Archive for the ‘Security and Compliance’ category

SnapLogic and Data Interchange for iPaas and EDI

August 20th, 2020

SnapLogic and Data Interchange have joined forces to bring together market leading iPaaS and EDI solutions
SnapLogic provides the #1 Intelligent Integration Platform.

The company’s AI-powered workflows and self-service integration capabilities make it fast and easy for organizations to manage:
- all their application integration,
- data integration,
- API management,
- B2B integration, a
- data engineering projects on a single, scalable platform.

Hundreds of Global 2000 customers — including Adobe, AstraZeneca, Box, Emirates, Schneider Electric, and Wendy’s — rely on SnapLogic to automate business processes, accelerate analytics, and drive digital transformation.

This new partnership will combine SnapLogic’s award winning Intelligent Integration Platform, with Data Interchange’s cloud based EDI solutions – Web EDI, and DiNet –to enable forward-thinking customers to drive internal digital transformation processes from a central platform, providing self-service integration up to ten times faster than other existing technologies.

Robert Steiner, CEO, Data Interchange commented:

“A partnership between SnapLogic and Data Interchange is a win/win. Many organisations not only have the need for strong and reliable integration systems, but they also need a good EDI partner with state-of-the-art functionality and their own VAN. Combining SnapLogic’s self-service iPaaS platform with our own self-service cloud based EDI platform and VAN provides customers with everything they need,”
“Working with SnapLogic has also enabled us to expand our market reach and capabilities. Integration is not only about application to application communication but also about automated data flows and supply chain management.”
Through the new partnership customers will be able to combine the trading world of EDI, including communication protocols like AS2 and OFTP, as well as a VAN, with a modern JSON, API-first platform. This ensures customers are able to push forward with their transformation initiatives using a single augmented, integrated platform covering EDI, data integration, AI/ML, application integration and streaming. Taking this approach means more re-use, reduced IT debt, faster time-to-market, and increased transformational agility with deeper and wider connectivity.

Roger Coles, Channel and Alliances Director EMEA at SnapLogic commented on the partnership:

“EDI has become increasingly important within organisations today, as they seek to streamline processes and automate various functions with the business. So we are excited to be announcing this new partnership with Data Interchange. By combining our two best-in-class solutions we will be able to provide a combine offering which we feel will be well received by our customers thanks to the unrivalled depth and breadth of functionality Data Interchange provides through its EDI solutions.”

If you need a faster and more robust way to develop, manage and maintain interfaces, with pre-built ‘snaps’, ETL, and streaming data callus ot learn more: 0097143365589

Microsoft’s storage compliance within Dynamics 365 and the Power Platform be aware.

August 19th, 2020

Microsoft’s storage compliance within Dynamics 365 and the Power Platform has operated to date primarily on a trust basis.
From 10 August 2020, the first restriction for those tenants over their limits comes into effect.

It is little surprise that Microsoft have begun to enforce storage compliance and it is important for businesses to ensure they are under their own quotas should the need to restore or copy data arise.

Further enforcement restrictions may be put in place in due course, so it is better to be aware of any issues now.

What is the restriction?
For administrators looking to copy or to restore an environment, this will no longer be possible if the tenant is over its storage quota.

The ability to be able to restore from backups is a key feature of the Power Platform Admin Center, particularly after any important data loss, so it will now be important to maintain storage levels under the quota to ensure this feature remains available.

How can you check my current storage levels?
Administrators can access the Capacity page of the Power Platform Admin Center via this link or by browsing to Resources>Capacity within the Power Platform Admin Center itself. From here, you will be presented with two diagrams; te first showing the current Storage Capacity Usage:

and the second showing the Storage Capacity By Source:

This table shows how your available storage is calculated and will vary depending on the licences your organisation has purchased.

I’m currently over my storage quota(s) – what can I do?
There are two routes to take when it comes to managing storage:
1. Delete unused data that may be unnecessarily taking up storage space. Microsoft have their own guide on how to achieve this but it is important to proceed with caution to prevent the deletion of business-critical data.
2. Purchase additional storage.

Clients of Synergy Software systems with existing support agreements who need assistance with reviewing their storage quota or wish to discuss the purchasing of additional storage, please get in touch. 0097143365589

Dynamics 365 HR and Payroll for the G.C.C. – ask Synergy Software Systems

August 19th, 2020

Microsoft rebranded Dynamics 365 Talent as Dynamics 365 Human Resources.( Dynamics 365 Talent is no longer sold -see our February 2020 post. The Attract and Onboard service will be available until 1 February 2022, or until your contract ends, whichever occurs first. LinkedIn is taking the lead on Talent Acquisition, Learning and People Success applications. Linked Talent Hub is a new applicant tracking system (ATS) that became available on 26 September 2019. LinkedIn Learning and Glint complete the portfolio of Talent Management solutions. Microsoft will offer a migration path to LinkedIn Talent Hub. The initial release of LinkedIn Talent Hub supports customers with less than 1000 employees. Data export tools will be available from within Attract to help customers transition to the Talent Acquisition solution of their choosing. Eligible customers using the Talent Onboard app may continue to use it through 1 February 2022 or until the end of their most recent Dynamics 365 contract or renewal, whichever occurs first. Migration tools will be provided within the Onboard app to help customers export onboarding guides.

