SAP Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

SAP

The changing role of partners in SAP’s new cloud mindset

 960 640 Guest Post
By:
0
0

Recent changes from SAP has left many partners wondering what the next steps are in providing cloud services, especially given  SAP’s insistence on developing a ‘cloud mindset’, and emphasising its Activate Methodology and Fit to Standard workshops to achieve this. 

Up until this point, a change of direction to the cloud has had little impact upon consultants abilities to facilitate a deployment, or to provide daily customer support services.  But the introduction of RISE with SAP S/4HANA Cloud, public edition or private edition, has brought with it a different way of working than its predecessor, HANA Enterprise Cloud (HEC). Given SAP is now driving software infrastructure delivery, the role that SAP partners play has now changed.

From initial consultation to implementation, support to maintenance, as Robert MacDonald, Innovation & Technology Manager at Absoft explains, partners need to adopt a new cloud mindset and skill set to enable them to adapt to the change, and to successfully deliver RISE with SAP…

Identifying the change

Over the last ten years, SAP partners have been moving away from providing on-premise ERP solutions to move toward cloud based systems, such as Microsoft Azure.  Even despite what felt like a significant change as a result of switching licences and adapting to more varied cost/flexibility models, partners were able to keep disruption to their business to a minimum..  This was owed in part to the fact that partners were still in control of key aspects of the process, from initial scoping all the way through to implementation, and as such, did not need to train their staff in any new specific skills.

RISE with SAP has ushered in a great deal of change. Irrespective of whether a customer opts for RISE with SAP S/4HANA Cloud, public edition or RISE with SAP S/4HANA Cloud, private edition, the entire approach has changed  – and partners need to change with it .

On the surface, the process has been simplified. SAP has created a standard infrastructure and offers customers small/medium/ large architecture options to streamline pricing. An ‘adopt not adapt’ mindset means customers are encouraged to avoid any customisation – indeed customisation or extensibility, if required, can only occur outside the core S/4HANA product, using Application Programming Interfaces (APIs) to link to complementary cloud solutions.  So where do partners fit into this new model?

Embracing new skills

One significant impact will be felt by consultants who specialise in providing more traditional expertise, offering services in scoping and implementation and outlining business-specific requirements. These services are no longer necessary, and have been replaced with SAP’s Fit to Standard workshops, negating the need for custom development specification and GAP analyses, should the SAP ERP solution not support a specific customer need.

The challenge for partners now is convincing prospective customers of the benefits of a standardised best practice approach, and emphasising that customisation should only be used to differentiate themselves from competitors when using a standard cloud based deployment.  Because of this, consultants need to learn new skills.  They need to learn to assess a customer’s processes, identify those areas of differentiation that would justify the development of extensible solutions and work with department heads to achieve the change management required to match the SAP standard process.

Partners must take their ecosystem of consultants with an extensive skill set based on identifying problems, writing development specifications and managing project delivery and help them make the transition to this new approach. They need to dedicate time and resources to changing the mindset of customers to fit SAP’s new cloud mindset, and learning new management skills.

Providing Support and Enabling Delivery 

The new skills set requirements extend far beyond the initial consultation stage. RISE with SAP is delivered using SAP’s Activate Methodology, which has been updated to support the implementation of this standard cloud project. This again requires that Project Managers learn a new set of skills. From provisioning systems to testing, connectivity to networks and configuring interfaces, every request has to go via SAP.  For Project Managers who prefer to work internally with their own teams on these processes, it will take time to get to grips with SAP timelines, processes and people.

For example, SAP may insist on providing a week’s notice before connectivity is turned on, which is something that could be achieved within hours if working internally.  If the Project Manager is not familiar with these processes, the entire project could become rapidly derailed. In essence, this new approach and mindset from SAP is both a move to a more modern standardisation method, working concurrently with a more old-fashioned service request system, over which partners have no control.  It also has implications upon where SAP’s influence exists and where it doesn’t, which muddies the waters in terms of determining which areas of the service which will incur an extra cost, and which areas do not fall under the remit of SAP.

The new skill set is not limited to implementation – the same issues arise during ongoing support.  From system patches to updates, it is vital to ensure changes fit in with business timelines – avoiding month ends, for example. Despite not being in control of these processes, partners still have a key role to play in liaising with customers when an update is set to occur The key to avoiding those increases in cloud expenses that have impacted organisations in the past is the availability of a service that can organise downtime, alert any affected business areas, handle change control, and oversee testing.

Conclusion

SAP recognises that significant change in skill sets and processes are required  to facilitate  this new generation of cloud solutions and is investing in supporting its partners. But partners themselves will have to buy into this new cloud mindset and meet them halfway, if RISE with SAP is to be deployed successfully.  Partners can no longer rely on the same on premise product that they have become familiar with over the last 20 years, and set it up all across the board. Every partner must now collaborate closely with SAP, use the company’s methodology, embrace the lessons learned and work with the customer success teams.

