Reduce costs and eliminate complexity, boosting efficiency, growth, and future success.
November 2022 | Issue 5
01
HELP – My IT system needs to see a doctor!
Just like a car needs to undergo an MOT to ensure everything is running efficiently, IT System Health Checks are essential if you want to ensure your IT processes and systems are working to their full potential.
02
E-Invoicing - a new global standard
E-Invoicing has rapidly become the norm in many of the world’s major countries, from Asia to Africa and the Americas with most countries in the European Union mandating E-Invoicing for either B2G or B2B supplies.
03
Zero Trust Security – Are you fully protected?
Zero Trust security is a trending cybersecurity buzzword in the world right now with organisations scrambling to proactively secure their organisations. With EU legislators unifying data protection policies and laws throughout the EEU and enforcing GDPR regulations with heavy penalties, it is not a concern to be taken lightly.
04
3 steps to help protect your B2B transactions and file exchanges from security threats
Ransomware and cybercrime have grown to crisis-level proportions, with cybercriminals using more robust attack methods every year. The only solution is to improve defensive technologies and bolster IT hygiene.
Just like a car needs to undergo an MOT to ensure everything is running efficiently, IT System Health Checks are essential if you want to ensure your IT processes and systems are working to their full potential. You may have deployed a system that was configured to your companies’ specific needs, but it is important to remember that every IT infrastructure is subject to degradation over time. You may not even realise that there are improvements available to you, or that you are not effectively mitigating potential risks that could harm you operationally and financially.
“In our 20-year history, we have designed and developed a number of services and solutions that make our customer’s lives easier and more profitable”
There are a number of reasons why your IT system may not be working optimally, from the overutilization of resources, to out of specification hardware. The two most likely culprits, however, are usually outages caused by the over application of manual intervention and data breaches.
OUTAGES – Reduce the amount of manual intervention, don’t increase it.
In the last decade, there has been a huge shift from building applications in a monolithic architecture on a server to today’s microservices that are packaged in containers and hosted in a cloud environment. Developers are under pressure with the increase in complexity. According to Ars Technica, there are 100 times more code being managed in the 2020s compared to 2010s which unfortunately elicits 100 to 150 errors for every thousand lines of code written. Lehman’s laws of software predicted this inevitability, where the quality of our software systems would decrease, despite massive improvements, because of our inability to rigorously maintain and adapt. It stands to reason if you consider how many hacks, shortcuts, and workarounds are applied over a computer’s life. The main issue is not only the “quick fixes” we apply to avoid outages, but that we rarely revisit these band aid solutions to find the underlying causes and apply a long-term solution. Inevitably, these “quick fixes” cause issues in other areas of the computer’s performance, which slows our systems down even further. This leads to more unplanned outages that are costly to our business, customers, and suppliers.
Automating your IT processes makes your data more accurate, transparent, and accessible, removing the potential for errors, delays, and unexpected costs.
Data breaches can destroy your company!
IBM recently carried out their 17th Cost of Data Breaches report where 550 organisations were studied for the impact that data breaches have on their organisations. They discovered that 83% of organisations surveyed had more than one data breach in the last year, of which 60% led to increases in prices, which were passed onto customers. In almost all the cases studied, the proper application of basic security fundamentals could have prevented these breaches, such as the updating of software on a regular basis to ensure strong ciphers are applied, and password authentication methodologies are strengthened.
Companies can save millions incurred from data breaches, just by automating their cybersecurity posture to prepare for these attacks with software-based monitoring, detection, and containment.
An IT Systems Health Check can help discover opportunities to increase computing efficiencies and reduce costs. These are conducted by experts in the particular systems that the customer is concerned about. Coliance conducts many IT System Health Checks on IBM Secure File Transfer, EDI, and Application Integration systems such as IBM Sterling B2Bi, SFG, Connect: Direct or IBM App Connect Enterprise. We use our expertise to perform analysis and conduct an audit in the following key areas:
- Establish a reporting structure: Who within the organisation is going to be involved in the reporting, from senior managers to architects, developers, and testers.
- Assessment of overall architecture, including environments
- Identification of key bottlenecks and risks to prioritize the recommended resolution orders.
- Detection of major system level configuration issues, such as gaps in technology stack, versions, compatibility
- Monitor active performance in a deployed solution – a non-intrusive activity in an environment that matches production capacity where possible.
- Analyze how well the existing implementation meets the requirements.
- Review system maintenance records and business processes to ensure best practice is followed for maintenance.
- Perform a code/product asset review for top bottlenecks identified and additional problematic items
Coliance’s highly experienced team will provide a consolidated report that includes a set of recommendations and follow-up activities with innovative solutions to counteract your vulnerabilities.