Core HR – is now Dynamics 365 Human Resources

The key features include:

A central database for staff, with automatic updates.
The ability to set up and run benefit policies.
Automated absence monitoring and time management tracking.
Full CPD management, including performance reviews, matching competencies to job roles and target tracking.
Creation and delivery of training courses, including analysis of outcomes.
A questionnaire feature for gathering feedback and insight from employees. These are conducted digitally, with responses automatically linking to staff records and triggering suggestions for updating policies and strategies.

When you set up a Dynamics 365 Human Resources account, the first stage is to create an HR strategy on the platform. This will provide the overarching structure for how human capital is managed in your organisation, and includes things like specifying whether processes will be managed by department, by jobs or by positions.

Set up plans to guide day-to-day management of your HR operation through Microsoft Dynamics 365 Human Resources. These might be compensation and incentive plans for rewarding strong performance, or they might be training plans which link development to key strategic goals for the business overall.

An advantage of Microsoft Dynamics 365 Human Resources is how all of the data that is linked to plans is centrally stored and automatically updated. When you create a scheme for staff benefits such as a company laptop, phone or a car, then logging of data about upgrades and replacements is automated. The same applies to company incentive schemes like health insurance or pensions, which saves huge amounts of time in administration data maintenance work.

Dynamics 365 Human Resources supports compliance with employment laws in different jurisdictions. It will, for example, suggest complying with equality and disability laws, making recommendations based on personnel data.

Dynamics 365 Human Resources Employee Self Service allows employees to view and manage their core data via employee self-service. This ranges from the ability to view and manage personal details, bank information and competencies to compensation, leave & absence and benefits taking the load off from HR personnel making sure they can stay focused working on higher priority tasks.

Managers are also empowered to view and handle processes directly from Manager self-service and do not have to reach out to HR to manage tasks such as team’s to manage their team’s leave & absence, performance, to approve relevant requests or to view their team members’ position or compensation related information.

Leave & Absence in D365 HR was recently enhanced and allows HR to configure and manage as many leave & absence plans as needed and specify multiple details for each plan such as accruals, carry over amounts, how and when the balances are calculated and pro-rata rules to name a few. In addition, time off can be requested from employee self-service or manager self-service and the requests can be viewed in a calendar view format making it easy for manager or HR to assess the situation for any given period of time.

The HR team can effectively manage core processes related to hiring, transferring and terminating employees optionally supported by workflows to ensure that any required approvals are obtained before the processes can be finalised. These processes can be also enriched by utilising Task management in the form of checklists to make sure, that any related activities needed to be completed are distributed to relevant parties to action.

Dynamics 365 Human Resources makes it simple to configure compensation programs your organisation needs to support any plans and guidelines to ensure salaries are recorded properly. Any variable compensation such as bonuses or shares can be also easily recorded and managed within D365 HR to store the information in one place for comprehensive reporting and data management.

Performance management in D365 HR offers the ability to configure and manage reviews and goals accompanied by the option to record activities actioned or to be actioned during the review period. In addition, reviews and goals templates can be constructed to support your business and provide managers and employees with a starting point and a guiding framework to follow during the review process. Support each review by a different workflow to ensure the manager’s and employee’s approvals are in place before the review process is finished.

Dynamics 365 Human Resources allows HR users to schedule courses for which employees can be allowed to be signed up to via employee self-service. Skills and competencies recorded against the course and the course can be transferred to the employee’s record upon completion. HR and Managers can utilise skill assessment and skill to job analysis to see what competencies are needed and potentially missing when compared to required job-related competencies.

Synergy Software Systems has been implementing localied HR and Payroll and T@A systems in the UAE for over 20 years.
Our GCC localised HR admin and Payroll module for Dynamics 365 further extends and automates the core features with extensive workflows, reports and Power Bi dashboards.

Contact us on 009714 3365589

Modernise sales with Synergy Software Systems.

August 13th, 2020

Did you know that 55% of sales reps think their company’s sales tools are an obstacle instead of a facilitator?

Technology has rapidly changed the way customers buy. Customers now have more options on how when and where to buy, access to greater amounts of information, and communication channels have multiplied. As the complexity of sales increases, managing the sales process across multiple accounts can be challenging for sales teams. To better manage this complexity and help their sellers get more done, innovative organizations are modernizing their sales productivity.

Sales force automation and AI capabilities enable sellers to better manage lead. These intelligent solutions accelerate deals with an end-to-end, immersive experience for opportunity management; and integration with familiar tools—like Dynamics, Teams, Excel and Outlook—into their workflows to help increase collaboration and productivity.

- Focus on what’s most important and tailor interactions with your customers
– Streamline seller workflows, and get more done with integrations with familiar tools, like Office 365, that make work easier and faster
– Start with a sales solution that meets your needs and grows with your business

All of this means that sellers can spend less time on administrative work and more time meeting and communicating with customers, which leads to better solution design, more deals, higher revenue, and happier customers.

