enterprise suite of software solutions midwest users ......your needs, ensuring you can handle any...
TRANSCRIPT
Enterprise suite of software solutions
Midwest Users ConferenceSeptember 24 – 25, 2015
Justin Cox, Patty Holton, Nell W. McCauley & LeAyn Walton
Our History
In the early 1970’s SEDC, then known as Southeastern Data Cooperative, was formed as a cooperative corporation for the benefit of its member-owners. SEDC was created with the goal of developing computerized billing and capital credits systems.
There were 19 member cooperatives when SEDC opened for business.
We are proud to boast that all are still with us.
What is SEDC?
SEDC is an enterprise solutions company and industry leader in accounting, engineering, and operations services in our utility software solutions. It is governed by a board of directors.
We currently serve utilities in more than 35 states.
Engineering Services
A Total Enterprise Solution
UPNMobile Work
Force Management
Financial Services
Payroll Billing
Printing
And much more!
Our Innovations • First Real-Time Online Payment Transaction Portal
• First Integrated Real-Time Cash Register
• First Automated Imaging, Independent of Manual Scanning
• First Virtualized Oracle Enterprise Database Environment
• First Mobile App for Consumers
• First Cloud-Based Hardware Independent IVR
• First True Data Analytics & Data Blending
• First Fully Integrated, Real-Time Mobile Workforce Suite
• First Rules-Based Automation Engine
• First with 100% Database Encryption
Our VisionWe will continually advance the utilities’ ability to meet the changing
future by leveraging technologies so our customers can better manage their businesses.
•SEDC solves issues, prevents new ones, and provides support
•We take pride in providing exceptional support to our utilities
Confidential and Proprietary SEDC ©2015
Regard SEDC as an extension of your staff
SEDC CEO R.B. Sloan
How can we serve you?• Field Implementation Group (FIG) - Implement our software to new
customers
• Product Support (PS) - Answer customer software questions and write fix work orders• Billing Product Support | Accounting Product Support
• General Application
• Billing
• Technical Support (TS) - Answer customer technical questions and write fix work orders• Networking
• Systems
• Financial Services - Develop and maintain financial transaction integrity • Lockbox
• Convenience Fees
• Credit Card or E-Check
How can we serve you?• District Sales Managers - Obtain new SEDC customers or discuss new products available
in UPN
• Territory Managers - Customer advocates to help customers better utilize the system
• Marketing - Maintain SEDC website, create newsletters, assist with User Conferences
• Technical Documentation - Create and maintain all technical documents and design and conduct training both internally and externally
• Interface Group - Design and support applications related to interfaces
• Mobile Workforce
• Mobile App
• MDM
• Design - Develop ideas and write specifications for new development
• Programming (PG) - Programs the code based on specifications
• Quality Control (QC)/Software Quality Assurance (SQA) - Test the software for integrity
New or upcoming solutions independent of the Version 36 release
AutoCue IVRIVR Without the Hassle.
No hardware to purchase, no infrastructure to maintain, and no long term commitments. Pay for actual usage instead of paying a set fee every month.
No Busy Signal.SaaS, or “Software as a Service,” means your IVR service will scale to your needs, ensuring you can handle any amount of voice traffic with no delay, no dropped calls, and no busy signal. Your customers won’t notice, but that’s the point!
Voice to Text.Revolutionary. Give your customers the option of interacting with your IVR system via text, using the same prompts, questions and options as the voice option. And every interaction is safe and secure, protecting your customer’s information with SSL encryption.
AutoCue IVR• Is a cloud-based IVR solution
that you can manage
• Can coexist with your PBX (internal phone system)
• Supports unlimited inbound calls (if members dial in directly to the IVR system)
• Is secure (HTTPS, no logging of sensitive data, hashing algorithm)
• Has failover capability
• Make secure payments using Credit Card, Credit Card profile, or E-Check profile.
• Get extensive account information
• Request a payment arrangement
• Report an outage
• Select a language (English or Spanish)
• Transfer to an operator
• Switch to text messaging
How can you get started?
1. Contact Conner Buckley, Solutions Consultant or your Territory Manger to get the process started.
2. Fill out a short questionaire
3. Schedule deployment
4. Determine if this will be done remotely or on site
It’s that easy!
