The Data Security Challenge Of Procure-To-Pay

The digital transformation of the enterprise is ushering in a new era of efficiency, thanks to the opportunities that electronic data offers. However, the shift has also introduced the age of data silos, with back-office platforms struggling to connect and communicate with each other.

Taking a step back outside the enterprise, there are even more complex data integration challenges when two companies work together. In the procure-to-pay process, for instance, not only does data need to move internally to generate purchase orders and pay invoices, but the workflow relies on seamless communication between buyer and supplier.

Yet, because every company is in its own stage of digital transformation, and since businesses have an array of back-office apps and platforms from which to choose, moving data from one enterprise resource planning (ERP) system to another can seem like trying to get two systems that speak different languages to have a conversation.

Mark Seaman, vice president of channel sales at data integration software company Cleo, said the enterprise data integration challenge is a matter of “transformation and translation.”

Data integration between buyer and supplier is not as easy as moving information from one system into another, he told PYMNTS in a recent interview. Rather, that information must be transformed and translated into the appropriate format for the receiving platform to seamlessly support it.

“The key is not only the secure data movement, but its transformation and translation,” said Seamen. “[It’s] the ability to take a set of data in a format coming out of one system, and understanding the app that it needs to go into, and restructuring that data in a form that can feed automatically into that other application.”

Historically, middle-market and large enterprises have dealt with this data integration challenge by building proprietary solutions that can be clunky, and fail to be flexible enough to address the particular data acceptance needs of business partners’ own portals. The alternative, of course, is printing, emailing or faxing paper documents, and forcing recipients to manually rekey data into their systems in the proper format.

The potential benefits of being able to move data from one company to another, and do it in the correct format, seem obvious in the context of procure-to-pay. Such data integration between business partners can accelerate the workflow, meaning faster orders delivered to buyers and faster payments to suppliers. It can also mean fewer errors, and greater availability of data to analyze.

However, Seaman explained, achieving data integration between platforms within an organization, as well as between enterprises, is only part of the battle.

Security Vulnerabilities

Data security continues to create headaches for enterprise leaders. As cybersecurity technology investments rise, new challenges emerge as data flows between organizations: Once information leaves a company’s walls, the risks can be high that the third-party recipient of that information will not have adequate data protections in place.

Data published by the Ponemon Institute last year found that 59 percent of companies have experienced a data breach as the result of a security lapse by a vendor or another third party. That figure rose to 61 percent when analysts narrowed their focus to U.S. companies, with 22 percent of respondents admitting that they didn’t even know if there had a been a data breach at a third party in the last year.

“The third-party ecosystem is an ideal environment for cybercriminals looking to infiltrate an organization, and the risk only grows as these networks become larger and more complex,” said Dov Goldman, VP of innovation and alliances at Opus, which sponsored the research. He added that companies need to collaborate to ensure that they mitigate appropriate risks down the supply chain.

Yet, the threat persists. Last month, separate analysis from eSentire found that 44 percent of businesses experienced “a significant, business-altering data breach caused by a vendor” — despite the fact that most companies surveyed said they had a policy around third-party data security.

Direct data streams between ERP and other enterprise platforms may make procure-to-pay and other business processes more efficient, but, unless data security is addressed, those direct data streams can ramp up an organization’s exposure to the risk of a data breach.

Seaman said it’s critical that data integration solution providers adhere to high industry standards, including Applicability Statement (AS) 2, AS3 and AS4 — protocols for apps to communicate data in a secure fashion via encryption and other security measures.

Yet, as many organizations continue along their digitization journeys, more are facing the roadblock of being unable to seamlessly integrate their own back-office platforms, or seamlessly move data between their systems and those of a business partner. Relying on proprietary connectivity solutions can fail to address the heightened data security risks of moving information outside of a company, Seaman warned.

“We find a lot of companies, believe it or not, are moving data unsecurely between themselves and vendors,” he said, “which, in my estimation, is quite scary.”