Please contact us to learn more about how Synergy Software Systems can help boost your revenue through modernizing your sales productivity with the latest automation tools.

callus on 0097143365589

Why do data warehouses fail? ask Synergy Software Systems for the latest research report

August 6th, 2020

Organizations are increasing their data warehouse investments, however, the process of identifying and moving data into a data warehouse is not always straightforward.

IT leaders report that organizational and technical challenges are hindering success, according to new research from SnapLogic and Vanson Bourne. This research firm surveyed hundreds of IT decision makers (ITDMs) and recently published their findings.

Key findings:

• Nearly nine in ten (88%) of ITDMs experience challenges trying to load data into data warehouses, major inhibitors are: legacy technology, complex data types and formats, data silos, and data access issues tied to regulatory requirements
• The average enterprise has 115 distinct applications and data sources, with almost half of those (49%) siloed and disconnected from one another
• 89% of ITDMs are worried about those data silos.
• ITDMs report that, on average, 42% of data management processes that could be automated are currently being done manually, taking up valuable time and resources
• As a result, almost all respondents (93%) believe improvements are needed in how they collect, manage, store, and analyze data

Building a data warehouse is one thing. continuously updating it with high data volumes, and rapidly and easily maintaining and updating multiple interfaces with low risk as software updates and business and regulatory requirements change is an ongoing challenge.

Find out how prebuilt snaps, data management tools, data streaming, and low code rapid integration development are supported with an integration platform as a service iPaaS.

Contact us today for a copy of the report and to see demo of Snap logic. 0097143365589

Dynamics Ax 2009, Ax 2012, and Windows 2008 all coming to end of life.

July 27th, 2020

Are you still running your business on Microsoft Dynamics AX 2009 or 2012?
Both versions are approaching the end of their life-cycles.
Microsoft is ending Mainstream Support for Dynamics AX 2009, AX 2012, and AX 2012 R2 this year and for AX 2012 R3 in 2021. That means no more security updates, hotfixes, warranty claims, design changes, features requests, and self-service support.

Even paid for extended support for AX 2009, AX 2012, and AX 2012 R2 ends in 2021.
For AX 2012 R3, it will be available until 2023.

ADOPT THE CLOUD, GET EXTENDED SUPPORT, OR DO NOTHING?
A custom support contract will extend the life of your ERP system beyond those dates. but it would mean significant expense. Generally, those support options could cost you between $50,000 and $150,000 per year. Is it really worth committing that kind of budget?

What are the options? If Dynamics AX 2009 or 2012 is working well for you and provides all the functionality you need, at a performance standard you like, then taking no action is one route. If you are not expecting dramatic growth or major changes in the way the company operates, and you have a good relationship with a Dynamics partner who can help you resolve any issues or make tweaks to the system then to do nothing it might be a short term option..

Don’t forget what you might be missing – the third option, is to upgrade to Dynamics 365 on the Azure cloud.

BUILD A BUSINESS CASE FOR THE CLOUD.
For many clients, the advantages of moving to the cloud are already compelling. . Once you’re in the cloud, you get periodic, largely automatic upgrades that require minimal IT involvement. Data protection and disaster recovery measures on Azure are state-of-the-art.

There are different costs and economies when moving to the cloud. You pay subscription fees instead of license and support investment in software. You no longer need worry about Windows and SQL licences and upgrades, and will see a reduction in server room utility bills.

We can help you to transition to cloud ERP. But, before you make any decision and pursue its realization, you should have a solid business case. An ERP upgrade is a major project and resource commitment even when it’s managed elegantly and efficiently. It’s worth it to be thorough in comparing the current and long-term benefits and costs of extending the life of your current AX solution, on the present or a modernized hardware and network infrastructure, or transitioning to Dynamics 365.
The whole architecture of the system has changed and migrating high volume, complex data, and custom code across an enterprise is not as simple as cloud advocates may claim. Its a whole new paradigm to support a digital revolution to a more agile. mobile world.

We can help you identify possible cloud ERP benefits that might not have been top-of-mind but are nonetheless highly advantageous. New approaches to automation, collaborations and communications with trading partners and customers can become more productive and faster in a cloud environment.

To gain better business insight or need to accommodate larger masses of data, the analytics and information management tools on Azure are powerful and can easily integrate with Dynamics 365. Any time, anywhere any device mobile access to ERP capabilities allows n ways of working.

Synergy software Systems is one of the oldest and most reputable Dynamics partners in the world. When it’s time to anticipate and prepare for the practicalities of your Dynamics 365 upgrade, we will work through them with you. We help you make sense of the licensing and figure out the most advantageous schedule. Engage with us to assess the effectiveness of your current processes, model possible improvements following the Dynamics 365 deployment, and prioritize the best sequence for bringing them into reality.

call us 0097143365589

https://docs.microsoft.com/en-us/dynamics365/fin-ops-core/fin-ops/get-started/mainstream-support-ax-2009-2012

https://docs.microsoft.com/en-us/lifecycle/

https://support.microsoft.com/en-gb/help/4456235/end-of-support-for-windows-server-2008-and-windows-server-2008-r2

UiPath attracts further $225m funding

July 20th, 2020

UiPath on Monday announced a $225 million Series E round, pushing its valuation to $10.2 billion.

