Looking Ahead to 2008: Trends in eBusiness Connectivity
By: Kim Addington, CMO, nuBridges
At nuBridges, we learn a lot from our participation in the eBusiness ecosystems of companies across almost every industry. Looking ahead to 2008, we predict two important eBusiness connectivity trends. First, we will continue to see companies across a broadening array of industries make changes to comply with the plethora of data security laws. Secondly, we expect to see a move towards achieving 100% connectivity with trading partners through a “hybrid” connectivity strategy.
Complying with Data Security Breach Notification Laws
In 2008, we expect to see companies that engage in eBusiness across all industries adopt data security technology and best practices to comply with industry, state and soon-to-be federal laws. Major security breaches resulting in the theft of consumer data have stimulated state governments and the federal government to introduce and pass legislation to ensure that companies protect sensitive customer information entrusted to them and inform consumers of security breaches.
More than forty states and the District of Columbia either have passed Data Security Breach Notification Laws recently or will in the near future. Only Kansas, Mississippi, New Mexico, South Dakota, Virginia and West Virginia have yet to introduce such laws to their legislators.
While each state’s breach notification law differs in specifying what type of information must be protected, nearly all mandate that credit and debit card numbers, social security numbers, bank account numbers, driver’s license numbers, state identification card numbers and passwords must be secured. Most also require a person’s first and last name to be protected if it appears in a document with this other sensitive information. The State of Florida requires the most types of information to be secure, including such items as passport number, medical and biometric information, mother’s maiden name and date of birth.1
In addition to these state laws and industry mandates such as the Payment Card Industry Data Security Standard (PCI DSS), there are also several bills under consideration by the federal government. These include Senate Bill S.495 introduced to the Senate on February 6, 2007 and House Bill H.R.958 introduced to the House of Representatives on February 8, 2007. Both of these bills were drafted in response to the TJX Company breach, when the consumer records of 45.7 million people were stolen from TJ Maxx apparel store transactions.
Regardless of the industry, these data security mandates were established to protect consumers and other individuals from having their personal information lost or stolen. These laws try to protect individuals susceptible to identity theft and include penalties for not notifying those individuals of the breach in a timely manner. Clearly, companies that maintain consumer data need to take precautions that will render that data useless if it falls into the wrong hands.
While complying with the plethora of emerging mandates may seem daunting, it doesn’t have to be. If you adopt technology and processes specifically designed to protect consumer data at rest and in transit, you will meet these mandates’ requirements and pass the corresponding audits. Going a step further, it is a good idea to implement a few best practices within your organization. These include common sense internal security measures such as setting a policy instructing employees to shred documents containing sensitive consumer data, cautioning employees not to leave their password on a piece of paper, and reminding employees not to download sensitive data to their laptop computers. We’re seeing more and more companies encrypt the data right where it lives in databases, files and applications as a way to insure that even if the data is compromised, it is useless gibberish to anyone who receives it.
Hybrid Connectivity Strategy
We believe one of the hottest trends in eBusiness connectivity will be a move towards achieving 100% electronic connectivity with suppliers. We expect to see many demand-side organizations move from a purely AS2 (a popular standards-based method for securely transporting information over the Internet that has replaced many private networks) or a VAN connectivity solution to a “hybrid” connectivity strategy. Here’s why:
In most supply chains, the 80/20 rule applies. In general, 20% of trading partners generate 80% of a company’s revenue. If a company trades with 500 suppliers, for example, 100 of those would be responsible for 80% of its business. The cost of establishing and maintaining the other 400 connections could be high with little return.
Under a hybrid strategy, this demand-side company would manage the top 20% of its business partners using AS2, and would outsource the managing of the other 80% of its trading partners to a third-party provider. The company maintains a direct link to its most important trading partners, and saves money by partnering with a third-party vendor to manage the multitude of smaller trading partners.
Today, there are several secure options for conducting electronic data exchange: EDI VAN, EDI Over the Internet (EDI-Int) such as AS1, AS2 and AS3, Hypertext Transfer Protocol (HTTP) and Secure FTP.
Because an EDI VAN works well and the cost of doing transactions has come down, many manufacturers, distributors and retailers will continue to use it. Today, AS2 is equally popular, and HTTP and Secure FTP are also frequently used for data exchange. With so many protocols employed, companies are realizing the advantages of supporting all data exchange standards to electronically transact with all potential trading partners.
To achieve optimal efficiencies and cost savings, the goal of every demand-side organization should be 100% electronic connectivity with suppliers.
To put this into perspective, Gartner, Inc.2 predicts that through 2011, midsize to large businesses will need to implement at least three different styles of multi-enterprise collaboration to meet diverse external business partner requirements and that more than 50% of trading communities will continue to offer three or more business-to-business (B2B) connectivity choices to meet the diverse needs of their constituents.
The reality of today’s supply chain mandates that suppliers be able to support all data exchange protocols for the simple fact that no single standard has emerged and brokers and retailers dictate how suppliers must connect with them.
Moreover, the more unique the processes are that a company has to support, the more complex and expensive it is to do business. That said, suppliers that support multiple protocols will be able to do business with more business partners. On the flip side, demand side organizations that provide several ways for suppliers to connect with them have more options for sourcing and pricing.
As companies strive for 100% connectivity with trading partners and take steps to comply with data security laws and regulations, developing a secure eBusiness strategy and implementation will become increasingly vital in 2008.
1. For an overview of state notification laws, please request “Data Security Breach Notification Laws” published by nuBridges.
2. “Take a Portfolio Approach to Your Multienterprise Integration Strategy” by Benoit J. Lheureux, Sept 6, 2006.
About the Author
Kim Addington is Chief Marketing Officer for Atlanta-based nuBridges, the secure eBusiness authority. Reach her directly at [email@example.com]firstname.lastname@example.org[/email] or visit www.nubridges.com.