News

Oracle NetSuite ERP: The Pros and Cons

Posted in: Business Intelligence, Enterprise Apps, enterprise resource planning, Enterprise Resource Planning (ERP), ERP, ERP software, HR software, NetSuite, NetSuite ERP, Oracle, oracle netsuite, Oracle NetSuite ERP, SME - May 21, 2021

Long regarded as the #1 cloud ERP solution, Oracle NetSuite ERP offers a robust portfolio of procedural management software that streamlines business processes for 24,000+ cross-industry customers. The company has experienced great success as both an upgrade from less powerful ERP systems and as a solution that pulls multiple disconnected systems together. Their holistic approach to enterprise management is best illustrated by their seven key feature categories:

  1. Financial Management
  2. Financial Planning
  3. Order Management
  4. Procurement
  5. Production Management
  6. Supply Chain Management
  7. Warehouse and Fulfillment

The NetSuite ERP portfolio can eliminate a lot of administrative headaches at businesses of any size, but is their ERP the right solution for your business? Take a look at some of the pros and cons that their current customers have highlighted to help you make an informed purchasing decision.

Read Next: Essential Features in Foodservice ERP

A Deep Dive Into Oracle NetSuite ERP

The Pros of Oracle NetSuite ERP

Customizable and Scalable Features

NetSuite offers the same flexibility as most other platforms in the way of add-on modules, user seats, and length of contract. However, Oracle NetSuite’s platform sets itself apart by extending several options to customize their boilerplate solutions to fit your business needs. Users have praised the customizable templates that NetSuite offers in all of its ERP modules, and although doing so may require more extensive technical knowledge, users can code their own solutions into any of the modules. 

A favorite customizable feature in Oracle NetSuite ERP can be found in the HR SuitePeople module, where administrators have the freedom to customize and adjust pay options beyond typical pay categories.

Larger companies like Smartsheet have chosen NetSuite because of scalability built into its ready-made ERP features. Mark Mader, the CEO of Smartsheet, specifically highlighted how the SuiteBilling billing and revenue software has enabled his company to grow: 

“We needed a solution that could support significant growth in our primary segments—enterprise customers as well as SMBs where we leverage a self-service model—each of which has its own unique set of complexities…NetSuite was the only solution that offered us the ability to automate both the back office and customer-facing aspects across both these important segments of our business.” 

Strong Business Intelligence Backbone

NetSuite ERP consistently receives high marks for its business intelligence and financial management tools. Through the platform’s automation of processes like billing, accounting, and reporting, finance teams can focus on financial planning, predictive analysis, and other strategic product and systems-facing actions that require their expertise.

One of their strongest business intelligence and finance features is SuiteBilling, advertised as the industry’s first unified order-to-billing-to-revenue recognition solution on the cloud. Other notable features in this segment of the NetSuite ERP include revenue recognition, customizable analytics and dashboards, and multi-currency transaction capabilities. 

NetSuite ERP What If Analysis for Business Intelligence.
This is an example of the NetSuite ERP “What If” Analysis feature, which allows you to plan and assess potential changes in your business model through what-if scenarios.

Workflow and People Management

At the core of any business, you’ll find people relations and management. Many companies rely on separate HR software that does not wholly integrate with their other company software. But NetSuite ERP’s HR module, SuitePeople, seamlessly connects HR data with financial, procurement, project, payroll, planning, and budgeting data across other modules in the platform. These connections help companies set and analyze performance against company-wide, department, and individual KPIs based on product and market success. NetSuite’s analytics framework is particularly useful for visualizing these types of metrics, as the dashboard shows people and financial analytics side by side and in real-time.

Beyond the people analytics found in NetSuite ERP, you’ll also find a system that simultaneously encourages administrative freedom with widespread employee data protection. Features like the employee directory and other searchable databases within the system make it easy for anyone to connect with the right person in the organization. However, features like effective dating and access control ensure that only administrators with the right access privileges can view employees’ most private data.

NetSuite ERP SuitePeople HR and Finance Metrics.
This is one chart found on the SuitePeople HR dashboard, which compares people analytics with revenue and other financial analytics.

The Cons of Oracle NetSuite ERP

Pricing and Add-On Costs

Although some custom packages and pricing options are available, NetSuite’s baseline package costs $999 a month plus $99 per user, which will likely strain the budgets of smaller companies. These costs also don’t account for the fact that companies pay for nearly every customization they choose to add, with things like 24/7 support and upgrading to the latest versions of different modules incurring extra fees.  

