Synergy Software Systems

GDPR misses the mark

August 16th, 2018 by Stephen Jones No comments »

GDPR took effect in May of this year, at least with regards to enforcement. A few days after the May 25 date, a German court ruled against ICANN, the company that registers domain names on the Internet and manages the global WHOIS database. The case revolves around the information collected when you register a domain. ICANN wants multiple contacts, which they’ve required for decades. However, a company in Germany that is a partner, argued that the additional technical and administrative contacts were not required for fulfilling the business that both ICANN and EPAG (the German registrar) are engaged in.
ICANN Is appealing the ruling, citing the need for clarification of what this means with regard to the law.

There is an interesting argument here to be made about what data is needed for a business purpose. I could see this being argued successfully either way, and not just in court. As a domain holder, does the registrar really need multiple different sets of personal information from me? Arguably, this is a convenience for them, that is based on tradition. However, one could argue the other way. It is a little scary that a court, with no expertise in some industry (Internet domain registration, in this case), will decide whether there is an actual business need. Can a lawyer or judge really understand what data a business needs in their daily activities?

Is it unreasonable to find technical people collecting data, not maliciously, but to anticipate what might be asked of a system, or to avoid rework. Is it wrong to collect everything that might be relevant or useful to save time on future queries?

So now we have the ridiculous situation where more and more transactions can only sensibly be done on line, but only if you agree to provide personal data as part of the terms and conditions. How does that protect anyone? I can understand that large IT companies with heavy investment in cloud data centres are happy to see legislation that makes it impossible for small companies to compete – encryption, additional training and audit costs, huge infrastructure and software protection costs to deal with hypothetical risks to data that is largely in the public domain on Face book and linked in and telephone directories. Governments have new reasons to fine companies. Auditor and lawyers have another source of income. This all drives up costs so how does that benefit the individual?

Why there is not more loud protest and outright rejection of this ridiculous legislation I don’t understand. I doubt even 20% of companies affected comply.

That does not mean that you should not take data protection seriously. The problem with GDPR is that it being applied as a sledgehammer, Companies are trying to enforce complex systems for protection of data to which there is no identified risk, or indeed where there may not even be any data stored.

If an organisation has no central documented overview of the data it holds and processes, it is highly vulnerable to fail in its stewardship of data. The will result in severe damage to that organisation. To protect anything, you have to know where it is, and who needs to use it. With data, you have to know at least its relative importance in terms of its confidentiality, integrity and accessibility. You also need to know why it is retained and how it is used within the organisation and by which role. With this information, you will then have a much clearer idea of the requirements for that data, sufficient to appropriately strengthen the organizational workflows and applications to minimize the risks to that data.

If your organisation is ever caught up in a data breach or other incident that might affect its reputation or even result in legal action, then the exercise of at least having taken information security seriously will provide mitigation for the organisation. Any organisation that takes its stewardship of data seriously and responsibly will take the next step and ensure that all data is held in an appropriate regime that will protect it from malice, disaster, conflict and human failings. They might even save on resources by reorganizing organizational data according to risk rather than by department or activity.

In a recent case not considered under GDPR the potential problems surfaced. In claimants v WM Morrisons Supermarket the High Court found that Morrisons was vicariously liable for deliberate and criminal disclosure by a rogue employee of personal data belonging to his co-workers.

The employee was an internal auditor for Morrisons. In that role he had access to personal data about other employees. However, he felt he had been unfairly disciplined over a conduct issue and as a result became disaffected. A couple of months later Morrisons’ external auditor asked for payroll data for audit purposes and the employee was asked to handle the request. The data at Morrisons’ request was downloaded onto the employee’s work computer. He passed the data to the external auditor but he didn’t delete it from his computer. Some weeks later he uploaded the data onto the internet, under the name of another employee. The individuals whose personal data was wrongly disclosed then sued Morrisons, arguing that Morrison’s was the data controller and so was responsible for the breach. Alternatively, if it was not the data controller that it was vicariously liable for the wrongful actions of the rogue employee.

The High Court accepted that Morrisons was not the data controller at the point at which the individual was loading the data onto the website. Similarly, although the Court accepted that Morrisons should have been more proactive in ensuring that the data on the employee’s computer was deleted as soon as it was no longer needed, this did not actually cause the damage. The Court’s view was that the employee would have sought to circumvent any precaution put in place, given that this was a deliberate breach designed to cause problems for Morrisons.

