Secure external access to Odoo

Tämän kirjallisuustutkimuksena toteutettavan opinnäytetyön tavoitteena on tutkia kuinka Odoo-toiminnanohjausjärjestelmän (ERP) käyttöönotto toteutetaan turvallisesti ulkoisten toimijoiden kanssa. Lisäksi tavoitteena on löytää parhaita käytänteitä, miten ulkoiset käyttäjät liitetään ERP:iin vaarantamatta yrityksen ydintietoa. Työn toimeksiantaja on suomalainen teollisuusalan yritys, jolla on käytössä avoimen lähdekoodin ERP-järjestelmä Odoo. Yrityksessä on tulevaisuudessa vahva tarve laajentaa Odoon toiminnallisuuksia siten, että myös ulkoiset toimijat kuten partnerit, toimittajat sekä asiakkaat saadaan integroitua osaksi yrityksen Odoota. Teoriaosuudessa perehdytään ERP-järjestelmien tarkoitukseen, etuihin ja haittapuoliin sekä eri toimitus- sekä hankintamalleihin. Lisäksi luodaan lyhyt katsaus tietoturvaan, keskittyen etenkin sovellusten ja tietokantojen tietoturvaan. Lisäksi tarkastellaan myös ERP-tietoturvamenetelmiä. ERP:n arkkitehtuurimalli yhdessä sovellus- ja tietokantaturvamekanismien kanssa nähdään ratkaisevaksi tietoturvahaasteisiin vastaamisessa. Kolmitasoinen arkkitehtuurimalli, jota myös Odoo tukee, nähdään turvallisempana ratkaisuna kuin yksi- tai kaksitasoiset mallit. Koska yritykset toimivat tänä päivänä verkostoissa, joissa liiketoimintapartnerit ovat osa ERP-järjestelmää, tarvitaan uudenlaisia tapoja mahdollistamaan pääsy ERP:iin mutta kuitenkin samalla suojaamaan yrityksen ydindataa. Perinteiset ERP-tietoturvamekanismit eivät välttämättä enää riitä. Tarvitaan uusia ratkaisuja, joilla ERP:n turvallinen ulkoinen käyttö voidaan mahdollistaa. Nämä parhaat käytänteet ovat vasta muovautumassa.The aim of this thesis is to investigate based on the literature review that how to implement Odoo enterprise resource planning system (ERP) securely with external connectivity. Additionally, the target was to form an understanding of the best practises available to create the external connections in ERP without risking the core data of the company. The commissioner of this thesis is a manufacturing company in Finland which is using open source ERP called Odoo. In the future there is a strong need to enable connectivity also with external partners meaning that several modules from the same ERP application need to be enabled for external usage. The theory framework is introducing main purpose of ERP systems, its advantages, disadvantages, different delivery models and acquisition options. Information security on high level is introduced with focus on application, database and ERP specific security aspects. The architectural structure of ERPs, together with application and database security mechanisms, are seen crucial to respond to security challenges. The three tier architecture model, supported also by Odoo, is seen more secure than one or two tier models. As companies today are operating over the traditional company borders, secure business partner access to enterprise data is needed. Traditional security methods of ERP have to be re-considered to enable usage also with external connections to fulfil the security needs of companies. It seems that at the moment the best practise security mechanisms for web ERPs are not yet widely established

Marketing Strategy Proposal for a Company Entering the Czech Market

Diplomová práce se zabývá návrhem marketingové strategie slovenské společnosti Shirt Up, s.r.o. pro vstup na český trh. Společnost je malým producentem triček s potiskem a v současné době má zastoupení výhradně na Slovensku. Cílem této práce je připravit možnou marketingovou strategii pro vstup na český trh, která bude vycházet z teoretických základů a analýzy současné situace.The thesis deals with proposal of a marketing strategy for Slovak company Shirt Up, s.r.o. entering the Czech market. The company is a small producer of t-shirts with custom print and currently has presence exclusively in Slovakia. The aim of this paper is to present a possible marketing strategy to enter that will be based on theoretical frameworks and analysis of current situation.