You’re paying for a high-value product that streamlines all of your business software into one tool. So if the price works for your business, it makes sense to pay a higher price than you might pay for a solution like QuickBooks Enterprise, which includes many financial and BI modules, but completely misses on CRM and HRMS features. The ROI is there for the right business model, budget, and tenacity to keep up with changing costs on the platform. 

Customer Support

NetSuite’s technical support is included with all NetSuite subscriptions, but multiple user reviews have indicated the limitations to the service. The included support package offers only 10 hours of customer online support, during regular business hours Monday through Friday. Premium and Advanced Customer Support packages extend that service to 24/7 support for additional fees. Users have also expressed that the support team offers highly technical solutions without always guiding customers, which makes it difficult for teams with less technical staff to resolve NetSuite ERP problems.

NetSuite ERP Support Plans, Basic and Premium Support Comparison.
Basic Support, which is included with all NetSuite purchases, only provides guided support to users when they are experiencing a Severity 1 (Critical) problem in the system.

Although their actual support team may be limited in the scope of what they offer to customers, NetSuite ERP extends several self-help resources to their customers for free:

  • SuiteAnswers support ticketing system
  • NetSuite support user group
  • Online case submission
  • Full training class curriculum

Accessibility for SMEs

Oracle NetSuite has often claimed that they want to be an ERP solution for small and mid-size enterprises (SMEs), but many SMEs have expressed that the solution better fits larger companies. These smaller organizations have shared that the customizations that they want or need to implement in their ERP require two things that they don’t always have: specialized employees who know how to make those coded adjustments, and large budgets to pay for customizations and new add-ons. Managing customizations and version history across the portfolio may require more training, specialized knowledge, FTE, and budget than SMEs can reasonably afford, which is why the solution continues to be selected by mostly larger enterprises.

Read Next: Three Key Advances in ERP for 2021

The post Oracle NetSuite ERP: The Pros and Cons appeared first on CIO Insight.

top

2021’s Most Successful Phishing Ploys (So Far)

Posted in: phishing, Security - May 20, 2021

Fishing competitions take place all over the world. Anglers attempt all kinds of strategies in their attempts to land the big one. Phishing plays a similar game. Cybercriminals devise and constantly revise their strategies to land their big fish of their own – access to financial data, the ability to lock users out and hold them to ransom, or disrupt societal infrastructure.

The latest ploys are laid out in the Q1 2021 top-clicked phishing report by KnowBe4. Here are the winners of the phishing competition based on email subject lines:

General Email Subject Line 
Password Check Required Immediately31%
Revised Vacation & Sick Time Policy15%
COVID-19 Remote Work Policy Update13%
COVID-19 Vaccine Interest Survey10%
Important: Dress Code Changes7%
Scheduled Server Maintenance -- No Internet Access6%
De-activation of [[email]] in Process5%
Test of the [[company name]] Emergency Notification System5%
Scanned image from MX2310U[[domain]]
4%
Recent Activity Report4%
Source: KnowB4.com

As you can see, businesses are very much in the crosshairs as they are likely to bear the most fruit in the form of data and personally identifiable information. Predictably, password scams top the list. This makes sense given the insanity of endless passwords for a litany of sites. Once users get comfortable with current rules, it is not uncommon for users to receive a rash of emails from different sites expressing changes to password and security policies. That, in turn, leads to passwords being changed more often, and of course, more characters of growing complexity being added. No wonder this is a big area of user annoyance, disagreement, and frailty. The bad guys are latching onto it.

Think about it for a moment. Your average techie may be enamored by the idea of unbreakable passwords that are impossible to guess. But the average user would rather use a simple password that is easy to remember and is never changed. Regular prodding to change passwords or add more obscure characters has some users up in arms, and others in a state of despair. In such a state of mind, they may lower their guard and click on something malicious, thinking it to be just the latest meddlesome interference from IT. It is up to IT to ensure their actions and password enforcements don’t antagonize users and force them into that frame of mind. Otherwise, IT will continue to be overworked by phishing flaps.

Read more: Check out eSecurity Planet’s comparison of top password managers in Dashlane vs. 1Password and Dashlane vs. LastPass

“The bad guys go with what works and in Q1, nearly a third of the users who fell for a phishing email clicked on one related to a password check,” said Stu Sjouwerman, CEO, KnowBe4. “Always check with your IT department through a known good phone number, email address or internal system before clicking on an email related to checking or changing a password because it only takes one wrong click to cause monumental damage.”

Further targets for cybercriminals include HR traffic. HR departments have been busy during the pandemic. Many attempted to make up for lack of onsite presence by sending far more email traffic than before. Hackers have realized this and have achieved phishing success with subject lines about vacation and sick time, remote work policy changes, vaccine information, and dress codes. If HR traffic is high, a phishing attempt posing as an email from HR may strike gold.