That left the claim for vicarious liability. Whether an employer is vicariously liable depends on there being a sufficiently close connection between what the employee was employed to do and their wrongful actions. Here, the Court accepted there was a sufficient connection and so Morrisons was vicariously liable. The employee was given access to the data through his work and was deliberately entrusted with the confidential information. Even though he had acted improperly and also used another employee’s name to post the information on the Web, his motive was irrelevant in deciding whether there was vicarious liability.

Given that around 100,000 employees were affected by this data breach, compensation could be significant. Importantly, it is not necessary for the affected employees to show that they have suffered financial loss. Individuals can claim for distress merely from the disclosure of their data. This case has worrying implications for employers. Here the employee’s actions were entirely deliberate, and even though none of the employer’s actions led to the data breach it was still held liable.

Given the employee’s actions were designed to cause problems for Morrisons, by passing liability to the supermarket, the Court’s ruling has in many ways furthered the employee’s wrongful aims.

Unsurprisingly, Morrisons intends to appeal so all employers will be watching carefully to see what happens next.

While not decided under the principles of the GDPR, this case is representative of a new data privacy environment in the workplace, with greater accountability for employers and increased employee rights. More data breach claims may follow, particularly given that it is not necessary for an individual to show loss to claim compensation.

What is clear from the case is that employers will be responsible for the employee data they hold and must apply the strictest possible controls to try to mitigate the risks presented by rogue individuals. Such controls could include: limiting the number of people who have access to personal data for work purposes, ensuring individuals who have such access only have it for a limited period, and that data security measures are in place to flag misuse of the data. Further, the personal consequences of data breaches should be outlined to those who need to have access to colleagues’ personal data for their job.

This is becoming farcical – how should a company reply to for example a request for a reference, or a credit check.
If one employee volunteer’s another’s phone number is that really something for which an employer should have liability to pay compensation?
As with other misguided legilslation this will accelerate adoption of Ai and elimination of human workers.

If ever you want proof of the law of unintended consequences this legislation is going to be high on the list.

No comments »

Posted in Corporate Perfomance Management, Security and Compliance, Technology

SQL updates August 2018

August 16th, 2018 by Stephen Jones No comments »

Microsoft has released a series of updates to SQL Server 2016 and 2017 to fix CVE-2018-8273:

– Executing a specially crafted query involving calculating difference between values of different date types and aggregation of the results, could lead to stack corruption, if the query runs in batch mode. Depending on particular values processed by such query, this could lead to terminating the SQL Server process, or a possibility of remote code execution.

– A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could execute code in the context of the SQL Server Database Engine service account…. The security update addresses the vulnerability by modifying how the Microsoft SQL Server Database Engine handles objects in memory.

The updates include:
•2017 CU9 GDR – 14.0.3035.2 – install this if you’re on the latest 2017, CU9
•2017 RTM GDR – 14.0.2000.63 – install this if you’re still on RTM
•2017 on Linux – 14.0.3035.2-1 and 14.0.2002.14 depending on your branch
•2016 SP2 CU2 GDR – 13.0.5161.0 – install this if you’re on the latest 2016, SP2 CU2
•2016 SP2 GDR – 13.0.5081.1 – install this if you’re still on SP2
•2016 SP1 CU10 GDR – 13.0.4522.0 – install this if you’re still on SP1 CU10
•2016 SP1 GDR – 13.0.4223.10 – install this if you’re still on SP1 with no CUs

No comments »

Posted in SQL

Microsoft Ignite agenda insights to the future road map

August 14th, 2018 by Stephen Jones No comments »

Microsoft recently published the session list for its annual Ignite IT Pro conference happening at the end of the September. Alook at the topcis gives a clue to its roadmap. There sessionson on the next version of SQL Server. Surface Hub 2 and Surface Go with LTE, Intune and Windows Autopilot, Windows Server 2019. New Remote Desktop services.

