Industry news

MasterCard today announced several near field communications (NFC) enabled smartphones have been certified for use with MasterCard PayPass technology.

The technology will provide consumers with devices capable of making fast, secure contactless payments at PayPass merchant locations around the globe.

The new MasterCard-certified devices include the BlackBerry, HTC, Samsung and Nokia phones.

The MasterCard PayPass Ready identifier will signify a device is available for commercial deployment of PayPass, and can be included as a sticker on the approved device. Nokia and BlackBerry-maker RIM are among the first handset manufacturers committed to supporting the brand mark.

“Nokia is honored that the Nokia Lumia 610 NFC will be one the world’s first smartphones to include MasterCard’s PayPass Ready brand mark,” said Andrea Bacioccola, NFC Lead Program Manager, Nokia. “This sends a clear message to operators, banks and other service providers that Nokia is able to quickly enable their payment services on this smartphone.”

IBM has announced an agreement to acquire analytics software firm Tealeaf Technology. The acquisition is subject to customary closing conditions and regulatory clearance, and is expected to close in the second quarter of 2012.

With this agreement, IBM extends its Smarter Commerce initiative by adding qualitative analytics capabilities that provide chief marketing officers (CMOs), e-commerce and customer service professionals with real-time and automated insights into online customer buying experiences across online and mobile devices.

“Tealeaf's patented technology can be deployed into a business’s current environment with no needed modifications so they begin capturing customer data and delivering optimal experiences immediately,” said Rebecca Ward, Chairman and Chief Executive Officer, Tealeaf. “IBM Smarter Commerce is the perfect fit for Tealeaf and further establishes IBM as the leading partner for businesses looking to succeed in today’s fast evolving environment.”

Google has successfully defeated Microsoft in competing for the US Department of the Interior (DOI) contract worth $35 million to supply email and cloud apps.

The seven year contract which had originally placed Microsoft as the preferred vendor has been won by Google after a lawsuit claiming bias towards Microsoft. The Google proposal was $14 million less than the proposal offered by Microsoft according to the Wall Street Journal.

Microsoft have said: “Although we are disappointed by this award, we will engage with our partners and DoI to review and understand the reasons for this decision.”

BSkyB extends there partnership with global BPO outsourcing company, Firstsource Solutions, in a three year contract to provide and increase customer service management support.

The contract will cover Sky’s customers of more than 10 million across its TV and broadband services, and will include the expansion of customer service sites to Belfast and Cardiff which will together employ over 900 staff.

Matthew Vallance, Firstsource’s CEO and Managing Director, said: “Our addition of new facilities to support the expansion of Sky’s business marks an exciting juncture in our relationship, and provides us with a platform for a wider and deeper partnership.”

arvato has won a contract to provide benefits assessment services for Derby City Council. The contract was won based on Arvato’s flexible approach and from the results of an initial contract set up in 2011.

The contract was tendered in order to combat the rise in benefits application seen by Derby Council of 14 percent in the past four years.

Kath Gruber, director of customer management, Derby City Council, said: “We were impressed with the close working relationship and best practice shared by arvato in our initial contract.”

The National Audit Office (NAO) has criticised Government transparency regarding work carried out by the Major Project Authority (MPA) worth £376 billion, while praising improvements carried out.

Of 205 projects under the MPA only 39 had confidence ratings in the red of amber/red, yet the MPA reported this year that only half of the 205 projects had been delivered effectively within budget.

Amyas Morse, head of the NAO, said: “If the new system is to be ‘built to last’, the Major Projects Authority needs to carry out the initial commitments to public reporting and be part of a more fully integrated assurance across government.”

German based SAP, the largest producer of enterprise software have tendered a contract to provide mobile marketing to Amazon.

The mobile market software called Afaria will provide customers with an economic way of managing smartphone and tablet devices.

SAP intends to double revenue from mobile products during the year from last year’s $145 million turnover. Yesterday the New York close saw Amazon fall stock fall by 0.1 percent while SAP fell 0.2 percent in Frankfurt.

Living in a day and age where technology is advancing so fast and companies are rapidly moving to the cloud, there is a growing importance to protect IT infrastructure and ensure that the security systems are in place to do this.

The fact that data and networks can be accessed anywhere in the world through cloud raises a number of concerns and security issues for many companies but there are a series of protocols that should be adopted to reduce the likelihood of security being breached.

The following steps can be implemented to protect your infrastructure when going to the cloud.

- Assuming that a suitable firewall solution has been put in place to protect the perimeter, you should then look to your servers, ensuring that they are constantly patched and up to date with the latest versions of programs and software.

There are processes that you can follow to ensure your server is kept up to date and has the necessary patches to keep it safe from known vulnerabilities. You should configure Automatic Updates to make sure you are getting the Critical updates as soon as possible. Things like feature changes and device driver updates won’t come automatically with Automatic Updates, but at least your infrastructure will be protected against the vulnerabilities most likely to compromise its security.

- Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious or simply do nothing to call attention to them so it is advisable to ensure that any servers are protected from all types of malware to include computer worms and Trojans.

- An intrusion prevention system (IPS) should be used to monitor the network and/ or system activities to identify malicious activity, log information about said activity and attempt to block or stop, and report activity.

