archive

Traditional and Modern BI Tools Have Their Place

The world of data and analytics is quickly evolving. The role of traditional BI tools like SAP BusinessObjects is shifting as today’s software-as-a-service subscription-based platforms incorporate advanced analytic capabilities.

Ken Coleman, Business Intelligence Manager for the American Red Cross, describes several trends impacting the data and analytics space. Modern BI tools like SAP Analytics Cloud (SAC) are becoming more widely adopted for their interactive dashboards and feature sets. However, this does not mean there is not a place for traditional BI solutions.

Learn how ERP and other source systems are shifting the data landscape in operational reporting. What are the architectural differences between SAP BusinessObjects and SAC and their ideal applications? And why does data need to be architected properly for it to be analyzed?

Watch:

 



Best Practices for SAP High Availability in AWS

By Brett Barwick, Senior Software Engineer, SIOS Technology

Any organization relying on an SAP ERP solution has, implicitly, an interest in control. That’s not a bad thing: you rely on SAP because the world in which you operate is complex. Your reputation and your own expectations demand that you deliver your products and engage with your customers in a predictable manner. But control also extends to the data center in which your SAP landscape has been running. Your IT organization may be comfortable ensuring the availability of that landscape when it is on-premises, in a data center it controls. At the same time, it may see very good reasons for that landscape to run in the AWS cloud.

The question is, how can an SAP landscape be configured in the AWS cloud to ensure the high availability (HA) you expect? While on-premises, IT knows what to do. But in the AWS cloud?

That’s a question we can address today.

Ensuring HA for SAP in AWS

The key components of an SAP ERP system that one would deploy on-premises — at the presentation, application, and database layers — are also deployed in the AWS cloud. What differs from an HA perspective is how they are deployed. There are single points of failure that threaten the high availability of the solution. In the presentation layer, the SAP Apache content management system is one; in the application layer, the file system manager is another, as are certain core SAP services, such as the message server and the enqueue server. Should any of these services fail — regardless of whether that is due to human error or a hardware failure in an AWS Availability Zone (AZ) — the availability of your entire landscape is threatened.

Best practices exist to ensure operational continuity of your SAP landscape in AWS. To begin with, you should build out your HA SAP landscape across multiple AWS AZs. This ensures that if the virtual machines (VMs) or the underlying servers in one AZ go dark, the infrastructure in another AZ can be called into service immediately. For full disaster recovery you should consider creating a shadow landscape in a geographically distinct AWS region. This provides a hedge against a catastrophic failure that could take down multiple AZs in a single region.

You’ll treat the network resources connecting the components of your landscape differently as well. Within and among AZs in an AWS region there is ample bandwidth to move information among the nodes of your SAP landscape without delay. However, the environment is likely more complex than any your IT team will manage on-premises — but a certain amount of abstraction is advantageous. Best practices involve the use of floating IP addresses and cloud quorum/witness features so that underlying resources can be swapped in and out transparently as availability demands dictate.

Finally, the manner in which data is stored in AWS must be considered and proactively addressed. You can’t use shared storage resources in the cloud in the same way you can on-premises, meaning you’ll need to anticipate how and where your data will be stored. Again, distributing storage across multiple AZs helps ensure HA, but you’ll also have to consider how that data is properly replicated among distributed storage. You’ll also have to consider how you’ll track, manage, and protect important mount points for partitions, logical volumes, and NFS exports.

Intelligent Management of Cloud Components

While distributing the components of your SAP landscape among different AWS AZs is critical for HA, so too is the deployment of a landscape monitoring and management solution. You need a solution that can monitor the health of each of these components, immediately identifying any component that is not performing properly and orchestrate the process of repairing the problem as quickly as possible.

The intelligence of such a solution is key, because different issues affect different components of an SAP landscape in different ways and no single remedy is universal. Some availability problems may be solved almost instantaneously by restarting a process on a specific VM; others may require a VM in another AZ to go online, and that may require the reassignment of IP addresses and the restarting of several SAP services in a specific sequence. Monitoring and management tools that are SAP-aware are key to an appropriate, orderly, and expeditious response.