– Incorrect database configuration.
– Bad queue management.
– Incorrect persistency levels.
– Poor business process design.
By making a few environmental and code changes, Coliance was able to stabilise their system, reducing outages from four per month to zero in the period of observance. The company’s reputation for reliability was restored and their revenue growth re-established.
With technology continually evolving and legacy systems being affected with new vulnerabilities, it is important for every organisation to review their existing IT solutions and undertake an IT Systems Health Check. Coliance can help you re-assess your baseline, remediate any potential risks, and keep your IT systems healthy. If you are interested in improving your operational efficiency and rolling out defensive and proactive IT security measures, then consider using Coliance’s experience to implement a thorough Health-check, call us today, it could save your reputation.
02
E-Invoicing – a new global standard
E-Invoicing has rapidly become the norm in many of the world’s major countries, from Asia to Africa and the Americas with most countries in the European Union mandating E-Invoicing for either B2G or B2B supplies.
The number of countries who have only mandated B2G transactions via E-Invoicing will likely add the same requirements for the B2B sector in the next few years.
Whilst the move to E-Invoicing is motivated by the global digitization of tax, estimates show that there is a 50-80% reduction in costs when invoice processing is electronic. This is why current research shows that the global E-Invoicing market currently worth $8.74 billion is expected to reach $29.68 billion by 2027. It’s not just about financial viability however, Italy – home to one of the most advanced E-Invoicing systems in the world – has proved that E-Invoicing not only reduces tax evasion but drives higher levels of efficiency, providing a better customer service experience.
In the UK, the policies behind E-Invoicing are similar to the principals being established by the European directives.
The use of E-Invoices for B2B transactions is currently optional in the UK, with suppliers needing their customer’s agreement and acceptance to receive-E-Invoices. With B2G invoicing, the UK requires government departments to receive E-Invoices from their suppliers using PEPPOL as the acceptable standard. The exception to this voluntary E-Invoicing mandate, however, is the NHS, who made an announcement last November of their intent to reach net zero by 2045. They successfully moved their processes in entirety to E-Invoicing early in 2022. All invoices are now required to be submitted to the NHS Shared Business Services (NHS SBS) electronically via the NHS’s Tradeshift E-Invoicing platform. The platform uses Electronic Data Integration (EDI) functionality that enables suppliers to integrate with their existing ERP or invoicing systems. They list advantages for the move as cost reducing, faster processing and daily progress updates.
With the world moving towards mandating E-Invoicing, it’s important to invest in solutions that will ensure seamless automation of your B2B processes, especially if you are still carrying out manual invoice processing.
With governments leading the way and most organizations striving to become fast and agile in their trading processes, we are at the juncture where not implementing an effective E-Invoicing solution could be detrimental to your longevity.
So where do you start?
If you are new to the idea of E-Invoicing, it’s important to understand the difference between the digitization of a paper invoice versus an E-Invoice. Making a PDF copy of a paper invoice for submission is not the same as E-Invoicing. Digital images, PDF and other visual digital forms of
invoices still require manual viewing and capturing into the buyer’s Finance or Enterprise Resource Planning system.
Electronic invoicing is the exchange of an electronic invoice document between a supplier and a buyer where the invoice (E-Invoice) is issued, transmitted, and received in a structured data format that allows for its automatic and electronic processing.
For an E-invoice, the visual format is secondary to the objective of automation, where viewing the invoice in a human-readable version is not considered part of the invoice itself.
E-Invoices are not:
- Unstructured invoice data issued in PDF or Word formats.
- Images of invoices such as JPG or TIFF.
- Unstructured HTML invoices on a web page or in an email.
- OCR (Scanned paper invoices).
E-Invoices are:
- The automation of your processes across the entire invoice lifecycle from the time an invoice is issued to its eventual archiving.
If you are wondering how you can go about installing the best B2B invoicing software for your business, it’s important to reach out to an organization that specializes in this application. Implementing a new E-Invoicing system, which includes specific standards and registering documents for government platforms, is not a simple task, especially if your company operates globally with many foreign suppliers.
Coliance are experts at establishing the functionalities and integrations that you need, carefully aligning them with your budget and ensuring scalability. With years of experience managing our client’s supply chain needs, we are well equipped to outline the best options for introducing E-Invoicing in your organisation.
Adopting Electronic invoicing can streamline your workflow, increase productivity, improve your customers experience and save you money. Coliance via its Agora Managed Service provides ways to handle E-Invoicing and other electronic documentation via EDI or Application Programming Interfaces (APIs). We can assist you without disruption to reduce your costs per invoice, minimize errors and free up your resources and time. Most of all, we will ensure you are prepared for what appears to be a future mandated requirement.