IT department traffic is another area of phishing success. With so much remote work being done, IT departments have been forced to be more vocal than before. The bad guys are tapping into this area with subject areas about server downtime, email account deactivation, and various tests being conducted. Scanned images and package delivery notifications are further sources of phishing success, as are social media messages – LinkedIn phishing messages dominate in social media email subjects.

The motto is clear: Think Before You Click.

The post 2021’s Most Successful Phishing Ploys (So Far) appeared first on CIO Insight.

top

2021’s Most Successful Phishing Ploys (So Far)

Posted in: phishing, Security - May 20, 2021

Fishing competitions take place all over the world. Anglers attempt all kinds of strategies in their attempts to land the big one. Phishing plays a similar game. Cybercriminals devise and constantly revise their strategies to land their big fish of their own – access to financial data, the ability to lock users out and hold them to ransom, or disrupt societal infrastructure.

The latest ploys are laid out in the Q1 2021 top-clicked phishing report by KnowBe4. Here are the winners of the phishing competition based on email subject lines:

General Email Subject Line 
Password Check Required Immediately31%
Revised Vacation & Sick Time Policy15%
COVID-19 Remote Work Policy Update13%
COVID-19 Vaccine Interest Survey10%
Important: Dress Code Changes7%
Scheduled Server Maintenance -- No Internet Access6%
De-activation of [[email]] in Process5%
Test of the [[company name]] Emergency Notification System5%
Scanned image from MX2310U[[domain]]
4%
Recent Activity Report4%
Source: KnowB4.com

As you can see, businesses are very much in the crosshairs as they are likely to bear the most fruit in the form of data and personally identifiable information. Predictably, password scams top the list. This makes sense given the insanity of endless passwords for a litany of sites. Once users get comfortable with current rules, it is not uncommon for users to receive a rash of emails from different sites expressing changes to password and security policies. That, in turn, leads to passwords being changed more often, and of course, more characters of growing complexity being added. No wonder this is a big area of user annoyance, disagreement, and frailty. The bad guys are latching onto it.

Think about it for a moment. Your average techie may be enamored by the idea of unbreakable passwords that are impossible to guess. But the average user would rather use a simple password that is easy to remember and is never changed. Regular prodding to change passwords or add more obscure characters has some users up in arms, and others in a state of despair. In such a state of mind, they may lower their guard and click on something malicious, thinking it to be just the latest meddlesome interference from IT. It is up to IT to ensure their actions and password enforcements don’t antagonize users and force them into that frame of mind. Otherwise, IT will continue to be overworked by phishing flaps.

Read more: Check out eSecurity Planet’s comparison of top password managers in Dashlane vs. 1Password and Dashlane vs. LastPass

“The bad guys go with what works and in Q1, nearly a third of the users who fell for a phishing email clicked on one related to a password check,” said Stu Sjouwerman, CEO, KnowBe4. “Always check with your IT department through a known good phone number, email address or internal system before clicking on an email related to checking or changing a password because it only takes one wrong click to cause monumental damage.”

Further targets for cybercriminals include HR traffic. HR departments have been busy during the pandemic. Many attempted to make up for lack of onsite presence by sending far more email traffic than before. Hackers have realized this and have achieved phishing success with subject lines about vacation and sick time, remote work policy changes, vaccine information, and dress codes. If HR traffic is high, a phishing attempt posing as an email from HR may strike gold.

IT department traffic is another area of phishing success. With so much remote work being done, IT departments have been forced to be more vocal than before. The bad guys are tapping into this area with subject areas about server downtime, email account deactivation, and various tests being conducted. Scanned images and package delivery notifications are further sources of phishing success, as are social media messages – LinkedIn phishing messages dominate in social media email subjects.

The motto is clear: Think Before You Click.

The post 2021’s Most Successful Phishing Ploys (So Far) appeared first on CIO Insight.

top

What Lessons Can CIOs Learn from the Colonial Pipeline Hack?

Posted in: colonial, hacking, Security - May 20, 2021

A welder works on a pipeline.The news angles and repercussions of the Colonial Pipeline hack just keep multiplying. It’s a story that serves to emphasize that a data breach bringing down a database or website is one thing – but crashing key infrastructure is quite another.

No ransomware attack has captured the imagination of the public like the Colonial Pipeline debacle. Millions paid in ransom, long lines at gas stations, soaring prices, federal government dallying, even a public explanation from CEO Joseph Blount as to why the company paid the ransom – this one has so many avenues to explore.

