New Articles

Security and EDI, the Trojan Horses of Cyber Attackers

cyber

Security and EDI, the Trojan Horses of Cyber Attackers

If no one is safe from a cyber-attack, then the multiplication of EDI flow increases the vulnerability of a company. Indeed, EDI flows with less protected subcontractors can be privileged entry points for attackers. The choice of a reliable and certified EDI provider is becoming more and more necessary. 

SMEs, the weakest link in cybersecurity

When it comes to cybersecurity, small businesses are the weakest link and the ones that attackers are targeting, so that they reach larger targets. Faced with this phenomenon, some companies use rating companies to estimate the security level of their suppliers and eventually select them according to their score. This approach is extremely costly and is nevertheless reserved for a few large international companies.

A study conducted by cybersecurity firm BlueVoyant shows that of the 1,500 companies surveyed, 77% of CISOs and CIOs report a complete lack of visibility into their vendors’ security. At the same time, 82% have experienced at least one data breach in the past 12 months. This lack of control over third-party security can be explained by the fact that a company’s cyber resources are obviously focused on securing their own information systems. Some companies send a security questionnaire to their partners to assess their practices, but the average company has about 1000 partners, which limits the company’s ability to control them. Cyber threats and protection systems are constantly evolving, and even systems that may appear to be the most mature, such as EDI (Electronic Data Interchange), are not always the most secure.

EDI, a secure technology, but not safe from attackers

By design, EDI flows are secure: the protocol ensures the integrity and traceability of exchanges. The data itself is encrypted, which guarantees its confidentiality and integrity, but EDI flows can potentially be exploited by hackers to infiltrate the information system of a company or its EDI provider, or to divert data indirectly.

Since the 2010s, EDI network flows initially carried by the specialized X25 network have given way to IP and Internet connections. In the same way, the use of EDI has expanded, especially among SMEs, thanks to the development of Web-EDI type solutions, accessible to all. Any company can communicate EDI data via a simple Web browser and this democratization increases the risk of computer hacking.

The ecosystem, a concept too often underestimated by companies

For example, a supplier who links his computer to a client, so he can obtain a list of addresses, will open a connection between the two platforms. By attacking the supplier, the cyber attacker opens a breach towards the client’s company.

While it is appropriate for the supplier to protect its customers, it is also up to the client to qualify the trust it places in the supplier. Intrusion attempts are polymorphous: if identity theft is the most frequent case, companies must generally limit the flow of sensitive data communicated within their ecosystem.

The support of all EDI formats and protocols on the market is the first criterion for choosing an EDI solution. The platform must support EANCOM, EDIFACT, XML, UBL, HL7, JSON, PDF or X12, but also offer interfaces with ERP and business software packages such as SAP, Microsoft, Oracle or Sage. Finally, the EDI provider must obviously have interoperability capabilities with all the countries with which the company will have to exchange. But nowadays, you must also choose your EDI provider according to its maturity and its investments in cybersecurity.

The role of the EDI provider has evolved; it has become a key player in protecting companies from these attacks and the company itself must ensure the seriousness of the protections put in place by its EDI provider before connecting to its service.

Certifications and standards are a way to ensure the seriousness of its processes. An ISO 27001 certification appears as an essential criterion in the selection of an EDI provider. It is up to the provider to ensure that the data flow is not subject to a “Man in the Middle” attack. It is also the provider who stores the data exchanged between EDI partners. This storage must therefore be encrypted to ensure that, even if an attacker manages to penetrate the defenses in place, he cannot exploit the data exposed to his attack. Asymmetric encryption is the most secure solution to protect data, but some players are now turning to Blockchain technology to further increase the security level of their EDI.

Generix Group North America provides a series of solutions within our Supply Chain Hub product suite to create efficiencies across an entire supply chain. Our solutions are in use around the world and our experience is second-to-none. We invite you to contact us to learn more.

edi deployment

EDI Deployment: What are the Obstacles and How to Overcome them?

Sending commercial documents physically, by fax, or even by email is over. Since the late 1990s, these exchanges have been gradually replaced by electronic messages (order or delivery vouchers, invoices, etc.), which allow the automation of processes. To do this, companies are now using EDI, an acronym for Electronic Data Interchange. EDI is the exchange of commercial documents from one computer to another, in a standardized and automated manner. Despite offering many advantages such as speed, reliability and traceability of exchanges, EDI is still not used by all companies. How to explain this situation? What are the obstacles to implementing EDI? Focus on the main obstacles to making EDI the norm in companies, and how to overcome them.