This is fundamentally changing every aspect of the SAP partner role and this is something that took some partners by surprise – especially those that did not expect RISE with SAP to take off in the first place. How many partners have proactively recognised and documented the new support and maintenance model to ensure customers understand the changing roles of suppliers  and partners  in this new cloud mindset? How many have been through their first SAP Activate project and now understand SAP’s processes and timelines? Critically, how many are genuinely committed to creating and embracing a new cloud mindset in terms of skillset to support staff and to enable the smooth transition to this new model?

Ultimately, the success of each customer’s implementation is now inextricably linked to the speed in which partners adopt and embrace the new cloud mindset.

Image by Patou Ricard from Pixabay

The secrets of no drama data migration

 960 640 Guest Post
By:
0
0

With Mergers, Acquisitions and Divestments at record levels, the speed and effectiveness of data migration has come under the spotlight. Every step of this data migration process raises concerns, especially in spin-off or divestment deals where just one part of the business is moving ownership. 

What happens if confidential information is accessed by the wrong people? If supplier requests cannot be processed? If individuals with the newly acquired operation have limited access to vital information and therefore do not feel part of the core buyer’s business? The implications are widespread – from safeguarding Intellectual Property, to staff morale, operational efficiency, even potential breach of financial regulation for listed companies.

With traditional models for data migration recognised to be high risk, time consuming and can potentially derail the deal, Don Valentine, Commercial Director at Absoft explains the need for a different approach – one that not only de-risks the process but adds value by reducing the time to migrate and delivering fast access to high quality, transaction level data…

Recording Breaking

2021 shattered Merger & Acquisition (M&A) records – with M&A volume hitting over$5.8 trillion globally. In addition to whole company acquisitions, 2021 witnessed announcements of numerous high-profile deals, from divestments to spin-offs and separations. But M&A performance history is far from consistent. While successful mergers realise synergies, create cost savings and boost revenues, far too many are derailed by cultural clashes, a lack of understanding and, crucially, an inability to rapidly combine the data, systems and processes of the merged operations.

The costs can be very significant, yet many companies still fail to undertake the data due diligence required to safeguard the M&A objective. Finding, storing and migrating valuable data is key, before, during, and post M&A activity. Individuals need access to data during the due diligence process; they need to migrate data to the core business to minimise IT costs while also ensuring the acquired operation continues to operate seamlessly.  And the seller needs to be 100% confident that only data pertinent to the deal is ever visible to the acquiring organisation.

Far too often, however, the data migration process adds costs, compromises data confidentiality and places significant demands on both IT and business across both organisations.

Data Objectives

Both buyer and seller have some common data migration goals. No one wants a long-drawn-out project that consumes valuable resources. Everyone wants to conclude the deal in the prescribed time. Indeed, completion of the IT integration will be part of the Sales & Purchase Agreement (SPA) and delays could have market facing implications. Companies are justifiably wary of IT-related disruption, especially any downtime to essential systems that could compromise asset safety, production or efficiency; and those in the business do not want to be dragged away from core operations to become embroiled in data quality checking exercises.

At the same time, however, there are differences in data needs that can create conflict. While the seller wants to get the deal done and move on to the next line in the corporate agenda, the process is not that simple. How can the buyer achieve the essential due diligence while meeting the seller’s need to safeguard non-deal related data, such as HR, financial history and sensitive commercial information? A seller’s CIO will not want the buying company’s IT staff in its network, despite acknowledging the buyer needs to test the solution. Nor will there be any willingness to move the seller’s IT staff from core strategic activity to manage this process.

For the buyer it is vital to get access to systems. It is essential to capture vital historic data, from stock movement to asset maintenance history. The CIO needs early access to the new system, to provide confidence in the ability to operate effectively after the transition – any concerns regarding data quality or system obsolescence need to be flagged and addressed early in the process. The buyer is also wary of side-lining key operations people by asking them to undertake testing, training and data assurance.

While both organisations share a common overarching goal, the underlying differences in attitudes, needs and expectations can create serious friction and potentially derail the data assurance process, extend the SPA, even compromise the deal.

Risky Migration

To date processes for managing finding, storing and managing data pre, during and post M&A activity have focused on the needs of the selling company. The seller provided an extract of the SAP system holding the data relevant to the agreed assets and shared that with the buyer. The buyer then had to create configuration and software to receive the data; then transform the data, and then application data migration to provide operational support for key functions such as supplier management.

This approach is fraught with risk. Not only is the buyer left blind to data issues until far too late but the entire process is time consuming. It also typically includes only master data, not the transactional history required, due to the serious challenges and complexity associated with mimicking the chronology of transactional data loading. Data loss, errors and mis-mapping are commonplace – yet only discovered far too late in the process, generally after the M&A has been completed, leaving the buyer’s IT team to wrestle with inaccuracy and system obsolescence.