Founded in 2005, UiPath builds technology called Robotic Process Automation, or RPA. It involves systems that use AI to learn and then take over routine and mundane software processes and business workflows from human workers. The company has more than $400 million in annual recurring revenue.

“COVID-19 has heightened the critical need of automation to address challenges and create value in days and weeks, not months and years,” UiPath CEO Daniel Dines said in a statement. “We are committed to working harder to help our customers evolve, transform, and succeed fast in the new normal.”

UiPath has a R&D hub in Bellevue, Wash., nearby Microsoft’s headquarters.

Synergy Software is the only MEA based UI Path Gold Partner. Let us show you how to streamline and automate process to reduce costs, and free up staff for higher value tasks, and reduce risk of fraud and data entry error.

Microsoft Windows 7 will no longer receive security patches,

July 14th, 2020

Microsoft Windows 7 will no longer receive security patches. Cyber criminals will try to target businesses that still haven’t upgraded.It’s estimated that 200 million PC users are still running Windows 7.

UK’s National Cyber Security Centre – the cyber arm of the GCHQ intelligence service – issued a warning over the continued use of Windows 7 PCs and laptops, telling users they shouldn’t use Windows 7 devices when accessing personal data.

Businesses hold data on large groups of people and it’s not beyond the realms of possibly that attackers could exploit new vulnerabilities uncovered in Windows 7 to maliciously infiltrate networks via phishing or malware attacks and gain access to that data. The global WannaCry ransomware attack of May 2017 demonstrated how vulnerable machines that haven’t received security updates can be to hackers.

Cyberattacks aren’t going to disappear overnight; security teams should be working to protect their organisations’ networks. If they don’t upgrade soon, then worst-case scenario could be another WannaCry-style attack.” said Nir.
Businesses may be reluctant to purchase more recent versions of Windows, but being without security updates is incredibly dangerous, and the risk of financial and reputational damage is huge. For those who don’t have a clear plan to move away from Windows 7, it is about time to create one.

There’s still the potential that there could be some Windows 7 devices left lurking on the network or staff BYODs. If you don’t take stock of your network to see how much Windows 7 you really have, then the chances are the cybercrooks will do it for you,

June saw a big jump in Phorpiex a notorious botnet campaign known for distributing a number of malware and spam campaigns, including largescale sextortion email campaigns, has surged in activity over the past month, with cyber criminals. Phorpiex detections grew to such an extent that it was the second most detected malware campaign during June, and 2% of organisations were targeted by the botnet.

The botnet sends out spam emails that attempt to deliver a malicious payload to victims to power an Avaddon ransomware campaign. Attempts to lure victims into opening a Zip file attachment in a phishing email that uses a wink emoji as the subject. It might sound like a basic form of cyberattack, but criminals use what works.
Phorpiex – which is also known as Trik – has been used to distribute spam campaigns for other forms of ransomware, including GandCrab and Pony, as well as being used to mine for cryptocurrency on infected machines.

The most commonly detected malware during June was Agent Tesla, an advanced remote access trojan that was detected targeting 3% of organisations. Agent Tesla is an information stealer and a keylogger, providing attackers with the ability to see absolutely everything on the infected computer, including usernames, passwords, browser history, system information and more – everything needed to very much compromise a network.

XMRig, an open-source cryptocurrency mining malware uses the CPU power of infected machines to generate Monero. It has been active since May 2017. The remainder of the top 10 most wanted malware for June is made up of familiar names including Dridex, Trickbot, Ramnit and Emotet – staples of cyber-criminal activity, either stealing information, or being used as the start of more destructive campaigns. For example, Trickbot and Emotet are often used as the first stage of largescale ransomware attacks.

Many of the common forms of malware rely on exploits and vulnerabilities that have long been known, so can be protected against by applying security patches, which in some cases have been available for years
Malicious hackers are targeting factories and industrial environments with a wide variety of malware and cyberattacks including ransomware, cryptocurrency miners – and in some cases they’re actively looking to shut down or disrupt systems.

A lack of basic protections can open the door to a relatively straightforward ransomware or cryptojacking attack that could have serious consequences for the bottom line.

To protect against cyber criminals and hackers, industrial environments should:
- Have the minimum number of open ports facing the internet and access control policies should be tightened with unique and strong passwords for each system.
- Use Two-factor authentication to help prevent attackers from gaining access to environments.
- Ensure that systems are regularly updated with relevant security patches in order to ensure that cyber criminals can’t take advantage of known vulnerabilities to gain access to networks.

