelling to and from the CSP) are also key elements that can increase a Secure Posture when dealing with a Cloud Provider.  SLA’s should address what logs consumers will have access to in the event of a compromise, as well as detail specific counter measures being taken to mitigate threats to the data.  Cloud offerings hold tremendous reward for Companies in terms of reducing overall expenditures and time savings , but there is also risk as control over assets is passed on to another organization and out of immediate physical control.  Proper vetting of Service providers and adherence to Industry standards are crucial to maximize return.

To learn more about B2BGateway’s cloud based EDI solutions, and how we protect your data in the cloud please call +1 401 491 9595 / +353 61 708533 or email Sales@B2BGateway.Net

Streamlining the Supply Chain and Increasing Sales!

Everyone talks about streamlining the supply chain process, tightening lead times and process flow automation…but most people have no idea what any of that means. To most, it sounds like a load of the latest buzz words with a really high price tag attached. Do you really need to be part of “The Cloud” to make your business better? Do you need a staff of programmers to make your business thrive? Do you need a PhD in Computer Science to understand this stuff? Well, for the last three questions the answers are Maybe, No and No. My focus here will be to demystify some of the newer technologies and to show how you can really (and inexpensively) use them to your advantage. 
To start with, we probably all know that the Supply Chain is the interdependent process of receiving and sending documents and the associated goods. For example, if you are a supplier, you receive a Purchase Order, you turn it into a sales order in your system, which becomes a pick ticket, and the goods are picked and packed for shipping. Often times, an Advanced Shipping Notification (ASN) is generated and sent to the Buyer to let them know what to expect. Once the goods are shipped, an Invoice is generated and sent to the buying organization. Several days/weeks/months later the invoice is paid and you are in the money.

Tightening of the supply chain can start with Electronic Data Interchange or EDI. EDI is the process of handling the documents in the supply chain electronically rather than on paper.  Ok, that may sound mystical and expensive, but it doesn’t have to be.  Doing EDI is simply a matter of receiving a document electronically and converting it into the right format so that it can imported into your order processing system. Years ago, this was done by hiring a whole IT staff and investing in lots of computers and programs to convert the data. Nowadays, companies are available to pick up that data, convert it and send it to you (over the Internet) in a format that can be imported into your system.     

This is a good time to explain “The Cloud”. Back when I was in college we had to draw computer program flow charts. The flow charts had weird symbols that you used to define parts of the process such as disk storage, decisions, cards, etc. (See Figure 2). As the years progressed and the internet became a huge part of our everyday lives, kids in college taking programming courses still had to draw flow charts but they needed a symbol to define the internet. As such they went with a Cloud image like the one shown in Figure 3.  So with all the mystery of “The Cloud”, it is simply a different way of saying the internet. Companies that offer services over the internet, have been called Internet based companies, Application Service Providers, Software as a Service companies and now they are simply referred to as Cloud based computing. Cloud computing is anything that takes place on the internet, from using QuickBooks Online, to doing EDI with B2BGateway.Net, or even buying consumer goods on Amazon.

So, now you understand EDI and “The Cloud”, but you are still asking yourself, “How do I increase my Sales”? The real increase in sales comes from using Cloud based EDI, but ratcheting it up a notch to be known as Vendor Managed Inventory (VMI).  With VMI, you….as the vendor, manage the inventory, (so that’s how they came up with the name).  What this means is that instead of you receiving orders from a company that is buying from you, you receive inventory information.  A company that is buying from your organization could easily buy from your competition, particularly if you sell commodity type goods, unless you manage the inventory.

When you approach an organization that is buying from you, and say, “Hey, we will completely manage your inventory and we will ensure that your bins/shelves/racks are never empty”, that is VMI. The buying organization saves money on purchasing and is always ensured that the goods are in stock. You will be ensured that you will always make the sale, because in essence, you are placing the orders to yourself. Pretty cool… yes, but how does it work?

 

VMI is just like EDI, but instead of receiving Purchase Orders for goods, your Cloud Based EDI service provider will receive inventory information. This inventory information can be in the form of on-hand information, or it could also be point of sale (POS) information.  On-hand is the optimal information to receive, but on-hand can be computed by subtracting POS items sold from the starting inventory.  Thresholds can be setup in the Cloud Based EDI service provider’s system to define Max Level, Min Level, Safety Stock, lead time, optimal ship quantity, etc. The on-hand quantity is compared to the levels that are set and if the quantities are below the threshold, an order is automatically generated. See Figure 4 for a clever and timely use of a flow chart decision symbol. From the end-users standpoint, you are receiving an EDI Purchase order, in both scenarios. Although it is not shown in Figure 4, you would still be invoicing in the normal EDI way.

So let us recap; you have tightened your supply chain by using EDI, (in the “Cloud”) and you have secured your sales channel by offering to manage the inventory of the buyer. You have increased you sales and you have effectively ruled out the possibility of the buyer buying from the competition, because the whole system will break down if they do.   

Now, human nature will probably take place; the buyer will say to you, “I’m giving you all my sales and I’m saving some money on purchasing. Yeah, my shelves are always filled, but they were when we were purchasing, what else is in this for me….?”  The proper response to this question, (It will always come up), is “We will give you better terms”. Many organizations that do VMI offer long terms. Yes it can be a bit painful, but since you are maintaining the inventory, you essentially own the stock until it sells. You can either set it up with extended terms that are longer than you buyers cycle times, or you can invoice for the goods as they are sold.