Investigators are delving into the exact causes. Whatever the specifics in the Colonial Pipeline hack, the contributing factors are unlikely to fall outside of these familiar vulnerabilities, each of which CIOs need to pay close attention to.

Phishing

Problem: All it takes is one gullible employee clicking on a malicious email link or attachment and the bad guys are inside. And while most know not to click open the email from the overseas banker who needs your help repatriating millions in krugerrands, phishing at the enterprise level still works.

Solution: Invest heavily in security awareness training to teach employees how to avoid being hoodwinked by social engineering ploys. All the security technology in the world and the best IT team in the universe can be utterly defeated by one inattentive staffer.

Backups

Problem: In the event of a ransomware attack, it is vital to have to hand a clean backup so you can get effected systems back up and running rapidly.

Solution: As well as good backup software, ensure you have the capability to test backups regularly, and scan then to make sure that your backups don’t contain ransomware.

Read more about why Tape Remains a Critical Part of Enterprise Storage.

Air Gaps

Problem: Any system that is online such as a disk-based backup is susceptible to attack. If bad actors get in there, they can lock you out and hold you to ransom. All the regular security measures can and should be used to thwart such attacks.

Solution: The only sure way is to have an air gap, which is a physical barrier that is offline between the web and the data. This can be achieved via modern tape archiving and backup systems that keep tapes offline, yet they remain accessible within minutes if needed due to their automated nature.

Don’t pay the ransom.

Problem: FBI directives make it clear that ransoms should not be paid as it encourages the criminals to continue attacking. Plus, those paying have no guarantee they will regain access or that the bad guys have retained some kind of backdoor or malicious code that can allow them to attack again.

Solution: Unless the financial cost of being denied access make the ransom demands seem like chickenfeed, don’t pay. But you have a stronger hand if you have implemented points 2 and 3 above so that you have all or most of the data available for relatively rapid recovery.

Segmentation

Problem: “One network to rule them all” is a bad idea. Period. One way to prevent ransomware from taking over enterprise resources it to internally segment the network. By doing so, malware can’t freely move around from one infected machine to the another.

Solution: Ask your IT department what they are doing about micro-segmentation. Insist they institute some form of granular segmentation within the IT infrastructure in order to limit the visible attack surface. Yes, one segment may become compromised and subject to ransomware. But the others will remain secure as they are walled off.

Zero-trust security

Problem: Part of the problem is that one compromised user account may be enough for cybercriminals to enter the network. And if they gain admin privileges, it’s game over.

SolutionImplement zero-trust security frameworks and technologies as they enforce proper authorization and validation and limit access to applications, data, and networks. As part of this approach, all resources are micro-segmented so as to allow only the amount of access privileges absolutely needed. Many of the latest firewalls come with micro-segmentation and zero-trust features.

Read more on Rise of Zero-Trust Network Access.

Digital transformation:

Problem: Most companies have submitted to the allure of digital transformation. This basically updates all systems so that they can integrate fully, gets rid of old analog and legacy systems, and brings the world of operational technology (OT – essentially building systems, cooling, heating, mechanical systems, etc.) into the world of IT. The downside is that with everything connected, the bad guys can shut anything down – like a pipeline or a hospital.

Solution: Enforce multi-factor authentication, and data encryption at rest and in transit, as well as the implementation of zero trust security, better endpoint protection, and faster incident response. And adopt a cautious approach to digital transformation so that your digitization initiatives don’t run far ahead of the need to secure them.

Patches:

Problem: Next to phishing, uninstalled patches are the next biggest security hole in the enterprise. It’s shocking to note that urgent security patches from months ago are still deployed in many enterprises.

Solution: Relieve the burden on IT by implementing automated and centralized patch management, and ideally turning the entire function over to a trusted vendor. The sad truth is that this function tends to get neglected as IT has other urgent priorities and firefights going on.

With breaches like the Colonial Pipeline hack making regular appearances in the headlines, CIOs have never been in a potentially stronger position to advance their companies’ security and infrastructure hardening goals. Zero-trust network access and segmentation might not close all the security gaps. But they’re certainly a good place to start.

The post What Lessons Can CIOs Learn from the Colonial Pipeline Hack? appeared first on CIO Insight.

top

What Lessons Can CIOs Learn from the Colonial Pipeline Hack?

Posted in: colonial, hack, hacking, Security - May 20, 2021

A welder works on a pipeline.The news angles and repercussions of the Colonial Pipeline hack just keep multiplying. It’s a story that serves to emphasize that a data breach bringing down a database or website is one thing – but crashing key infrastructure is quite another.