Hijacked website domains – keep control of your content

July 9th, 2020

An oversight has long plagued Azure-hosted sites. It was recently reported that 240 website subdomains belonging to organizations large and small, were hijacked to redirect netizens to malware, X-rated material, online gambling, and other unexpected content. All due to the way they were hosted in Microsoft’s Azure cloud. Those organisations include: Chevron, the Red Cross, UNESCO, 3M, Getty Images, Hawaiian Airlines, Arm, Warner Brothers, Honeywell, Autodesk, Toshiba, Xerox, the NHS, Siemens, Volvo, Clear Channel, Total, and more. Microsoft itself accidentally allowed some of its own long-forgotten subdomains to slip into the hands of spammers. It’s not that these organizations were hacked; they rented a corner of the internet, added their logo and name, and when they no longer needed that space, they emptied it but left the door open for others to enter and run a casino or a porno store at the same address under the same brand.

Xerox found that one of its subdomains, advanced.core.freeflow.xerox.com, was commandeered to host pages linking to websites advertising escorts, kitchenware, oil paintings, and more, in the hope that the reputation of xerox.com would boost the linked-to sites in web search engine rankings. At one point advanced.core.freeflow.xerox.com was hosted in the Microsoft cloud on a server named something along the lines of webserver9000.azurewebsites.net, chosen by Xerox’s IT admins. When whatever was living at advanced.core.freeflow.xerox.com was no longer needed, Xerox would have spun down webserver9000.azurewebsites.net, releasing it for others to use. The point is that advanced.core.freeflow.xerox.com still pointed to webserver9000.azurewebsites.net, so when someone else came along and spun up a virtual server using that hostname, they could control the content of advanced.core.freeflow.xerox.com.

This is doubly embarrassing for Xerox, because the Maze ransomware team also claims to have infiltrated the tech giant’s network and exfiltrated gigabytes of internal data, which will be leaked unless the extortionists are paid off.

The latest list of hijacked subdomains was drawn up by Zach Edwards, who reported the URLs at the end of June to Microsoft as well as the affected organizations,. He said he earlier reported two to three dozen commandeered government and university subdomains as a priority.

Many of these subdomain takeovers appear to be by a single group that has been active for years. Some pages redirect to malware, some redirect to porn or casinos or other potential clients that pay them for inbound links, some direct to malicious chrome extensions, or cracked software.

Crooks try to hide their presence once they’ve hijacked a subdomain, by making the root URL show a 404 or “coming soon” message. Further down the directory tree, however, are potentially thousands of files containing everything from malicious redirects through affiliate links to pages designed to trick people into installing malware to links to blogs and seedy sites to boost their rankings.

At the end of last month, Microsoft published a support article explaining to customers how to avoid losing control of their subdomain content.

IPaaS – Snaplogic for rapid integration – ask Synergy Software Systems

July 1st, 2020

Forrester TEI Report – contact us for a copy. Learn how Box easily integrated 30 apps and saved $1M

the latest additions to a growing liwt of awards.

KSA Higher Customs Duty June 2020

June 29th, 2020

The Kingdom of Saudi Arabia (KSA) has published the new list of goods on which higher customs duty rates which are effective from 20 June 2020.

Earlier the Customs duty increased was supposed to be effective from 10 June 2020.

Further, in view of the VAT rate increase to be effective 1st July 2020, it is recommended for the businesses operating in KSA to do an impact assessment to identify the impact of VAT and Customs duty increase on their business.

Outlook fails to start for some users after June 2020 upgrade

June 25th, 2020

Microsoft says in a support document recently published that Outlook will fail to start for some users, automatically displaying an error prompting the users to repair some inbox files. According to the company, all users who have updated Outlook to version 2005 Build 12827.20268 or higher will see an error prompt saying that “Something is wrong with one of your data files and Outlook needs to close. Outlook might be able to fix your file. Click OK to run the Inbox Repair Tool.”

Microsoft lists this known issue as being caused by the June 2020 updates on a support page with fixes and workarounds for recent issues affecting Outlook for PC.

After Outlook users click the “OK” button, the Inbox Repair Tool launches and walks them through the repair process. The next step is to reboot the computer to apply the fixes and, hopefully, have the issue resolved but, instead, Outlook will again display the same error.

No fix yet, workaround available
Microsoft says that an official fix is not yet available for customers using stable Outlook versions after updating to version 2005 Build 12827.20268 or later, however, an initial fix is being tested by users of Outlook Insider Beta version 13004.10000.
“The Outlook Team is investigating this issue with the Windows Team,” the support article reads. “We are not sure yet if the primary fix will come from Outlook or Windows. When we have more information on fix details we will add them here.”

Microsoft does provide a workaround that should make Outlook usable again for all users and it requires modifying the registry by deleting a number of keys related to the PST document format.

Another issue preventing Outlook and other Windows 10 programs from launching was fixed by Avast on June 13 after Avast and AVG security applications inadvertently set registry keys blocking executables from running on Windows 10 versions 2004, 1909, and 1903.

Earlier this month, Microsoft also issued the KB4484398 Microsoft Office non-security update to address an issue causing sporadic crashes in Outlook 2016 and shared folders to disappear from Favorites when customers started Outlook in an offline state.

In mid-May, Redmond also started rolling out a fix for Outlook search issues affecting clients updated to versions 2004 12730.20236 and 2004 12730.20250.

