GXS bolsters security for Internet EDI services

GE Global eXchange Services, last week, enhanced security support for its Internet-based e-commerce services, which allow companies to exchange documents with trading partners over the Internet.

GXS is adding support for Secure FTP and Applicability Standard 2 (AS2) to its Internet electronic data interchange (EDI) services. The two protocols provide security comparable to private transaction networks, such as a value-added network (VAN) or VPN, but use the public Internet to send and receive data, the company says.

A draft IETF standard, AS2 uses digital certificates to lock documents. “It’s ideal because the document can go through multiple servers, and service providers can handle it, and you never doubt the security of it,” says John Radko, GXS’s chief architect. It goes through proxies and through firewalls very easily, he adds.

Whereas AS2 encrypts a document, Secure FTP encrypts the Internet connection over which the document is sent, “much like a browser encrypts your connection to a storefront when you’re entering a credit card,” Radko says.

The two alternatives offer different advantages. Secure FTP is easier to manage than AS2, which requires a company to manage keys for every trading partner. For its part, AS2 can maintain the security of a document over multiple Internet hops, while Secure FTP is really intended for sending a document directly to a recipient, Radko says.

Gaithersburg, Md. GXS, which is a division of General Electric, has long offered traditional EDI services through a private VAN model. For the last few years, GXS has offered Internet-based EDI services as well.

But its Internet EDI offerings have been somewhat limited. The company offers VPN services, which is a good way to securely connect two end points, but raise interoperability issues, Radko says.

GXS also offers HTML forms-based Internet EDI, but this is not ideal for machine-to-machine communication, Radko says. Forms-based services are geared primarily for smaller companies with low transaction volumes.

The existence of the Secure FTP and AS2 protocols clears the way to doing much larger scale machine-to-machine trading of documents over the Internet, Radko says. “It gives customers a much easier way to come to us over the Internet,” he says.

Today GXS’s network handles 1 billion transactions each year for more than 100,000 trading partners. Straight VAN traffic still overwhelms the Internet traffic, Radko says. But traffic coming via the Internet is on the rise. Last year, the company’s traditional business – machine-to-machine traffic over a VAN – grew 20 percent. During the same period, Internet forms-based EDI traffic grew 100 percent.

Support for the Secure FTP protocol is available now. AS2 support will be available early next quarter. Pricing for services starts at US$249 for set-up plus $99 per month.