No ransomware attack has captured the imagination of the public like the Colonial Pipeline debacle. Millions paid in ransom, long lines at gas stations, soaring prices, federal government dallying, even a public explanation from CEO Joseph Blount as to why the company paid the ransom – this one has so many avenues to explore.

Investigators are delving into the exact causes. Whatever the specifics in the Colonial Pipeline hack, the contributing factors are unlikely to fall outside of these familiar vulnerabilities, each of which CIOs need to pay close attention to.

Phishing

Problem: All it takes is one gullible employee clicking on a malicious email link or attachment and the bad guys are inside. And while most know not to click open the email from the overseas banker who needs your help repatriating millions in krugerrands, phishing at the enterprise level still works.

Solution: Invest heavily in security awareness training to teach employees how to avoid being hoodwinked by social engineering ploys. All the security technology in the world and the best IT team in the universe can be utterly defeated by one inattentive staffer.

Backups

Problem: In the event of a ransomware attack, it is vital to have to hand a clean backup so you can get effected systems back up and running rapidly.

Solution: As well as good backup software, ensure you have the capability to test backups regularly, and scan then to make sure that your backups don’t contain ransomware.

Read more about why Tape Remains a Critical Part of Enterprise Storage.

Air Gaps

Problem: Any system that is online such as a disk-based backup is susceptible to attack. If bad actors get in there, they can lock you out and hold you to ransom. All the regular security measures can and should be used to thwart such attacks.

Solution: The only sure way is to have an air gap, which is a physical barrier that is offline between the web and the data. This can be achieved via modern tape archiving and backup systems that keep tapes offline, yet they remain accessible within minutes if needed due to their automated nature.

Don’t pay the ransom.

Problem: FBI directives make it clear that ransoms should not be paid as it encourages the criminals to continue attacking. Plus, those paying have no guarantee they will regain access or that the bad guys have retained some kind of backdoor or malicious code that can allow them to attack again.

Solution: Unless the financial cost of being denied access make the ransom demands seem like chickenfeed, don’t pay. But you have a stronger hand if you have implemented points 2 and 3 above so that you have all or most of the data available for relatively rapid recovery.

Segmentation

Problem: “One network to rule them all” is a bad idea. Period. One way to prevent ransomware from taking over enterprise resources it to internally segment the network. By doing so, malware can’t freely move around from one infected machine to the another.

Solution: Ask your IT department what they are doing about micro-segmentation. Insist they institute some form of granular segmentation within the IT infrastructure in order to limit the visible attack surface. Yes, one segment may become compromised and subject to ransomware. But the others will remain secure as they are walled off.

Zero-trust security

Problem: Part of the problem is that one compromised user account may be enough for cybercriminals to enter the network. And if they gain admin privileges, it’s game over.

SolutionImplement zero-trust security frameworks and technologies as they enforce proper authorization and validation and limit access to applications, data, and networks. As part of this approach, all resources are micro-segmented so as to allow only the amount of access privileges absolutely needed. Many of the latest firewalls come with micro-segmentation and zero-trust features.

Read more on Rise of Zero-Trust Network Access.

Digital transformation:

Problem: Most companies have submitted to the allure of digital transformation. This basically updates all systems so that they can integrate fully, gets rid of old analog and legacy systems, and brings the world of operational technology (OT – essentially building systems, cooling, heating, mechanical systems, etc.) into the world of IT. The downside is that with everything connected, the bad guys can shut anything down – like a pipeline or a hospital.

Solution: Enforce multi-factor authentication, and data encryption at rest and in transit, as well as the implementation of zero trust security, better endpoint protection, and faster incident response. And adopt a cautious approach to digital transformation so that your digitization initiatives don’t run far ahead of the need to secure them.

Patches:

Problem: Next to phishing, uninstalled patches are the next biggest security hole in the enterprise. It’s shocking to note that urgent security patches from months ago are still deployed in many enterprises.

Solution: Relieve the burden on IT by implementing automated and centralized patch management, and ideally turning the entire function over to a trusted vendor. The sad truth is that this function tends to get neglected as IT has other urgent priorities and firefights going on.

With breaches like the Colonial Pipeline hack making regular appearances in the headlines, CIOs have never been in a potentially stronger position to advance their companies’ security and infrastructure hardening goals. Zero-trust network access and segmentation might not close all the security gaps. But they’re certainly a good place to start.

The post What Lessons Can CIOs Learn from the Colonial Pipeline Hack? appeared first on CIO Insight.

top

Daman News and Events

This showcases our company news and upcoming events. Please check back as this page will change frequently.