Guys, the things that you are hearing from these third party vendors is not true. They are trying to make Reynolds sound like the bad guys here. Why doesn't anybody ask them what data they are pulling from their system, what they do with that data, and what their data security is like? Just google ADP data security breach and you'll see. ADP has aggressively gone out and bashed Reynolds on this because Integralink & DMI (ADP owned) have been affected the most. They are data brokers! Reynolds is liable for the data security of their dealerships which means they can get sued if one of their dealerships have a breach in security. Dealers can give away their data all they want, but Reynolds does not allow it to be taken from the server. If you have a dealership that is affected by this, just set up a pc that runs the reports and allow the 3rd party to pull the data from the pc rather than the server. It costs nothing and the Reynolds TAC will help you set it up. Don't be fooled by what these third party vendors are saying and start holding them accountable why they are not as concerned about the security of your data!!
Is Reynolds up to no good???
- Thread starter kevinfrye
- Start date
Hi Kirch
I don't think you "get" what the Third parties are complaining about here. YOur solution is to set up a workstation to automatically pull the reports and then have the data accessed there - Why? It makes no sense. (and I will tell you why)
Reynolds started by enforcing password complexity and expirys in an effort to (on the surface) maintain better security of the data housed in the DMS. Ultimately what they did with this is to make it more laborious and complex to automate simple data downloads by third parties. But it was seen as a logical security enhancement and nobody could say much. Months later they instituted captchas that required human intervention to proceed- this was blatantly targetted to third party data scrapes. Most recently they have introduced logic to lock out accounts that appeared to be used by third parties automatically on the dealers behalf, to ensure that there is no "unauthorized downloads of data"- again a blatant attack on third party downloads. Hell they dont even deny it, i am not sure why you do.
Now to your comment about downloading the data to workstation- all of the previous things i mentioned means that even a DEALER cant automate data dumps flawlessly, most do not have the infrastructure or appetite to manage a task requiring so much intervention themselves. It is not the connectivity to the server that is the issue, its the blatant attempts to cripple valid third parties that is.
"To gain some understanding of the IP threat facing dealers and some of the factors that contribute to that threat an arbitrary time period of one month was selected, and the intrusion and attack information was complied and analyzed. In the 30-day period, an average of 4,800 attacks was recorded at the dealers with business-class T1 Internet access services. Where cable or residential-class DSL circuits are used, this average increased to 11,000 attacks in the same 30-day period (An attack is defined as any Internet traffic attempting to enter the dealership's network which was not specifically invited by an application, such as a web browser)" (GM Dealer IT).
If a dealer can't call the help center and get walked through the process of building a report then how can you argue that they could possibly know what information they are giving out and to who when they give access to their server? It only takes 1 lawsuit to understand the importance of data security. If your dealership pays $20 a month for a third party vendor's service how much security do they possibly have? What is stopping hackers to hack into their systems and then into yours? It is time to make these vendors responsible. Google "ADP data security breach", and you will see that a big company like ADP wasn't able to prevent it. What did the recent security breach do to Sony? Only cost them a billion dollars. Congratualtions to Reynolds for taking the initiative to shut down potential threats to their customers. The only thing I disagree with is the way the program was roled out. Dealers weren't notified properly which caused disruptions to their business. Overall, the system's security is up to accounting standards which is important for dealerships with so much sensitive information. Go to any accounting firm and check to see if they leave their computers running without any automatic log off.
If a dealer can't call the help center and get walked through the process of building a report then how can you argue that they could possibly know what information they are giving out and to who when they give access to their server? It only takes 1 lawsuit to understand the importance of data security. If your dealership pays $20 a month for a third party vendor's service how much security do they possibly have? What is stopping hackers to hack into their systems and then into yours? It is time to make these vendors responsible. Google "ADP data security breach", and you will see that a big company like ADP wasn't able to prevent it. What did the recent security breach do to Sony? Only cost them a billion dollars. Congratualtions to Reynolds for taking the initiative to shut down potential threats to their customers. The only thing I disagree with is the way the program was roled out. Dealers weren't notified properly which caused disruptions to their business. Overall, the system's security is up to accounting standards which is important for dealerships with so much sensitive information. Go to any accounting firm and check to see if they leave their computers running without any automatic log off.