ReportIQ
Dig deep into your data to truly capitalize on the information
available.
Generate your data quickly, understand it easily, and
customize it exactly the way you want to see it.
Create your own custom analytics.
Use ReportIQ’s unlimited options to see patterns, identify
trends, and discover visual insights in seconds.
Reporting Made Easy
Your connectionto the entire SEDC community
• Customer ForumsConnect with other SEDC software users, exchange tips and solutions, share best practices.• Virtual help deskView knowledgebase articles, look up case solutions, and find fixes or work-arounds for existing issues.• Idea ExchangeHave ideas for new functionality or a software enhancement?Submit your idea and let the community weigh in!• Customer-reported issuesSee what other users have reported and determine if the circumstances of the issue affect your utility.
Our Team
Training Methodologies
Based on pilot customer feedback; cost effective, no travel expenses, yet still personal connection and experience of the instructor and other participants
Webinars
Some people prefer learning in person; may be able to accomplish a certification in one trip
Training Center
Training Methodologies
Customers can leverage time & cost of meetings by also taking courses towards their certifications
Regional Training
Convenient, flexible, and cost effectiveE-Learning
PCI and Cyber Security
http://map.norsecorp.com/
What is SEDC doing to make UPN PCI
compliant?
PCI and SEDC,a historical perspective
• Started as a “Level 3 Merchant” and the only “Merchant of Record” for all its utility customers
• Grew to become a “Level I Service Provider”
PCI Required Utility Responsibility
• Quarterly Network Scans from a qualified scanning vendor
• Fill out their Self-Assessment questionnaire (SAQ)
• Annual Penetration Test if applicable based on SAQ Results
• If you take credit cards in any form, then you are in scope and complying with PCI is now as far as anyone can see, as certain as death and taxes.
• There are broader cyber security issues at stake that PCI helps address.
Why Mandatory?
When is SEDC Requiring this?
• Currently, no deadline has been set.
• However, the expectation is that ALL of SEDC’s utilities start as soon as possible.
• Putting this into your 2016 budget should be viewed as mandatory.
A PCI Prioritized Approachhttps://www.pcisecuritystandards.org/documents/Prioritized_Approach_for_PCI_DSS_v3-1.pdf
Homeland Security Justice State Labor
Energy Defense Commerce Personnel Mgmt.
EPA Federal Reserve Food & Drug
THE STATE OF U.S. CYBERSECURITY:Private Sector Hacks in 2014
SEDC’s Secure Payment Gateway
• SEDC is a Service Provider
– PCI DSS-compliant
– PCI-DSS Report On Compliance (ROC)
– Annual On-Site PCI Data Security Assessment
– Quarterly Network Scan by an Approved Scanning Vendor (ASV)
– Annual Penetration Testing
• Transparent data encryption (TDE)
– Entire Database
– Logfiles
– Database Backups
– Database Exports
• Encryption key management
How will SEDC better protect your data? Advanced Security
Advanced Security
•All data encrypted by Oracle Wallet (keystore)
•All access is authorized via the key store
•Algorithm of choice is AES-256
What is required for Advanced Security?
•Version 36 must be installed
•Maintenance window to encrypt data
- It takes approx. 1 hour to encrypt 10 GB of data
• One time cost– Advanced Security module: $8,000
– Configuration fee: $2,000 - $3,000 (< 50k meters = $2,000;
> 50k = $3,000)
• Annual costs– Advanced Security Oracle Support: $2,000
Who to contact? Connor BuckleySolutions [email protected](770) 414-8400 – Ext. 2846
Advanced Security Pricing
How will SEDC better protect your data? Tokenization
• SEDC’s secure payment gateway will be receiving an upgrade
• Key components of the payment gateway upgrade include Tokenization (data at rest protection)
– Tokenization replaced actual card data with a unique ID
– Protects data at rest and in reoccurring transactions
– Effectively reduces PCI scope
SEDC’s Strategic Partner and Trusted Advisor- Elavon
PCI Compliance Manager by Elavon
• PCI Compliance Manager Portal
• External scan to find and fix vulnerabilities
• Self-Assessment Questionnaire (SAQ)
SEDC’s Trusted Advisor: Sunera
• PCI Gap Analysis
• ASV Scanning (Approved Scanning Vendor)
• Penetration Testing
•Procure some level of cyber liability insurance.
