Tag Archives: ERP Consulting

SAP Cloud Security by Vimeg Square

SAP and the 1-2-3 of Cloud Security

Security is #1 concern for enterprise organizations when building a cloud choice. Security is an important topic. But it needs a sense of proportion over an emotional discussion.

The force along the security isobars of IT SAP Cloud Security by Vimeg Squareare high but need at least space for value and business oriented conversation about cloud – how to help business become more agile and insightful.

The SAP Cloud Strategy and Customer Co-Innovation team regularly meets customers and discuss expectations, opportunities and concerns.

Let´s look into the 3 most important aspects of security.

1)        Location Matters

Cloud Communications are dominated by one question: “How secure is the cloud?” This is a tip of the iceberg question which normally leads to questions around:

  • Physical Security and Data Location
  • Network Security
  • Backup & Recovery
  • Operational Compliance
  • Confidentiality & Integrity
  • Data Portability

However, According to the latest Data Breach Investigations Report, 86% of all security breaches were executed by the use of stolen login credentials, making secure enforcement of employee passwords and single sign-on policies “a must”.

The location of a datacenter where the cloud solution and the respective data is handled fires up further discussions and IT definitively worry where the data is stored physically. The strictness of European regulations, and especially regulations in Germany (Germany’s Federal Data Protection Act which is known as Bundesdatenschutzgesetz or BDSG. The laws were reformed significantly in 2009 to cover a range of data protection-related issues), can help build trust when deciding on a geographical storage location for customers data.

And lets not forget, all of the above applies to on-premise as well as cloud solutions.

2)        It is all about trust

With cloud computing the insight of security changed deeply. It makes trust the #1 asset and brand value in cloud computing. And this drives us here at SAP.

SAP handles data with the utmost discretion and strives to deliver services and support that allow business-critical processes to run safely.

The primary aim is to secure customers against unauthorized data access and misuse, as well as confidential data disclosure, using various measures for employees, applications, organization, systems, and networks.

SAP is the leading provider for Enterprise business software in the market and is transforming rapidly into a Cloud Company with a comprehensive cloud portfolio. SAP is used to working with very sensible customer data. Data security and data privacy is part of the DNA – and to earn customer´s trust every day is the mission.

SAP runs cloud solutions and services at the same high level of security as its customers are used to for all other highly critical business processes.

SAP invests more in security, especially for the cloud, in most cases more than an IT Organization inside a large companies is able or willing to do. All companies, not only smaller ones without access to such resources definitely benefit.

Cloud computing with its different layers takes the burden of commodity task off the In-house IT to allow IT to concentrate on Value Add tasks. At the same time Cloud vendors concentrate on specific tasks and professionalize them to the maximum. This constant repetition and automation help eliminate manual steps and sources of errors.

Data encryption for user devices using SSL is another good example. You need to control every level of the cloud-computing stack, from datacenter to database to middleware and the applications layer.

In our Public Cloud model, every layer of the stack goes through rigorous security audits and adheres to most stringent security standards. We follow transparent security and auditing standards and adhere to the most stringent data privacy standards.

3) Manage the militarized and a de-militarized Zone on the Web

EU 95/46 EC, PCI-DSS, ISO 27002, BS7799, ASIO-4, FIPS Moderate, BS10012, SSAE-16/SOC2… Just to name the most important audit standards and certificates, which apply to datacenter and services, keeping a customer´s data secure.

SAP has achieved all of these certifications. In addition, our network architecture is multi-tiered. End-user traffic is limited to the front Demilitarized Zone (DMZ) tier of Web servers only. Each single tier in the hosting environment is organized into a DMZ-like pattern. This allows a firewall or Virtual Local Area Networks (VLAN) separation between each tier. A request is individually validated before creating the next tier independent request.

These are just a few examples of a long list. To answer all these challenge, SAP frequently undergo a SSAE16-SOC2 Type II auditing, twice a year.

SAP is the leading provider for Enterprise business software and is investing more to stay on top for the future. SAP offers its customers and partners to move to the cloud, and we learn new things every day through co-innovation how to improve the solutions (see portfolio here) and services we offer to our prospective clients.