Preparing for the Apocalypse: A Multi-Prong Proposal to Develop Countermeasures for Chemical, Biological, Radiological, and Nuclear Threats

The false alarm of an Hawaiian nuclear attack in January 2018 is an example of the lack of U.S. preparedness for attacks using nuclear and other weapons of mass destruction. To address such threats, this Article proposes the establishment of a nation-wide integrated defense of health countermeasures initiative ( DHCI ), is a multi-prong program to create a defensive triad comprising government, private industry, and academia to develop countermeasures for health threats posed by chemical, biological, radiological, and nuclear ( CBRN ) attacks. Key elements of our multi-faceted proposal include the use of the government’s Other Transaction Authority to simplify procurement arrangements, the establishment of public-private partnerships with an information commons for the sharing and the use of certain information and trusted intermediaries to protect proprietary information pursuant to cooperative research and development agreements ( CRADAs ), and the creation of a network of incubators sited in ecosystems of excellence. Although our proposal focuses on health countermeasures, it may be applied to other urgent national needs, such as rebuilding U.S. infrastructure

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse

Model of Customer Knowledge Level of Moslem Women and Its Impact on Hijab Purchase Decisions in Surabaya Indonesia

The purpose of this study is to prevent further misunderstanding regarding hijab for Moslems in Surabaya, understanding the correct knowledge of hijab will affect hijab manufacturers to produce hijab in accordance with Islamic Shari’a. This research is causal conclusive type with quantitative approach, since it aims to test specific relations. Analytical technique used in this research is logistic regression analysis to reveal the strength of prediction on knowledge level towards hijab purchasing decision. The results that the level of customer knowledge in hijab purchase is still at the level of know-how, which is not yet at the know-why level. Customer’s buying decision of hijab is based on the quality and color of the fabric, then whether the brand is famous or not. Afterwards, customer generally gains more knowledge regarding hijab and prefer hijab that is complying Islamic Shari'a. Keywords Hijab, Moslem Women, Level of Customer Knowledge, Hijab Purchase Decisions

Using crowdsourced geospatial data to aid in nuclear proliferation monitoring

In 2014, a Defense Science Board Task Force was convened in order to assess and explore new technologies that would aid in nuclear proliferation monitoring. One of their recommendations was for the director of National Intelligence to explore ways that crowdsourced geospatial imagery technologies could aid existing governmental efforts. Our research builds directly on this recommendation and provides feedback on some of the most successful examples of crowdsourced geospatial data (CGD). As of 2016, Special Operations Command (SOCOM) has assumed the new role of becoming the primary U.S. agency responsible for counter-proliferation. Historically, this institution has always been reliant upon other organizations for the execution of its myriad of mission sets. SOCOM's unique ability to build relationships makes it particularly suited to the task of harnessing CGD technologies and employing them in the capacity that our research recommends. Furthermore, CGD is a low cost, high impact tool that is already being employed by commercial companies and non-profit groups around the world. By employing CGD, a wider whole-of-government effort can be created that provides a long term, cohesive engagement plan for facilitating a multi-faceted nuclear proliferation monitoring process.http://archive.org/details/usingcrowdsource1094551570Major, United States ArmyMajor, United States ArmyApproved for public release; distribution is unlimited

Preparing for the Apocalypse: a Multi-Prong Proposal to Develop Countermeasures for Biological, Chemical, Radiological, and Nuclear Threats

The false alarm of an Hawaiian nuclear attack in January 2018 is an example of the lack of U.S. preparedness for attacks using nuclear and other weapons of mass destruction. To address such threats, this Article proposes the establishment of a nation-wide integrated defense of health countermeasures initiative (“DHCI”), which is a multi-prong program to create a defensive triad comprising government, private industry, and academia to develop countermeasures for health threats posed by biological, chemical, radiological, and nuclear (“BCRN”) attacks. Key elements of our multi-faceted proposal include the use of the government’s Other Transaction Authority to simplify procurement arrangements, the establishment of public-private partnerships with an information commons for the sharing and the use of certain information and trusted intermediaries to protect proprietary information pursuant to cooperative research and development agreements (“CRADAs”), and the creation of a network of incubators sited in ecosystems of excellence. Although our proposal focuses on health countermeasures, it may be applied to other urgent national needs, such as rebuilding U.S. infrastructure