- Lockton- McGriff, Seibels & Williams, Inc.- Rural Federated Insurance
Recommended Utility Responsibility
Cybersecurity Insurance Trusted Advisors:
• http://www.federatedrural.coop
• http://www.lockton.com
• http://www.mcgriff.com/detail.cfm?id=138
Cybersecurity Insurance
Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage.
http://www.dhs.gov/cybersecurity-insurance
EMV
• EMV Card Processing-Fraud prevention tool to validate the authenticity of a credit card in a card present environment (cash register)
• EMV does NOT apply to card not present transactions (Portal, SmartApps, UPN Inquiry, IVR, credit card draft, Auto Pay, or RPS)
• The liability shift on counterfeit card chargebacks originates from a face-to-face transaction (this type of fraud does not exist in our market today)
• SEDC will provide EMV capable devices in the next 12 – 24 months
EMV
SEDC Response Time to Vulnerabilities
Heartbleed Threat: On 4/15/14 LogMeIn announced they were vulnerable to a “man-in-the-middle” attack stemming from Heartbleed exploit.Remediation: SEDC followed LogMeIn remediation steps by changing all passwords on all windows logins on 4/17/15
ShellShock Threat: On 9/24/15 a vulnerability was discovered in BASH shell used on our Linux based systems.Remediation: SEDC made the patch available to its members on 9/26/15 following internal testing.
Poodle SSL 3.0 Threat: On 10/14/14 Google discovered a critical vulnerability in SSL Version 3.0 called POODLE (Padding Oracle On Downgraded Legacy Encryption)Remediation: SEDC Technical Services disable SSL 3.0 cipher suite on 10/23/14
Microsoft Vulnerability Threat: On 11/11/14 Schannel Protocol and Windows Object Linking and Embedding (OLE)Remediation: On 11/13/14 SEDC Technical Services applied windows updates to all customer servers to remediate the issue.
Ghost vulnerability Threat: On 1/27/15 Qualys reported a critical vulnerability named GHOST in the Linux glibc library which could allow an attacker to take control of a system remotelyRemediation: On 1/29/15 SEDC Technical Services made the patch available to all customer UPN and MDM database servers following internal testing.
HTTP.sys Threat: On 4/14/15 Microsoft announced a vulnerability in HTTP.sys Could Allow Remote Code ExecutionRemediation: On 4/18/15 SEDC Technical Services applied windows updates to all customer windows servers to remediate the issueMicrosoft Font Driver Threat: On 7/20/15 Microsoft announced a vulnerability in Microsoft Font Driver that could allow Remote Code ExecutionRemediation: On 7/21/15 SEDC Technical Services applied windows updates to all customer windows servers to remediate the issue
DHS Resources
• http://www.dhs.gov/about-critical-infrastructure-cyber-community-c%C2%B3-voluntary-program
• https://www.us-cert.gov/ccubedvp
• http://www.nist.gov/cyberframework/index.cfm
• Educate yourself:https://www.pcisecuritystandards.org
• General PCI Questions770-414-8400 option 5
• Pick Up Sunera, Elavon, and McGriff Flyers
Additional Information
Your Territory Manager
Purpose and Responsibilities
Territory Manager Mission Statement
As Relationship Managers, we are alink to coordinate the successful utilization
of our software solutions.
We want to help you capitalize on your investment and use the software to its fullest.
What is our Purpose?
•To be an advocate or liaison for our customers – we are your ‘go to’ team.
•To answer questions, provide information or coordinate quotes on new products.
•To keep you informed of new features, events, functionality, and announcements at SEDC.
Your TM’s objective during their visit•To assist with coordinating training, meetings, identifying whom to contact.
•To provide hands-on service and guide you through the process of setting up and turning on certain features.
•To discuss in detail the many functions and features available within the system that you may not be aware are available or how to utilize them.
Email:
to reach ALL
Territory Managers
How to contact your Territory Manager
How to contact your Territory Manager
http://sedata.com login
• Service Area
• Phone numbers
How to contact your Territory Manager
Connect with us on LinkedIn
Follow us on Twitter
How to contact your Territory Manager
The Bridge will
soon be your
connection to
SEDC and
the Territory Managers.
We are here to serve you!
Character and commitment…your customer advocates.