Your sales force is going to love you. All they have to do is say, “We will manage your inventory to make sure you always have goods in stock and you don’t have to buy the goods from us until after you sell them”. Who doesn’t love consigned inventory?   So you see; streamlining the supply chain, utilizing cloud computing, without breaking the bank, and increasing sales… is possible.

For further information on B2BGateway’s cloud based EDI and VMI solutions please call +1 401 491 9595 / +353 61 708533 or email Sales@B2BGateway.Net

Will EDI work with 'Cloud Based' ERP systems?

As the popularity of cloud based ERP systems such as NetSuite and Intacct continues to surge, we often get the following question from customers who are considering switching to a cloud-based ERP system: Will this affect our capabilities to continue doing EDI with our trading partners?
 
The short answer is no, it should not. At B2BGateway we have been providing fully-integrated EDI solutions for the leading cloud-based ERP providers such as NetSuite, Intacct and Sage ERP X3 for over a decade. However, like everything else, you will need to do your homework to see if the new cloud-based ERP system you are considering is EDI capable. I would advise finding out the following:
 
·         Is the new ERP system fully cloud-based, or is it a hosted online version of a current on-premises
      ERP product?
 
·         Does the cloud based ERP system have both import and export functionality?
 
·         Will you need to purchase additional EDI modules/connectors from the cloud ERP vendor?
 
·         Is your current EDI provider capable of working with and integrating the new cloud based ERP
      solution? If not, are there other third party EDI providers on the market who can work with the
      new product?
 
·         Does the cloud-based ERP vendor currently have clients and partners using EDI with their system
     and can you get references?
 
I would also go to online sites such as LinkedIn to see are there any user groups for the new ERP system. You could post a question amongst users to see if any are currently using EDI and to get their recommendations. For further information on B2BGateway’s EDI solutions, including solutions for cloud-based ERP systems, please visit www.B2BGateway.Net or email Sales@B2BGateway.Net

 

Sage moves into the cloud with Sage 200 Online

 

Sage UK and Ireland has gone into the cloud, launching the first online version of its Sage 200 ERP suite on Microsoft's Azure platform.

The ERP software, named Sage 200 Online, is aimed at small to mid-sized businesses with 20 to 200 employees, and will give customers access to the same financial management features as the existing on-premise Sage 200 ERP. Users will also be able to add additional modules to the suite as part of a pay-for-use model.

Sage 200 Online will be available on a 'pay as you go' basis, with customers able to choose modules that are relevant to them, not paying for what they don't use, and to add and remove users to respond to fluctuations in demand. Customers who prefer to continue using the existing on-premise solution can continue to do so and will not be forced by Sage to switch to the new Sage 200 Online product.

B2BGateway will continue to provide industry leading cloud-based, fully integrated solutions for all Sage products. For further information on B2BGateway’s fully integrated EDI solutions for the Sage 200 ERP suite of products please visit B2BGateway Sage 200 EDI or call +353 61 708533.

Benefits of Cloud EDI

B2BGateway CEO to be featured speaker at Right Networks Accounting C4 Conference

B2BGateway.Net CEO, Kevin Hoyle, will be a featured speaker at Right Networks Accounting C4 conference. This year’s conference will take place at the Renaissance Boston Waterfront Hotel from September 18th to 20th, 2011.
Accounting C4 is an event focused on bringing the practice and clients of all size accounting firms to the cloud to allow for integration with the hosted or SaaS business applications that best fit their needs. Attendees will gain a better understanding, through networking, training and presentations, of how to bring their own practice online and of the available technology platforms to allow their business to excel in addition to providing guidance to their clients on how to do the same.
Kevin’s topic will be B2BGateway.Net- The keys to streamlining the supply chain and increasing sales. Everyone talks about streamlining the supply chain process, tightening lead times and process flow automation…but most people have no idea what any of that means. To most, it sounds like a load of the latest buzz words with a really high price tag attached. Do you really need to be part of the cloud to make your business better? Kevin will use this session to demystify some of the newer technologies and show how you can use them to your advantage in a cost effective manner.

EDI in the Cloud

B2BGateway.Net have been delivering quality Cloud/SaaS based EDI solutions worldwide since 1999, long before 'SaaS' (Software as a Service) and 'Cloud' were the buzzwords that they are today. Our quality EDI solutions will integrate seamlessly over the internet with any standard Accounts/ERP solution including QuickBooks, NetSuite, Sage, Peachtree, SAP, Interprise Suite, Microsoft Dynamics, Everest, Ross Enterprise, Mamut, Simply Accounting, Number Cruncher, Fishbowl, Take Stock etc. We can also customize our solutions for any 'one off' or 'homegrown' Accounts/ERP solution. Because of B2BGateway.Net's architecture in the Cloud, new and existing clients require no upfront or additional investment in servers, extra hardware, software or human resources. All any client needs is a computer and an internet connection. For full details on our Cloud based EDI solutions please call (401) 491 9595 or email Sales@B2BGateway.Net