 

Implementation costs

Developing an EDI solution is a substantial process for a company. It is a two-pronged project involving:

-Full-fledged IT project management, with its classic phases of analyzing existing information, choosing a solution, configuring it, then deploying and maintaining it;

-an impact study related to the digitalization of manual processes in the company and its business environment

In fact, the ROI – Return On Investment is faster and more substantial when exchanges between partners are regular and recurring, regarding significant volumes. This is why small organizations rarely benefit.

To reduce these costs, there are many ready-to-use services available on the cloud. Offered by experts like Generix Group with Generix EDI Services, they allow for a quick start-up at a lower cost. Additionally, their use is charged per use, which favors small and medium-sized companies.

Difficult implementation for small and medium-sized enterprises (SMEs)

Beyond the financial investment required, small businesses often lack the expertise to begin an IT project like this. If they can call upon an EDI supplier to handle such considerations, the process undeniably requires time to acutely understand the offers and analyze their needs.

This is a necessary step to find the pricing model that best meets the business needs of the company. Choosing an offer and an EDI supplier requires a preliminary analysis of the commercial transactions to be processed, and thus the volumes of data involved. Without this initial review, the company may face significant additional costs.

Several alternative solutions are offered to SMEs or very small companies that do not wish to invest in a fully automated EDI solution. They have the advantage of being inexpensive to both buy and use. They are mainly offered in SaaS mode, but are also compatible with EDI solutions used by client partners. These solutions include WEB-EDI, SmartPDF and online OCR.

Diversity of technologies and rules of standardization

EDI is even more interesting for a company as its entire ecosystem can use it. When deployed among different players in the same sector, it generally encourages partners and competitors to do the same. Thus, EDI has a strong presence in:

-Mass distribution

-The Agri-food industry

-Automobiles

-Electronics

-Aeronautics

-Pharmaceuticals

This dynamic therefore most often depends on the main contractors in the sector. If Airbus and Boeing adopt EDI with their suppliers, the entire aviation ecosystem moves in this direction. Indirectly, this impact can extend to nearby sectors with common suppliers, such as the naval or automotive sectors.

For an industrial company at the crossroads of several industries, it is complex to master the different standards and technologies of each sector.

In this case, the ideal scenario is to use EDI services in SaaS mode offered by mature players who have already deployed their solution in several sectors. By sharing processes, it is then possible to reuse at lower cost connectors and technologies that are already proven and financed.

Implementation and deployment time frame within each entity

Faced with relatively long implementation times, companies sometimes turn to alternatives to EDI to digitize their data exchanges more quickly. This may be a document entry and collection portal, or an OCR solution. Keep in mind that they do not offer the same automation capabilities, so these intermediate solutions will never bring the same quality benefits as EDI.

Again, the best way to bypass delays and implementation difficulties for an EDI system is to retain a service in SaaS mode. Hardware and/or software costs are eliminated, and configuration costs are significantly reduced due to the pooling of technologies between network members.

Synchronous trade dynamics

With the development of internet and e-commerce technologies, integrations between application components increasingly require real-time interactions. It involves knowing, for example, the position of stock, obtaining updated prices, or the status of a completed process.

During its start-up period, EDI relied on asynchronous file-sharing technologies. This still corresponds to the need to exchange certain commercial transactions. Additionally, it is necessary to associate it with API management, usually with REST and JSON technologies.

Be attentive, however, not to oppose EDI and API. Digital data exchange can be based on all forms of syntax or language such as XML or JSON. Data transport can also be carried out by protocols close to web services such as EDIINT AS2, SOAP, or REST.

In summary, it becomes necessary to combine the management of EDI and APIs. Fortunately for businesses, most EDI services offered in the cloud are actually open to most B2B integration technologies including MFT, EDI, API, MOM, etc.

Deploying EDI brings about several obstacles: limited adoption in small businesses, diversity of technologies and standards, and sometimes long deployment times. However, the emergency of technologies such as APIs and blockchains alleviates these challenges, thereby ensuring a bright future for EDI. Want to know more about EDI’s benefits and its development prospects?

VIEW THE GENERIX EDI SERVICES SOLUTION

This article originally appeared on GenerixGroup.com. Republished with permission.