03
Zero Trust Security – Are you fully protected?
Zero Trust security is a trending cybersecurity buzzword in the world right now with organisations scrambling to proactively secure their organisations. With EU legislators unifying data protection policies and laws throughout the EU and enforcing GDPR regulations with heavy penalties, it is not a concern to be taken lightly. This year alone, the ICO issued a fine of £22,046,000 to British Airways and one to Marriott International for £20,450,000 for hacked websites and cyberattacks that exposed the personal data of their customers and guests.
The question on everybody’s mind right now is how they can avoid these common data security pitfalls, especially if they operate with hybrid multi-cloud environments. The answer lies in the adaptation of Zero Trust policies, which is a monumental departure from the tradition of Trust by Verification. While the Zero Trust adoption process is complex and not a standalone, one-size-fits-all solution for your cybersecurity woes, we can still confidently assert:
Zero Trust is the new standard for cybersecurity that can protect you against the growing frequency and sophistication of cyberattacks and the resulting monetary loss.
The 2022 IBM Cost of data breach report results provide an excellent view of how dozens of factors impact the costs that keep adding up after a data breach occurs and some of the highlighted consequences are staggering:
The UK was no stranger to cyberattacks in 2022 with several sectors impacted in the government and public sector. NHS111 was subject to a ransomware attack in August 2022 which knocked out several of their products, including Adastra which is used by 85% of NHS111 services to log calls and give over the phone medical advice. NHS111 call handlers had to resort to pen and paper for 3 weeks while the system was brought back online. South Staffordshire Water suffered a ransomware attack in August, followed by a major UK transport company in September who suffered scheduling issues with their bus drivers and services. Even the tourism industry was affected in 2022 when the Inter-Continental Hotel Group suffered data breaches and ransomware attacks. Cybercriminals can be very resourceful and sadly can be backed by nation-states. They often leverage sophisticated tools, such as Ransomware-as-a-Service, and can be incentivized by cryptocurrencies with their strong liquidity and poor traceability.
Implementing Zero Trust in your systems is not an application or a specific feature but an overall strategy that comprises a large variety of safety measures.
- IBM has listed the key Zero Trust Tenets to guide you in finding the right solution:
- All resource authentication and authorization must be dynamic and strictly enforced before access is allowed.
- The enterprise must monitor and measure the integrity and security posture of all owned and associated assets.
- Access to resources should be determined by a dynamic policy including the observable state of client identity, application/service, the requesting asset and include other behavioural and environmental attributes.
- All data sources and computing services are considered resources.
- Access to individual enterprise resources is granted on a per session basis.
- The enterprise must collect as much information as possible about the current state of assets, network infrastructure, and communications and use it to improve their security posture.
- All communication must be secured regardless of network location.
This far-reaching security management requirement makes most organisations worry about cost implications and the concern that changes may inevitably overwhelm their already complex network operations.
At Coliance we believe that implementing or expanding your Zero Trust strategy to help protect what is most valuable inside of your organization can start off small, with more protections added over time.
We have extensive experience and expertise in creating effective supply chain solutions for our clients and are confident we can help you combat growing cyber-attack and data breach threats. As an IBM Gold Business Partner, we leverage the value of IBM Sterling Zero Trust model solutions:
The Sterling Secure File Transfer (SFT) solution aligns with a Zero Trust approach and harden servers to help reduce the possibility for ransomware or malware to travel laterally. A Zero Trust approach requires securing and regulating movement between internal computers and servers as we remove untrusted protocols. SFT can also encrypt data at rest and in transit and provides multifactor authentication helping implement a Zero Trust strategy for your file transfers. Watch IBM Secure File Transfer (SFT) in action in this demo.
The established industry standard capabilities of MQ messaging, and the power of effective API integration management cloud solutions to deliver the secure, future-ready B2B solutions our clients need.
IBM Sterling File Gateway helps with dynamic routing, limiting any malware from spreading to other servers by only allowing listed servers to talk to authorized systems. IBM Sterling File Gateway encrypts data at rest, and in motion, minimizing effects if data loss occurs. It limits potential entry points into your network while still supporting common open-source protocols like FTP(S), SFTP, SSH, SCP, and HTTP(S) that are needed to power your business.
