May-June issue: How companies and authorities exchange data securely
Most businesses today are digitally managed. Enterprise resource planning (ERP) systems are used to control entrepreneurial and operational processes. Optimally, many business processes can be automated. However, a prerequisite for this is also a data exchange with other companies as well as insurance companies and authorities without media discontinuity. Ideally, this task can be taken over directly by the ERP system by communicating directly with the partner systems via machine-to-machine (M2M) communication. A functioning example of electronic data exchange is the central information platform operated by the Swissdec association, which already enables the fully electronic transmission of wage data within the framework of the “Lohnstandard-CH (ELM) “. In 2018, more than 16.5 million employee salary data were transmitted between approximately 200,000 companies and their insurers or competent authorities. The security requirements for electronic data exchange will become even higher, as sensitive data (e.g. information on accident reports) will also be transmitted to the insurance companies in the future. Thus, the transmission channel must be secured both at the transport level and at the message level (confidentiality protection). In addition, it is also important to ensure the authenticity of the exchanged messages, as well as their traceability and binding nature. This can only be achieved through reliable authentication of all partners involved (companies, insurers and authorities). The company authentication used for this purpose includes the processes for identifying the companies and issuing company certificates, with which the automated exchange of data can be made more secure and, above all, traceable. In this issue, in addition to technical contributions on secure data exchange and corporate authentication, there are also contributions from members of the eAHV-IV and Swissdec associations that address the necessity and challenges of secure communication with companies. I wish you an exciting read.