Security is a major concern for SAP and its customers and partners – making security as simple as 1-2-3 is the top priority.

Courtesy: SAP Community Network
Vimeg Square

The New SAP

SAP has mislaid its religion; swearing its once-holy message of tight combination between software applications as the key to enterprise resource planning ERP.

Beyond breaking up its strongly integrated package of applications–designed to automate corporate purposes such as general ledger, order entry management, and inventory management–the German software giant it is now preaching that integration is no longer even important.

So what’s essential now? According to SAP, joyful users and “pretty looking” applications.

SAP is launching a two-pronged campaign to change its image and make its applications easier to use and to value. The move comes on the heels of SAP’s extend into new territory–that of front-office applications, whose end users are unlikely to tolerate gray screen applications and complex user instructions.

The company is trying to dispose of its image as a creator of a highly technical software system that requires a master’s degree in R/3 to understand. It also is trying to outgrow the insight that execution of its system is likely to munch through all IT assets and take five years, requiring companies to pay out up to $10 on consultants for every $1 they spent initially on the software license.

To achieve those snooty goals, however, SAP is going to have to wipe five years of memory from the minds of corporate America, or at least persuade potential buyers that this is not their father’s R/3.

SAP–short for Systems, Applications, and Products in Data Processing–was formed in 1972 by IBM Germany consultant Hasso Plattner and four other colleagues who saw a need for packaged software to run on the hardware they were setting up for IBM customers.

“That was a time when people were leaving IBM to start consulting companies,” Plattner recently said in an interview with the Smithsonian Institute’s division of information technology. “But we left with the sole goal to develop standard software, and only 18 months after we started in 1972, we released our first standard software.”

That was System R, which in subsequent years became known as R/1 and later was followed by R/2 and R/3. But SAP’s first contract wasn’t for its standard software. Instead, it was for a custom software development project for Imperial Chemical Industry, a British-based multinational chemical maker.

Nevertheless, the deal was the shot in the arm SAP needed. SAP has been a major player in the chemical industry ever since, following the Imperial contract with ones from Dow Chemical, DuPont, and Eastman Chemical. All of those companies still are employing R/2, and are slowly migrating to R/3, the client/server version of the software.

R/3 first materialized in the late 1980s, when IBM rolled out its systems application architecture. Plattner immediately undertook the project to develop what eventually would become R/3, but he and his coworkers quietly decided to build it on the Unix platform rather than IBM’s. Development efforts went of for five years, and in 1992 R/3 was born.

The system was first installed at the Danish offices of a small Finnish company. It was targeted toward small companies while SAP continued to push R/2 to higher-end corporations. Then, in 1992, the market fell out of the mainframe industry and sales of giant computers stalled. R/3 had to scale up in order to meet the needs of large companies if SAP was to stay afloat. The company’s founders knew that Europe alone could no longer support their needs, so it was time for the company to take its new product to America.

Plattner flew to Los Angeles with hopes of landing some of the region’s small manufacturing firms as his first American clients. He did better than he could have hoped, signing his first deal with Chevron Oil, which has been a key SAP customer ever since.

SAP happened to land in America in the midst of a corporate revolution called business process re-engineering. All the Big Six software firms were racing to fix what ailed corporate America, which turned out to be its old style of doing business. SAP then entered the scene with a product that implemented many of the new business processes in the software, and hooked up with consulting firms such as Andersen Consulting to match its software to their business process consulting.

Today, SAP owns 32 percent of the ERP market and is shooting for 40 Percent market share. It is a $4 billion company, the fifth largest software firm in the world with 17,000 sites worldwide running R/3. Nearly all of the Fortune 500 companies run some piece of their vital business processes, such as monthly accounting or order entry, on R/3.

And now SAP is gunning for the front-office market, aiming to be all things software to corporations. It seems to be on the right track. The firm quickly is becoming to business what IBM was to business during the ’70s and ’80s, illustrated by the recent comment of one SAP customer who said, “We use to be an IBM shop. Now we are an SAP shop.”

As for SAP’s shift in philosophy regarding the need for tight integration, Plattner credits his change of heart to a grade school teacher who once told him that, “When you reach the point that you don’t change your mind anymore, you know you’re old.”

–Vimeg Square