Last year, Microsoft used Ignite to highlight AI, intelligent edge and its futuristic quantum-computing technologies but overall the listed sessions, look more down to earth. There are two mixed-reality sessions — including “Visio Immersive,” Almost 100 listed sessions touch on AI . At Inspire Microsoft told partners the “AI Accelerate Kit”would be coming in October and include AI use cases, best practices and “Ethical AI” guidance so that seems lilley to be included.

At Ignite Microsoft will again focus on Microsoft 365,- the bundle of Windows 10, Office 365 and Intune security/management technologies.

Expect to a lot of Dynamics 365 CRM and ERP content — because October is when the next feature update will arrive for the suite of Dynamics products.

There seems to be more developer content: . ASP.NET, Visual Studio Code and Visual Studio 2017, Node.js, and sessions on linux and Docket containers, Progressive Web Apps and MSIX, the new Windows 10 application-packaging technology Microsoft is rolling out.

There are 115 sessions listed for SQL Server /Azure SQL. Mayeb we will get an insight into the successor to SQL Server 2017 — codenamed “Aris,” which is currently in private Community Technology Preview testing.

Microsoft wil lalso show the new the Surface Hub 2 and Surface Go.

Expect Windows Server 2019, Microsoft’s next major release of Windows Server, to be a hot topic -it’s due to start roll out before year end.
https://www.microsoft.com/en-us/ignite
https://www.microsoft.com/en-us/ignite/faq
September 24–28, 2018 | Orlando, Florida

No comments »

Posted in Dynamics 365, Microsoft, Microsoft Dynamics Ax, Microsoft Dynamics CRM, Security and Compliance, SharePoint and EPM, SQL, Technology

Dynamics 365 October 2018 release – many new features

August 4th, 2018 by Stephen Jones No comments »

What to expect from the Dynamics 365 October 2018 release is set out in a 250 plus page document. The coming October update includes more than a hundred incremental updates to: the core Dynamics, Sales, Marketing, Customer Service, Portals, Omni-channel Engagement Hub, Field Service, Project Service, Social Engagement, Finance and Operations, Talent, Retail, and Business Central products and services.

The new Dynamics 365 AI for Sales app, will help sales teams to use technologies, such as call sentiment analysis and warnings about deals being at risk, to take proactive actions. This app will be in public preview as of October 2018.

Expect to see a more tightly integrated Dynamics 365 with Microsoft Teams, SharePoint, LinkedIn, Microsoft Stream video platform, Azure, Azure IoT Central, Outlook together with relationship analytics and predictive lead scoring also in public preview as of October.

Finance and Operations (Dynamics AX, ERP) each feature listed below will be released with general availability
Financial
• Dual currency
• View settlement transactions
• Global number sequences
• Vendor and customer approvals for specific fields
• Data entry dimension values
• Consistent validation actions
• IBAN number validation
• Change cash discounts
• Automatic ledger settlements
• Reverse journal posting
• On-hand inventory report performance
• Simplification through configurable templates
• Enterprise credit management
• Revenue recognition

Operations
• Master planning performance improvements
• Consolidation of planned orders during parallel firming
• Sealed bidding
• Unit of measure
• Public sector enhancements

Globalization
• Russian localization
• Globalization – enhanced configurability
• Regulatory Services, Configuration service
Platform Updates
• Usability and productivity updates
• Personalization improvements
• Additional demo data
• Data resident subscriptions
• Supportability rules
• Test automation support
• Troubleshooting for the document routing agent
• Upgrade automation
• On-premises deployment
• Manage batch jobs

Integration
• Integration with Field Service: Inventory and Projects
• Extend analytical workspaces by mashing up external data with Power BI

Analytics
• BYOD (Public Preview)
• Edit analytical workspaces
• Pin Power BI dashboards to workspaces
• Real-time embedded Power BI Reports

Lifecycle Services
• Dynamics Translation Services API (Public Preview)

Microsoft continues to emphasize the applicability of its HoloLens augmented reality goggles with the company’s business applications. The October 2018 update will feautre integration with Remote Assist, Microsoft’s new hands-free video calling, and Microsoft Layout, which allows space planners to design their spaces.

The Common Data Service, which is part of its “Power Platform,” will also be updated with the October 2018 release.