Once all of the above is in place, the data needs to be made secure. Encryption is commonly used in protecting information within many companies, both ‘at rest’ and ‘in transit’, for example, data being transferred via networks or stored on a hard drive. Some different examples of this are Virtual Private Networks (VPN), Full Disk Encryption (FDE) and Transport Layer Security (TLS) commonly used for email encryption during transmission.

As a business grows, it might expand to multiple sites across the country and around the world. To keep things running efficiently, the people working in those locations need a fast, secure and reliable way to share information across computer networks. In addition, travelling employees like salespeople need an equally secure and reliable way to connect to their business's computer network from remote locations.

One popular technology to accomplish these goals is a Virtual Private Network (VPN). The VPN uses "virtual" connections routed through the Internet from the business's private network to the remote site or employee. By using a VPN, businesses ensure security - anyone intercepting the encrypted data can't read it.

A strong authentication method is key to ensuring there is no unauthorised access to your network. Onyx recommends the use of Two Factor Authentication (2FA), which makes use of the principle “something you have (token), and something you know (PIN). There are other methods of authentication available today such as biometric data readers for fingerprint or even iris scanning.

In addition to all of this, regular vulnerability assessments need to be performed to identify, quantify and prioritise the vulnerabilities in a system. Finally a penetration test will evaluate the security of a system by simulating an attack. Effective tests will provide an assessment of the potential impacts to the organisation and outline a range of technical and procedural countermeasures to reduce risks.

When it comes to securing your data when moving into the Cloud, you can never be totally sure but you can take steps to reduce the risk of a security breach. Securing an IT infrastructure is an ongoing process that should always be reviewed.

Taking the Agile approach

Agile. Look it up in a dictionary and you’ll find it means ‘able to move quickly and easily, able to think and understand quickly.’ Try a thesaurus, and you’ll see ‘alert, lively, and energetic’ as some alternative suggestions. When you’re implementing an IT programme or software update, you need a way of working that is all these things. You need the Agile approach.

What is Agile? It’s an innovative, contemporary approach to IT solutions that brings speed and responsiveness, super productivity and rapid results. It makes traditional methods seem heavy and awkward, with their insistence on upfront schedules and predetermined outcomes. With Agile, small teams – a maximum of ten people – work in short bursts (sprints) on software projects. Small increments of the vertical capability and functionality are delivered at the end of each sprint, with the product owner fully involved at each stage and daily stand-ups keeping everyone posted.

This fast-paced, exciting way of working is perfectly married to the concept of near shore outsourcing. Constant, close communication is key, so working with a team which is a short flight away, or with just an hour’s time difference for phone calls, is reassuring. Issues can be raised and resolved almost instantly. Complex projects can be dissected into manageable chunks. You can easily review software on screen – not feasible with the type of time differences associated with offshoring.

Sprint periods offer a clarity of understanding that’s virtually impossible under traditional methods. Highly motivated team members work closely together to decide what they’ll deliver at the end of each sprint, guided by the scrum-master, who oversees the whole project.

There are some other clear benefits to combining near shore outsourcing with Agile:

• Projects are typically implemented in a third of the time and at half the cost of offshoring

• You’ll be able to access highly experienced technical staff with 15+ years’ experience

• The culture and education system in near shore locations like Barcelona are closely aligned to the UK, making it easier to adopt shared working practices.

Don’t just take my word for it – a recent Forrester survey shows that Agile speeds time-to-market, yields better quality results and enables early detection and mid-course correction of issues.

It’s a successful, interactive approach which keeps you informed and involved at all times. While offshoring makes the Agile approach impractical to say the least, near shoring makes it a pretty perfect way of working.

In my last post, I discussed the different levels of complexity associated with e-Invoicing using EDI and digital signatures. I concluded that while digital signatures are slightly less complex to set up than EDI, it’s important to decide which method is best for your company based on a variety of factors including your trading partners' preferred methods.

In this blog, I will focus on how effective EDI and digital signatures are at keeping your data secure.

E-Invoicing by nature involves transmitting sensitive data about your company. However, as VAT law doesn’t focus on information security, measures to protect sensitive data are left to trading partners themselves to manage. Invoices contain information such as pricing details, discounts or information relating to traded materials. These details are valuable competitive and commercial information so it is imperative that security is front of mind when an e-Invoice exchange takes place. With that in mind, how do the two e-Invoicing frameworks handle this challenge?

European Directive 1994/820/EC guarantees that security is intrinsic in correctly implemented EDI. It states that EDI networks have to be secure to ensure the authenticity and integrity of the document and that it is received exactly as sent. The network is therefore secure by default and e-Invoices can be transferred between companies in a safe manner without risk of a breach in data confidentiality, and the processes within the EDI network guarantee that any errors are captured and dealt with appropriately.

Digital signatures are flexible and less complex than EDI which means they can be sent through a variety of means, including over the internet or in an email. However, this simplicity comes at a price as these transfer methods are not necessarily secure and could lead to breaches in security. To ensure the protection of digitally signed invoices, businesses must send them over secure protocols, including a protected B2B portal.

EDI as a standalone remains the most secure platform out of the two due to its compliance with 1994/820/EC and the secure processes that are inherent within such networks. When evaluating data confidentiality within an e-Invoicing solution, consider the diversity in the marketplace. If both EDI and digital signatures are used by your trading partners the solution should accommodate this variation.

You can learn more about all aspects of e-Invoicing at www.einvoicingbasics.co.uk.