In particular, you’ll want to look for monitoring and HA management tools that look at an SAP landscape across multiple dimensions. Tools that simply listen for a heartbeat from the SAP primary application server (PAS), for example, and then initiate a failover to a secondary server in the absence of a detected heartbeat are too heavy-handed. A suite of SAP-aware tools that can monitor the performance of critical processes on individual landscape components can provide a broader range of appropriate actions. With that kind of intelligence, lower-level issues that might eventually compromise a component in the cloud can be detected and automatically addressed before they cause serious problems.

At the same time, this suite of tools must also be AWS-aware. They must be able to translate the appropriate responses to issues detected within components of the landscape to actions appropriate to AWS. If the appropriate response is to restart a particular component within the SAP landscape on a new VM, the tools must be able to orchestrate that restart in the appropriate AZ, make the relevant IP address changes, and so on. If an error causes a database in one AZ to go offline, an intelligent monitoring and management solution orchestrates the replication of data to secondary instances of that database and manages all aspects of bringing that secondary database online seamlessly to ensure ongoing availability of the SAP landscape.

For IT departments accustomed to ensuring the availability of an on-premises SAP landscape, the cloud offers many advantages and raises many questions. But these questions have answers. It is possible to run your SAP landscape in the cloud and achieve the level of HA that you’ve been accustomed to in your on-premises deployment. It requires planning, and it takes an appreciation of the core technical differences between an on-premises environment and a cloud environment like AWS. Add to that a suite of intelligent, SAP- and AWS-aware monitoring and management tools, and your enterprise will be in good hands going forward.

 

MEET THE AUTHORS

Brett Barwick SIOS
Read More

Brett Barwick, Senior Software Engineer, provides the SIOS engineering team with in-depth expertise in SAP. He is also an AWS Certified Solutions Architect - Associate, well versed and knowledgeable in the cloud. Before joining SIOS, Brett was an Assistant Professor of Mathematics at the University of South Carolina-Upstate. He holds a Ph.D. in Mathematics from the University of South Carolina-Columbia.



The Innovation Imperative Hits Mid-Market: A CEO’s Perspective

By Rizal Ahmed, Chief Research Officer, SAPinsider

For mid-market companies facing competition from both multinational enterprises and startups, the pressure to transform is incredibly intense. Having lean, agile infrastructure and applications has become a priority for many SAP customers in this space as they rapidly adjust their business models and processes.

To better understand how they are coping and what the significant factors are, SAPinsider sat down with Norbert Rotter, CEO of NTT DATA Business Solutions. While the name still sounds new or like a newcomer, the opposite is in fact the case. The truth of the matter is that NTT DATA Business Solutions is one of the world’s largest and arguably best experts in the SAP industry. The reason for this is that NTT DATA Business Solutions emerged from former itelligence AG, one of a small number of SAP Platinum Partners worldwide, as of April 1, 2021.

Since its inception, NTT DATA Business Solutions has been specializing in the midmarket space, offering an end-to-end range of transformation and consulting services and reselling SAP solutions. They are one of the largest resellers and service organizations catering to SAP solutions.

The old and new CEO Norbert Rotter outlined his perspective on emerging trends, new demands on service organizations like NTT DATA, and what’s driving change across both the business and IT landscape. In his opinion, “Transformation is not about technology, it is about making it work for you.” In the interview, he also shares some thoughts on SAP’s RISE offering.

Emerging Trends, Demand, and Drivers of Change

Competition and the need for speed are essential: According to Norbert Rotter, global companies are introducing new solutions, products, and services at a rapid pace. They are often faster in innovation and digitalization, which gives them an added advantage over other competitors in the industry. Mid‑market organizations especially are feeling this pressure. To compensate for this growing gap, leading-edge mid‑market companies are investing more heavily in IT and business operations.