No comments »

Posted in Dynamics 365, Microsoft, Microsoft Dynamics Ax, Microsoft Dynamics CRM, Technology

Dynamics 365 Finance and Operations catch up with the new features

July 30th, 2018 by Stephen Jones No comments »

Take a look into the new Dynamics 365 Finance & Operations capabilities mentioned in several of our prior posts that were added during the Business Applications Spring 2018 Launch that help you to engage customers, empower employees, optimize operations, and transform products.

Call Synergy Software Systems – implementing Dynamics from Dubai since 2003.

No comments »

Posted in Microsoft Dynamics Ax, Microsoft Dynamics CRM

Vendor collaboration Dynamics 365 Finance and Operations – ask Synergy Software Systems

July 23rd, 2018 by Stephen Jones No comments »

Vendor collaboration is a process where you, as a company, grant the access to your vendors in order to perform the following:
•review, accept, and reject request for quotations (RFQs)
•review, accept, reject, accept with the changes purchase orders (POs)
•perform vendor invoicing
•work with consignment stock

Since Microsoft Dynamics 365 for Finance and Operations is web-based application, you can easily allow vendors work directly in the Microsoft Dynamics 365 for Finance and Operations without need for EDI. It lets vendors work with purchase orders (POs), invoices, consignment inventory information, and requests for quotation (RFQs), and also lets them access parts of their vendor master data. The video and graphic explain the initial, on-boarding process.

The Vendor Collaboration features allow a vendor contact to have access to the D365FOE environment for specific workspaces, to support review and feedback on POs. That feedback is visible to the internal user(s) to further process. A record is retained in D365FOE for all Vendor Collaboration actions for audit and vendor performance evaluations.

No comments »

Posted in Dynamics 365, Microsoft

SQL Server 2016 SP2 CU2, SP1 CU10

July 18th, 2018 by Stephen Jones No comments »

Fixes and improvements:
• DAG improvement – automatically seed replicas – when you add a database to an existing AG, SQL Server can automatically seed it across the secondary replicas. .
• AGs – configurable session_timeouts
• AGs – slow transactions with 1 sync and 1 async secondary
• AGs – on cross-data-center AG failover, you get a non-yielding scheduler and a crash
• AGs – queries on secondary take twice as long
• AGs – VSS backups fail on secondary replicas in a Basic Availability Group (which technically you’re not supposed to do, but you can still back up the entire secondary VM, and that’s where the problem looks like it’s coming in)
• AGs – fixing error 19432 for duplicate log blocks
• Log shipping – add support for Transparent Data Encryption by configuring MAXTRANSFERSIZE.
• Dynamic data masking doesn’t
• SSAS crashes when Process Full follows Process Clear –“you will notice that the SSAS may crash.” .
• Memory dump when you merge partitioned temporal tables .
• Stats updates can get a “corrupted index” message and a disconnect
• Assertion error when you add a database
• Slow performance when Query Store is enabled
• Non-yielding schedulers require a reboot – not the most informative KB article ever. “Assume that you have a Microsoft SQL Server 2016 installed.” .

See KB articles for more information . Download SQL 2016 SP2 CU2 and/or SP1 CU10.

https://support.microsoft.com/en-us/help/4341569/cumulative-update-10-for-sql-server-2016-sp1

No comments »

Posted in Infor Financial solutions, Microsoft, Microsoft Dynamics Ax, Microsoft Dynamics CRM, SharePoint and EPM, SQL, Sunsystems and Vision, Technology

End of life for SQL 2008 and 2008 r2 is only a year away

July 14th, 2018 by Stephen Jones No comments »

On July 9, 2019, Microsoft will end Extended Support, for SQL Server 2008 and 2008 R2hich means no more updates or support of any kind, potentially leaving you vulnerable to security and compliance issues.
Some considerations:
That is only a year away. So time to start planning and to get it into your 2019 budget.
What applications are affected? With what new SQL version are they compatible?
Will you need to rebuy licenses? The SQL license cost is now core based and it might prove lot higher than last time so take the time to consider all options.
Should any of your applications move to the cloud?
Should you also look at upgrades to Hardware? Windows, Office, Exchange, or Business finance/erp systems in conjunction with SQL?
Is now the time to review your security solutions?
Are you going to expand, or implement heavy new processes like consolidation, budgeting, BI in then next 2-3 years?
Is your mobile network growing?