Economic Substance Regulation (ESR) in the U.A.E. ask Synergy Software Systems

June 16th, 2020

Existing companies should have complied with the regulations by now, since the starting date was 30th April 2019.

(If an entity fails to meet the requirements or if inaccurate information is given to the regulatory authority, annual administrative penalties of AED 10,000 to AED 300,000 will apply. If they fail to meet the requirements for consecutive years, the penalties will increase and might force the authorities to suspend, revoke or deny renewal of an entity’s license.)

(In the case of new entities, regulations must be complied with upon receiving its trade license.)

This legislation (collectively, referred to as the “Economic Substance Regulations“) were issued in response to the UAE’s inclusion in the European Union’s list of non-cooperative jurisdictions for tax purposes, and their aim is to facilitate tax transparency and fair tax competition in the UAE’ The Economic Substance Regulations apply to natural or juridical (legal) persons, including all UAE onshore and free zone companies, branches, foundations, non-profit organisations and partnerships (referred to as “Licensees“) that carry out one or more of the following “Relevant Activities” in the UAE -see below for the details. With the introduction of ESR, UAE has been removed from the blacklist of tax havens.

BEPS [Base Erosion Profit Shifting)] Base Erosion Profit Shifting directives are regulations issued by the Organization for Economic Cooperation and Development [OECD] to combat corporate policies for Tax Planning which would shift the profits of companies from low tax rate jurisdictions to high tax jurisdictions. Thus “eroding” the tax base in high tax jurisdictions.

The appropriate regulatory authority varies depending on the type of Relevant Activity and the location in which it is undertaken. Each regulatory authority will set out the form of the reports to be filed and the mechanisms for submitting such forms.

What is the economic substance test?
The economic substance test requires a Licensee to demonstrate that:
• the Licensee and the Relevant Activity are being directed and managed in the UAE;
• the relevant Core Income Generating Activities (“CIGAs“) are being conducted in the UAE; and
• the Licensee has an adequate number of employees and adequate physical assets and expenditure in the UAE.

Licensees carrying out a holding company business or a high risk IP business are subject to different economic substance test requirements.

See: https://www.mof.gov.ae/en/StrategicPartnerships/Pages/ESR.aspx for some useful documents including a flow chart.

The Regulations require UAE onshore and free zone companies and other UAE business forms that carry out any of the “Relevant Activities” listed below to maintain an adequate “economic presence” in the UAE relative to the activities they undertake.

Relevant Activities:
• Banking Business
• Insurance Business
• Investment Fund management Business
• Lease – Finance Business
• Headquarters Business
• Shipping Business
• Holding Company Business
• Intellectual property Business (“IP”)
• Distribution and Service Centre Business

The Regulations provide a definition to each of the above Activities. The provisions of the Regulations shall not apply to Companies in which the Federal Government of the UAE or the Government of any Emirate of the UAE, or any governmental authority or body or any of them has at least 51% direct or indirect ownership in their share capital.

Entities that are governed by the Regulations will need to submit a notification to their Regulatory Authority (defined under Cabinet Decision No (58) of 2019 issued on 4 September 2019) from 1 January 2020 onwards, and prepare and submit to the same Regulatory Authority an economic substance declaration within 12 months from the end of their financial year (e.g. 31 December 2020 for entities with a financial year ending 31 December 2019).

An entity is not required to meet the economic substance test and file an economic substance declaration for any financial period in which it has not earned income from a Relevant Activity. Failure by an entity to comply with the Regulations shall result in administrative penalties, spontaneous exchange of information with the Foreign Competent Authority (as defined in Article 1 of the Regulations), and potential suspension, revocation or non-renewal of its registration.

In the DIFC, the ESR will be administered by the Registrar of Companies (“Registrar”) for all DIFC entities, including entities that are regulated by the DFSA. Key points to note about ESR and how to prepare your business for it :
1. All DIFC entities are required to submit an economic substance notification by 30 June 2020 in the DIFC Client Portal
2. The UAE Ministry of Finance has issued a Relevant Activities Guide which should assist you in determining whether your business conducts a relevant activity and falls within the scope of the ESR.
3. Your business may also be required to file an economic substance return (“ES Return”), within 12 months of your financial year end, to demonstrate that your business meets the ESR requirements. Information relating to the ES Return will be issued in the second half of 2020.

There is a requirement for a business to use the “Substance over Form” approach when evaluating whether they undertake a relevant activity or not. This means that companies will not only be evaluated on what activities are stated on their commercial license but their activities will be evaluated and ESR applied accordingly.

It is not a requirement that a UAE entity is directly engaged in the performance of a relevant activity directly. When an entity is earning income passively from a relevant activity, it will be sufficient for the application of Economic Substance Regulations [ESR].All Entities which assess that they are involved in the performance of a Relevant Activity will carry out the Economic Substance Test for Economic Substance Regulations [ESR].

The Economic Substance is composed of two parts:
1. The Direct and Managed Test:
The Entity needs to be directed and managed in the UAE with regards to the relevant activity carried out in the Emirates.