I couldn't resist. I searched "ADP data security breach" which returned a bunch of links -but none had any mention of a dealership or a DMS being affected in any way.
???????
???????
Last edited:
- Apr 29, 2011
- 505
- 262
- Awards
- 7
- First Name
- Chris
Why doesn't Reynolds get with the times and offer an API for third parties? That's what the rest of the world is doing these days...
Are you trying to say that offering a free API would be business suicide for ReyRey?
I have no knowledge if it is or isn't business suicide.
I'm merely stating that just because "That's what the rest of the world is doing these days..." doesn't make it the correct, proper, best or only way to do things.
I'm merely stating that just because "That's what the rest of the world is doing these days..." doesn't make it the correct, proper, best or only way to do things.
For starters it is painfully obvious you are on the outside looking in, or are a current R&R employee.
Ill bite and address your points however, if for no other reason than to clarify the issues for future visitors to this thread.
YOur first quote is non sensical, I am not sure what it is you are trying to convey with the quote. Dealership network security is a completely separate issue compared to data sharing with a valid third party via report automation. 10 years ago, using query builder, report scheduler and a secure sql connector via tunnel I was able to offer dealerships a tidy method of keeping their websites current and up to date from an inventory perspective. Keep in mind this was at a time when all traffic between client and server on the ERA side was unencrypted and plain text. my point here is that as an outside contractor i was actually providing a MORE secure method of data transmission, even though it was "only" lightweight inventory data. It wasnt until the past year or so that Reynolds got serious about security within the store from a client/server perspective (after they had already instituted the aforementioned "dealer security enhancements". At any rate, network security is serious, but hardly complicated, and fortunately for dealers, the technology to have effective firewalls (which support thrid party VPN's no less) are cheap and readily available.
Huh? Who said dealers can call a help center to get a report? As i mentioned above, there are a LOT of services that offer inventory synchronization to websites and inventory management solutions. The report or query to provide inventory data is simple to create (and should only be required once) and furthermore , thanks to the USER SECURITY built into the reynolds admin system ONLY allows access to the menus for creating the report as well as only allowing access to the Inventory file. Are you familiar with the Reynolds file system? It doesnt appear that you are. I cannot access meaningful deal or accounting information if I have been set up with access to the UVinventory file.
Ah the hacker angle. I can assure you, that if I desired, I could gain access to a DMS about 50 different ways easier than "hacking" a third party to gain unauthorized access to a dealer's network. Most stores offer wireless internet (as i am sure you know there is no such thing as secure wireless, its a bit like a cheap lock, it keeps out the honest folks)
Again, keep perspective that the routine data extractions are typically inventory files-not exactly fodder for a billion dollar lawsuit.
Do not fool yourself, while Reynolds does take an active interest in data security, the bulk of their actions on this front are ADMITTEDLY (by them) to restrict dealers activities with third party applications- they obviously prefer to get paid to alow dealers access to the data they own.
To summarize, data security is an important issue, but it should not become an excuse for shutting out third-parties.
You are right!. The last time I visited an accounting firm, they had everything locked down. Every system had a unique password with a 5 minute timeout on the screen saver (Automatic Log off was not a good option as it consistently lost work in progress). Nobody had access to anything that wasn't specifically required for their job. The managers affirmed that "If an employee doesn't need something, the don't have access to it. Period."
I noticed they had something else in place: A way to electronically access and exchange information directly with more than 3000 clients at any time, in any format which they and the client can arrange.
Risky? What would a bunch of accountants know? Go figure.