There are major enhancements at QL 2016 sp1 so we recommend you should not consider any version lower than that. By next year SQL 2017 will also have settled down.

To discuss options callus o 0097143365589

No comments »

Posted in Hospitality, HR and Payroll, Infor Financial solutions, Microsoft, Microsoft Dynamics Ax, Microsoft Dynamics CRM, Security and Compliance, SharePoint and EPM, SQL, Sunsystems and Vision, Technology

Is your rdp access secure?

July 14th, 2018 by Stephen Jones No comments »

A recently released report sponsored by IBM Security and conducted by Ponemon Institute estimated that a data breach costs Companies an average of $148 per lost or stolen record. This was based on interviews regarding meg breaches i.e. more than 1 million records.

According to the McAfee Advanced Threat research team, Cybercriminals are compromising and selling remote desktop protocol (RDP) access on the dark web for as little as $10, Cybercriminals will try to RDP access to: create false flags, spam, account abuse, credential harvesting, extortion, ransomware, and to cryptomine.

If you use RDP network access then you are vulnerable to such attack, which will concern everyone from government to healthcare institutions,

Remote access systems are needed by many organizations to conduct their businesses, McAfee’s research team recommendations:
• Use complicated passwords and two-factor authentication on your RDP, as this will make brute-force attack more difficult to complete
• Do not conduct or allow RDP connections across open internet
• Lock out or timeout users with too many failed login attempts
• Check event logs regularly for strange login attempts
• Use an account-naming convention that doesn’t give away details about your organization
• Make a list of all systems using the network and what protocols they are connected through, including POS systems and Internet of Things (IoT)

The good news is that the research found that security automation tools are doing their stuff.. Machine learning, artificial intelligence, analytics, and orchestration to identify and contain breaches are new tools in the fightback against malware.. Companies that extensively use automatic security tech saved over $1.5 million on the total of a breach, said the release.

Meanwhile

No comments »

Posted in Security and Compliance, Technology

Dynamics 365 for Finance and Operations the Optimization advisor

July 9th, 2018 by Stephen Jones No comments »

One of the key features D365 uses to help users with task automation and keeping up productivity levels is the Optimization Advisor. When a business process is not able to produce the required performance, companies usually have to involve users, internal consultants, implementation partners or even write up incidents and ask vendors for support. This can cause a lot of chaos and disparate solutions. Incorrect configuration and setup of a module can lead to reduced functionality within Finance and Operations, as well as slower system performance and incomplete business process workflows.
https://docs.microsoft.com/en-us/dynamics365/unified-operations/dev-itpro/sysadmin/optimization-advisor-overview

The quality of business data (for example, the correctness, completeness, and cleanliness of the data) also affects system performance, and an organization’s decision-making capabilities, productivity, and so on.

The Optimization Advisors guides users by offering them opportunities to follow best practices and increase the quality of their workflows. It can suggest best practices for module configuration and identify business data that is obsolete or incorrect immediately. When violation of a rule within the system is detected, an optimization opportunity is shown on the user’s screen. The user can take corrective action directly from the Optimization Advisor workspace – it’s as simple as clicking one button. When an optimization action is taken, the system calculates the impact of the opportunity by estimating the reduction in the runtime of business processes.

To ensure maximum efficiency and operational excellence, the Optimization Advisor goes through the following processes:
• business process analysis
• search for optimization opportunities
• use of data composition
• quantification of opportunities
• solution recommendations

For some opportunities, when the recommended action is taken, the system can then calculate, and display in the Impact tab, the result of the optimisation in terms of the reduction in the runtime of business processes. If a corrective action doesn’t fully resolve the issue, the opportunity will be generated again the next time that rule is run. Opportunities can be hidden from a user’s list or the rule deactivated.
Optimisation opportunities can be company-specific or cross-company, and new rules can be coded to apply per legal entity or to the whole system

The current release of Dynamics 365 for Finance and Operations includes a new tool named the Optimization advisor. The Optimization advisor workspace suggests best practices for module configuration and identifies bad data. If you have customizations or ISV solutions in your environment, you can create additional rules for identifying configuration or data issues relative to the associated processes. The Optimization advisor will run periodically in the background and identify “opportunities” for optimization that you can “take action” on in the workspace.