2. The Core Income Generated Activities Test [CIGA]:
1. The Entity that performs the relevant activities for the purpose of application of Economic Substance Regulations [ESR], need to demonstrate that the CIGA’s are undertaken in the UAE.The activity which constitutes as a CIGA varies with the activity being performed.

The Entities which exist in the United Arab Emirates and carry out relevant activities within its jurisdiction need to follow certainly and comply with certain reporting requirements. The entities will be required to submit an annual notice to their Regulatory Authority indicating that they are carrying out a Relevant Activity in the preceding Financial Year and whether there has been any Income from the Relevant activity that has been subject to Taxation outside the United Arab Emirates.

UAE entities that qualify for an exemption from the Economic Substance Regulations, or those that did not earn any income from their Relevant Activities will still be required to file a notification with the Relevant Authority.

UAE Entities which qualify for submission of notification, and those that earned any income from the same, will also be required to file an Annual Economic Substance Return. The purpose of the Return is to make an assessment of the requirements of economic substance regulations are met, the income earned, qualifications of the staff involved, and information about the premises and other assets used in carrying out the relevant activity.

What are the Penalties for Non-Compliance of [ESR]?
In addition to an exchange of information by the UAE with countries which are a member of Organization for Economic Cooperation and Development [OECD] to remove the possibility of Base Erosion and Profit Shifting, failure to comply will cause the levy of administrative penalties not less than 10,000 AED and not more than 50,000 AED for failure to comply for the first year. In case of failure to comply with ESR, the minimum amount of penalty will be increased to 50,000 AED and the maximum amount to 300,000 AED. In addition to this, additional penalties, such as suspending, revocation of UAE Trade License may also be levied.

Security, Agile and DevOps

June 13th, 2020

As we move to an era of no code citizen developers there is increasing risk that security remains an afterthought when organizations are building software. The latest Verizon threat report identified that web application attacks have doubled, and that cloud-based data is under attack. The surge in web app security breaches in 2019 further solidifies that ‘crowd funded’ testing is no substitute for proper QA. The whole agile /DevSecOps approach has done much to improve user feedback to developers to improve the functionality and speed to market of business solutions, but informal end user tests alone are not sufficient where security is concerned,

With the rush to embrace digital services, organizations are too often focused on the speed of release rather than on the quality of services. To accelerate the pace of digital transformation, security must be a fundamental part of software development. To develop code faster, you should also identify vulnerabilities sooner. Otherwise, you run the risk of DevOps, simply creating software with vulnerabilities, more quickly.Embed security within all aspects of your software deign and development process rather than expect it to be bolted on as an afterthought. The threat is real sophisticated and growing. Criminals also use automation and Machine intelligence to identify and to attack vulnerabilities faster.

Attackers recently hijacked powerful machine-learning clusters inside Microsoft’s Azure cloud-computing service so that they could mine cryptocurrency at the expense of the customers who rented services. The nodes, which were misconfigured by customers, made the perfect target for so-called cryptojacking schemes. Machine-learning tasks typically require vast amounts of computing resources. By redirecting thsoe to perform the compute-intensive workloads required to mine digital coins, the attackers found a means to generate large amounts of currency at little, or no cost.

The infected clusters were running Kubeflow, an open source framework for machine-learning applications in Kubernetes, which is itself an open source platform for deploying scalable applications across large numbers of computers. Microsoft said compromised clusters it discovered numbered in the “tens.” Many of those ran an image available from a public repository, apparently to save users the hassle of creating one themselves. Upon further inspection, Microsoft investigators discovered it contained code that surreptitiously mined the Monero cryptocurrency.

After finding the infected clusters, investigators turned their attention to how the machines were compromised. For security, the dashboard that allows administrators to control Kubeflow is, by default, accessible only through istio ingress, a gateway that’s typically located at the edge of the cluster network. The default setting prevents people across the Internet from accessing the dashboard and making unauthorized changes to the cluster.

This week Yossi Weizman, a security-research software engineer in the Azure Security Center, said : “We believe that some users chose to do it for convenience. Without this action, accessing the dashboard requires tunneling through the Kubernetes API server and isn’t direct. By exposing the Service to the Internet, users can access the dashboard directly. However, this operation enables insecure access to the Kubeflow dashboard, which allows anyone to perform operations in Kubeflow, including deploying new containers in the cluster.”

Once attackers have access to the dashboard, they have multiple options for deploying backdoored containers in the cluster. For instance, attackers can create what’s known as a Jupyter Notebook server that runs on the cluster. They can then place a malicious image inside of the Jupyter Notebook. If a Jupyter Notebook is already installed, it can be maliciously modified.
Weizman wrote.:” Azure Security Center has detected multiple campaigns against Kubernetes clusters in the past that have a similar access vector: an exposed service to the Internet. However, this is the first time that we have identified an attack that targets Kubeflow environments specifically.”

SnapLogic May 2020 many enhancements – ask Synergy Software Systems

May 14th, 2020

We are thrilled to announce the general availability of the May 2020 release of the SnapLogic Intelligent Integration Platform (IIP).

New Iris artificial intelligence (AI) innovations within this release allow you to build painless integrations, increase collaboration within your organization with new Stickies, and automate workflows with new SAP S/4HANA Snaps, among many more.