The IBM Sterling Connect: Direct allows list security architectures and has no reported breaches in its 30+ years of usage. It is a proprietary protocol with built in encryption that isn’t readily available to most bad actors, it utilizes a security-hardened protocol. When malware reaches out internally, it will not know how to ‘talk’ to the protocol. It can also check the IP address from the server that has requested access. If that IP address is not on the internal list of trusted servers, (which can be consistently updated), the receiving server automatically drops the session. It has additional checkpoints to further help prevent the spread of malware to another server. The malware will require the correct credentials, which can be increased for additional protection of high-value servers, and only files with a specified name may be transferred. Each server that uses Connect:Direct becomes a checkpoint – and choke point – for malware. This Zero Trust approach in Connect:Direct hardens infrastructure and includes capabilities for Zero Trust practices for communications that can help mitigate risks of traditional protocols using FTP, SFTP and SSH.
As an IBM Gold Business Partner, Coliance can help you can Authenticate and Authorize with Visibility and Governance.
It is time to recognize that your castle and moat security model is no longer relevant. Attackers can clear your barriers and will face no resistance as they move from device to device, infecting, stealing, and encrypting your data.
You can only avoid this if you have internal barriers and security checks in place that are provided by a Zero Trust model. While we reiterate that the Zero Trust adoption process is complex and not a standalone, one-size-fits-all solution, there is some good news:
Implementing Zero Trust security is flexible and can adjust to different situations to provide adequate protection against the latest threats and keep your data and digital infrastructure safe from harm.
Coliance can provide you with a solution that is tailored to the specific structure and needs of your organization. We can:
- Build a data security strategy that supports your organization’s short and long-term objectives.
- Implement an infallible strategy with the proper people, processes, and tools in your organisation.
- Plan ahead to ensure your data security and compliance program is scalable as your organization grows.
We will do all of this while your company enjoys continued access, service, and operations with a gradual transition to safety. Contact us today to implement a system that will bring both value and security to your organisation, improving both safety and your users experience.
04
3 steps to help protect your B2B transactions and file exchanges from security threats
Organisations trying to protect their supply chain from ransomware attacks face a considerable enemy as they essentially protect not only themselves, but thousands of other networks. Threat actors know that targeting our supply chains means a threat to an entire ecosystem, impacting more than just the initial business targeted. The resulting impact of an attack on a supply chain has a ripple effect, with ships getting stuck in ports, shelves emptying in the grocery store or worse, medicinal supplies depleting.
As sophisticated as we are with our large spheres of interconnections in our digitized supply chain business models, so too are ransomware attacks over the last couple of years:
Part of this drive for digital transformation includes maintaining visibility with interfaces, to ensure their proper function. With the growing complexity of today’s modern application estates, organisations embarking on complex digital transformation initiatives must have a strong integration strategy for their transformation to be successful. We already know that APIs are key to a digital transformation because of the sheer number and complexity of applications that most medium size organisations require. Establishing a modern IT architecture that is agile and collaborative is key but ensuring that you do not sacrifice control is even more imperative.
Kaseya, an IT solutions developer for MSP’s and enterprise clients, was the victim of a cyberattack last year. As a provider of technology to MSPs, which in turn serve other companies, Kaseya is the centre of a wide software supply chain. Leveraging a vulnerability in their VSA software, the event affected between 800-1500 small to medium-sized enterprises, leaving the affected companies unable to conduct business for weeks. Clients were urged to shut down their infiltrated VSA servers, with Kaseya shutting down their VSA SaaS infrastructure. The ransomware was pushed via a fake and malicious software update leaving 800 Co-op supermarket chain stores in Sweden, among other organisations, temporarily closed, unable to open their cash registers.
The SolarWinds attack was even more successful, enabling hackers to infiltrate 18,000 organisations, including dozens of US Government agencies. SolarWinds are a software company that deals with system management tools and has over 300,000 customers, including the Department of Defence and 425 of the Fortune 500. The malware was deployed as an update from SolarWinds own servers, making it difficult to investigate and solve and is known as one of the largest and most sophisticated operations ever seen.
The emergence of many new ransomware-as-a-service (Raas) gangs in 2022 is equally staggering, such as Mindware, Onyx, Black Basta and the return of REvil. The five biggest attacks this year were on Nvidia, the Costa Rica Government – who declared a national emergency in response to the attack. Bernalillo County in New Mexico, SpiceJet and Toyota who experienced a 5% dip in their production capability.
The B2B landscape is a literal breeding ground for hackers. Organisations need to be aware of these threats and source the best security measures to revitalize their cybersecurity infrastructure.
As noted, there is no magic bullet to guarantee 100% protection from security incidents, but there certainly are ways to minimize risk, limit damage and build resiliency. If you feel your business is at risk, or have concerns about your future security, then contact Coliance. We offer multi-layered solutions to circumvent multi-layered attacks and can guide you to find the best way to Protect, Detect and Recover against ransomware attacks.
Get in Touch
Subscribe
Receive our latest replays, blog posts, newsletter, event invitations and more.
