Power blackouts. Attacks and deception. Information spills. Language barriers. Communication breakdown. Dirty data.
Are you practising safe B2B with your partners? With your suppliers and customers?
Business-to-business e-commerce may promise greater efficiencies, cost savings, market access
and opportunities to boost revenues, but any organization serious about taking its business online or enhancing its B2B operations should be equally aware of the dangers that come with electronic interdependence.
Connecting electronically with partners, suppliers and customers creates business systems that, as they extend their tentacles, become more complex and difficult to manage. Whether you’re part of a public B2B
marketplace or an intimate network of close partners, one error, slipup, failure, or local “”infection”” could have a profound impact on the interconnected whole.
“”I think complexity is terrifying,”” wrote computer security expert Bruce Schneier in his recently released book Beyond Fear. “”It leads to more and more subtle vulnerabilities. It leads to catastrophic failures, which are both harder to test for beforehand and harder to diagnose afterward.””
Unknown vulnerabilities are what weigh on the mind of Steven Javor, senior manager of marketing for the e-Business operations of Purolator Courier Ltd.
Purolator, like many other companies, is pursuing a mandate to work more closely with business customers by interconnecting with their (internal) business systems.
“”If our e-systems can be plugged straight into the heart of our customers’ order management systems, then it is our responsibility to design them so those connections and interactions are as safe as possible,”” says Javor.
Failure to do so could be damaging, not only to revenues, but to reputations. A business accused of negligent automation could find itself in a lawsuit, and fighting to win back the trust of customers and partners.
“”In marketing terms, that would be like having your negligent company being branded as having the plague,”” he adds.
Organizations taking the B2B plunge should assess the risks and put appropriate policies and procedures in place to minimize disruption — both for themselves and those to which they connect.
August’s historic blackout, which affected most of Ontario, reminded many organizations that business continuity plays an important role in any B2B strategy. Raco Group learned the hard way that even a back-up plan sometimes needs a back-up plan.
The company, which provides co-location services to Internet service providers, telecom carriers and large enterprises, has a combination of battery back-up power and diesel generators in the case of a power outage. But in one part of its downtown Toronto data centre, 20 per cent of its customers rely on a diesel generator being physically delivered before battery power runs out, usually within four hours.
The night of the big blackout, Raco’s contractor couldn’t deliver the generator on time, and several customers — who support online services for their own customers down the B2B chain — were left without service for two to three hours.
“”You think you have a good plan, but you never really know,”” says Peter Raco, president and chief executive of Raco Group. “”It’s a lesson we never thought we’d have to live through. Even though we had a process in place, we now know there’s an area where we need better control.””
Needless to say, Raco has purchased a new generator to eliminate the vulnerability.
If you’re a business shopping around for a third party that can manage your online operations, make sure you understand and are comfortable with the back-up measures promised. But more than that, ask who they rely on to keep their operations going?
Dave Cretelli, an enterprise architecture consultant at EDS Canada, says tying B2B systems too tightly together should be avoided when possible.
“”It’s really a case of putting enough mechanisms in place that regardless if you can establish communication with the partner, you can still carry on,”” says Cretelli. “”It’s about trying to decouple dependencies.””
Steve Easterbrooke, manager of e-business for Grand & Toy, which generates 41 per cent of its business sales through the Web, says redundancy is key to any B2B strategy.
“”It is expected to be a 24/7 business as soon as you post the Web site,”” he says. “”You need to put infrastructure in place so if one or two of your key servers go down, your Web site is still operating.””
Privacy and security are two other risk areas to consider when tying the electronic knot with partners.
Protecting your systems from hackers and viruses and corporate data from corruption is one thing, but by Jan. 1, 2004, all businesses in Canada will be required by law to assure the integrity and security of their customers’ personal information.
What data is being collected? How is it being used? Who has access to it and how is it being secured? What mechanisms are in place to ensure this data is accurate and up-to-date?
The Personal Information Protection and Electronic Documents Act will require you ask these questions and many more. It may also require you to ask them of your B2B partners -— outsourcers, systems integrators and affiliates.
“”As you develop interconnected and interdependent processes and business transactions flowing between your organization and others, you have to have contacts in place that require a certain level of security and (common) procedures,”” says Michael Dominy, senior analyst of business applications and commerce with the Boston-based Yankee Group.
For example, companies such as Microsoft Corp. and DoubleClick Inc. now police their own privacy policies as well as the information practices of their partners. Privacy auditors can also be hired to make sure members of e-marketplaces or smaller B2B networks are adhering to common security standards.
In 2001, for example, DoubleClick reportedly stopped doing business with 50 clients and partners because they did not meet its privacy standards.
Not to suggest that network firewalls, intrusion detection systems and anti-virus software aren’t crucial components of a security formula, but it’s important to remember information management and data protection are just as necessary for a well-rounded B2B security strategy.
Communication is also key. Cretelli says when an organization upgrades or changes one of its e-systems in any way, it could have an inadvertent affect on the flow of information and cross-system interoperability between partners.
“”One of the big problem areas when you interconnect with your suppliers, partners and customers is the fact you’re connecting systems that are evolving over time,”” he says. “”Change management and control of interfaces and inter-functionality — and communicating those changes — is critical. The key is discipline for the teams that look after these systems on both sides of the communication channel.””
Then there’s the interoperability issue itself. Integrating different partner systems and business applications has traditionally been done through Electronic Data Interchange (EDI) connections — a custom-made process that’s costly to set up and maintain. The emergence of Web services, using extensible mark-up language (XML) or Java as the foundation, is slowly lowering the cost of interoperability and reducing the need for custom integration.
XML, for example, is being tailored to create standards for many industry vertical markets, such as the chemical industry’s Chem eStandards, the high-tech industry’s RosettaNet, UCCnet for the retail industry, and the pulp and paper industry’s papiNet.
The upside to B2B e-commerce definitely outweighs the risks, says Dominy. He predicts a healthy growth rate for B2B business applications as organizations look beyond their own operations in search of ways to drive more inefficiencies out of inter-enterprise processes.
“”It’s definitely worth taking the plunge.””