New Mask Snap, powered by Iris AI: Simplify data masking!

As you work with a variety of data in your dev and test environments, it is always good practice to shield and protect sensitive information. Masking sensitive or personally identifiable information such as: social security numbers (SSN), email addresses, names, street addresses, and birthdates is easy with our new Mask Snap.

With the Mask Snap, Iris AI is embedded in every step :
- suggestions on the fields you should mask,
- recommended search mode,
- recommended match mode,
- recommended masking options

You can remove or mask fields, and it works with all data types, including highly-nested JSON.

We continue to enhance our industry-leading AI technology to make it easy for you to build integrations and automations, easily and painlessly. With the new May 2020 release, as you are configuring a database or an application Snap, Iris AI now provides configuration recommendations such as schema name, object name. To provide these recommendations, Iris employs over five years of metadata information and usage patterns to intelligently determine the most commonly used schemas and objects in your organization.

From source to destination, Iris AI continues to simplify schema mappings – map even complex schemas in minutes. With the May 2020 release, Iris now provides target recommendations in Mapper for exact matches between source and destination schemas.

Boost collaboration with peers using Stickies!
SnapLogic customers who have previewed our May 2020 release have embraced our new Stickies feature with great enthusiasm. Stickies enables better collaboration and documentation of your pipeline building efforts. Stickies allow you to create and post notes on the Designer canvas to annotate different parts of the pipeline and document the workings of a pipeline in detail.
Stickies provide a great collaboration tool between IT teams, who might create pipelines, and business teams, who might want to customize and run pipelines based on their specific needs.

Stickies reside at the pipeline level, thus, they complement the Snap level ‘note’ feature already present in the platform. Additionally, Stickies are part of a pipeline’s metadata – export stickies along with your pipelines.

Deeper operational insights with Insights dashboard and task monitoring

In the May 2020 release, to provide you with trends data on operational parameters and task level insights into your SnapLogic deployment, there are significant updates to the Dashboard tab.

USe the enhanced Insights tab to improve operational efficiency with a view of historic usage and trends across key performance indicators (KPIs) such as :
- documents processed,
- pipeline executions,
-Snap executions, etc.

Filter these KPIs by specific criteria and personalize the view stohave the most relevant visualizations at the top.

The May 2020 release introduces a new tab, called ‘Task’, to provide a task level view of your SnapLogic deployment. Monitor the performance and health of your tasks and drill down into historical information to identify where certain tasks are failing or underperforming. Significantly improve your efficiency as you troubleshoot the root cause of a dip in performance or failure.

Automate your customer journey with new SAP S/4HANA Snap Pack

Another key update in the May 2020 release is the new SAP S/4HANA Snap Pack. SAP S/4HANA, is a modern enterprise resource planning (ERP) system that leverages SAP HANA, an in-memory database. Here are a few key use cases k:

- Order-to-Cash from Salesforce to SAP S/4HANA
- Real-time inventory management from databases to SAP S/4HANA
- Advanced financial planning with data from SAP S/4HANA to Anaplan
- Managing and engaging talent with automations across Workday and SAP S/4 HANA
- Managing organizational spend across Coupa or SAP Ariba and SAP S/4HANA

The SAP S/4HANA Snap Pack provides Create, Delete, Read, and Update Snaps and massively simplifies data modeling as you build automated business processes to connect SAP S/4HANA with other systems.

Build a single source of truth for your customer profile data inAdobe Experience Platform

We have updated the Adobe Experience Platform,( previously referred to as Adobe Cloud Platform Snap Pack). Use it as the single source of truth for your customer profile data. Update and maintain customer data in real-time to power accurate, up-to-the-moment, insights for your sales, marketing, and support teams. This Snap Pack update consists of a Write Snap, an S3 connector, and an AEP File Generator to leverage the capabilities of the Adobe Experience Platform and eliminate data silos for your customer profile data.

Connect with other Snap updates with confidence

Cassandra Snap Pack: now updated to support v3, with an updated JDBC driver
Snowflake Snap Pack: updated to JDBC driver version 3.12.3.
ServiceNow Snaps: now certified against Madrid, Orlando, and New York versions.
Oracle Snaps now supports version 19c.

SnapLogic eXtreme enhancements

Offering enhanced account encryption and cross-account IAM roles, SnapLogic eXtreme gets a big security boost with this release. These two new enhancements help your organization improve its security posture while delegating access to AWS EMR resources that SnapLogic eXtreme leverages to execute Spark-based pipelines.

Enhanced Account Encryption leverages Amazon KMS asymmetric keys– you no longer need to put in the secret key associated with your account in the SnapLogic UI.

Cross-Account IAM Role enables SnapLogic to assume an authorized role for the purpose of managing the lifecycle of Amazon EMR clusters that run Spark mode data transformations, so you don’t have to do it..

SnapLogic eXtreme is broadly applicable with support for any JDBC compliant data store.

Use a Spark mode pipeline to read from or to write to any JDBC compliant database.

Important for big data workloads – no longer need to use a data lake like S3 for staging.