More recently, different approaches have been embraced, including ‘behind the firewall’ and ‘copy/raze’.  The former has addressed some of the concerns by offering the buyer access to the technical core through a temporary separated network that houses the in-progress build of the buyer’s systems. While this avoids the need to let the buyer into the seller’s data and reduces the migration process as well as minimising errors, testing, training and data assurance, it is flawed. It still requires the build of extract and load programs and also uses only master data for the reasons stated above. It doesn’t address downtime concerns because testing and data assurance is still required. And it still demands the involvement of IT resources in non-strategic work.  Fundamentally, this approach is still a risk to the SPA timeframe – and therefore does not meet the needs of buyer or seller.

The ‘copy/raze’ approach has the benefit of providing transactional data. The seller creates an entire copy and then deletes all data relating to assets not being transferred before transferring to the buyer. However, this model requires an entire portfolio of delete programmes which need to be tested – a process that demands business input. Early visibility of the entire data resources ensures any problems that could affect the SPA can be flagged but the demands on the business are also significant – and resented.

De-risking Migration

A different approach is urgently required. The key is to take the process into an independent location. Under agreement between buyer, seller and data migration expert, the seller provides the entire technical core which is then subjected to a dedicated extract utility. Configuration is based on the agreed key deal assets, ensuring the extraction utility automatically undertakes SAP table downloads of only the data related to these assets – removing any risks associated with inappropriate data access. The process is quicker and delivers better quality assurance. Alternatively, the ‘copy/raze’ approach can be improved by placing the entire SAP system copy into escrow – essentially a demilitarised zone (DMZ) in the cloud – on behalf of both parties.  A delete utility is then used to eradicate any data not related to the deal assets – with the data then verified by the seller before the buyer has any access. Once confirmed, the buyer gains access to test the new SAP system prior to migration.

These models can be used separately and in tandem, providing a data migration solution with no disruption and downtime reduced from weeks to a weekend. The resultant SAP solution can be optimally configured as part of the process, which often results in a reduction in SAP footprint, with the attendant cost benefits.  Critically, because the buyer gains early access to the transaction history, there is no need for extensions for the SPA – while the seller can be totally confident that only the relevant data pertaining to the deal is ever visible to the buyer.

Conclusion

By embracing a different approach to data migration, organisations can not only assure data integrity and minimise the downtime associated with data migration but also reduce the entire timescale. By cutting the data due diligence and migration process from nine months to three, the M&A SPA can be significantly shorter, reducing the costs associated with the transaction while enabling the buyer to confidently embark upon new strategic plans.

69% of SAP users: projects do not prioritise IT security

 960 640 Stuart O'Brien
By:
0
0

More than two thirds (68.8%) of SAP users believe their organisations put insufficient focus on IT security during previous SAP implementations, while 53.4% indicated that it is ‘very common’ for SAP security flaws to be uncovered during the audit process.

That’s according to the SAP Security Research Report by risk management consultancy, Turnkey Consulting, which also uncovered that most respondents were not fully equipped to manage risk. A fifth (20.8%) felt most businesses did not have the skills and tools to effectively secure their SAP applications and environment, with 64.3% saying they only had some skills and tools.

Looking at specific concerns, nine out of ten (93.2%) people thought it was likely that an SAP audit would flag Access Management issues. Privileged or emergency Access was also a major concern with 86.4% believing it was common or very common to have audit findings specifically related to it.

However, the research also showed a growing awareness of the security challenges faced by today’s enterprise, with the adoption of ‘security by design’ regarded as a solution. 74.0% expect IT security to take greater priority in future SAP deployments, with 89.6% agreeing that security specialists should be brought on board to support their SAP S/4 HANA transformation programmes.

Richard Hunt, managing director at Turnkey Consulting, said: “The findings of this survey mirror our day-to-day experiences; SAP security is often an afterthought on SAP deployments, with the result that not enough time and resource is allocated to the essential security activities that need to take place throughout the project.”

“However it is encouraging to see that boardroom awareness is growing as the general business environment becomes increasingly focused on compliance, data protection and cyber security. This understanding will drive organisations to take the critical step of designing security into implementations from day one.”

Turnkey says it undertook its inaugural SAP research to determine organisations’ preparedness as the SAP landscape undergoes a time of transition and the deadline to adopt SAP S/4 HANA approaches. The SAP ERP offers extensive user benefits in terms of increased interconnectivity and mobility, but risks leaving SAP applications and infrastructure open to exploitation.

Hunt concluded: “Rolling out SAP S/4 HANA requires significant investment and organisational commitment. This reinforces why building in security from the start is vital if remediation, which is costly from both a financial perspective as well as in terms of business disruption, is to be avoided further down the line.”

You can download Turnkey’s SAP Security Research Report by clicking here.