“I think that the market, customers, and competition are demanding change and agility. You cannot compete unless you have ‘state‑of‑the‑art’ IT systems. The more you wait, the faster you will lose your place in the market. The slower your business and technology operations, the quicker you will fall behind,” says Rotter. “However, it is also important to keep in mind that the success of the transformation depends not only on the IT infrastructure or technologies, but also on empowering employees and getting them excited about using the new opportunities. Or as we say, transformation is not about technology, it is about making it work for you.”

It’s not just about IT projects, it’s about the change projects: Businesses are looking to impact processes and improve engagement with their partners and customers. According to Rotter, SAP projects are big transformation projects, not just pure IT projects. Transformation is more than migration, ultimately your business and IT operations must be closely aligned to lead and manage such change projects. Partners have to support customers in this way, but this also makes the engagement more complex. This is the reason why it is crucial to find a trusted, long-term partner, who both understands your business and market in depth and who can guide you on your own specific path towards an intelligent enterprise. “Customers are getting more global, and the work needs to become more integrated. Projects have rapidly evolved beyond just implementing a new system. Partners need to understand and review processes end-to-end,” he says.

COVID has pressed the need to improve the user experience and UX design: Remote communication and engagement have been the foundation of how companies interact. Users expect elegant, seamless experiences from both desktop and mobile devices, and this creates a need for a state‑of‑the‑art e‑commerce system that is flexible, adaptable, and responsive. “IT transformation must also meet this requirement. It is not only about perfectly transformed, automated processes, but also about usability for employees.”

Not every platform or service will survive as businesses move to the cloud: To meet demand for cloud-based services, NTT DATA Business Solutions has acquired 35 companies over the past several years in order to keep pace with SAP’s solution expansion and acquisitions. That is why like many other partners, NTT DATA Business Solutions will not only continue, but in fact step up its investment in the cloud and in hyperscaler solutions and offerings.

Companies prepare for strategic investments in core lines of business: Our SAPinsider State of the Market report showed that SAPinsiders are investing more heavily in core business areas like e‑commerce (39%), sales (35%), finance (34%), and the supply chain (34%). Rotter confirmed that he is seeing similar trends among mid‑market customers and prospects. The most relevant service for NTT DATA Business Solutions has been ERP transformation. Migrating to SAP S/4HANA brings substantial business opportunities, followed by new e‑commerce and CRM business as everything becomes cloud ready. There is also a significant demand for the supply chain as companies are investing in modernizing their supply chains. Other important areas include IoT development, analytics, and big data, creating a more comprehensive portfolio, he reports. “Especially when it comes to system conversion, we offer our own SAP qualified Partner Packaged solution, which is based on our conversion factory. With this solution, we enable companies to move to SAP S/4HANA within 20 weeks,” Rotter says.

The traditional SAP team will aggressively evolve, and companies will rely on partners to bolster skillsets: ABAP professionals are still vital to the team but are also aging out of the workforce. As more customers embrace enabling technologies, such as Artificial Intelligence, predictive analytics, cloud, IoT, and other emerging technologies, they will encounter a need to add these skills to their team. According to Rotter, mid‑market organizations are looking to partners like NTT DATA Business Solutions and the global network as they open up to support these skills and the cloud to offer these services. “We will massively enlarge our services around our own IP,” Rotter says.

“Customers have to think about how they can compete with this development, pushing to consider reducing their IT to the core, and then rely heavily on cloud solutions and service partners to outsource these services,” says Rotter.

A Partner and Mid‑Market Perspective on RISE

We talked to Rotter to get his viewpoint on RISE. From a partner’s perspective, he sees RISE as both an opportunity and a challenge. NTT DATA Business Solutions will sell and support the RISE offering within their customer base and related engagements from SAP.

Rotter is convinced that the core idea of RISE (i.e., to guide customers towards S4/HANA in the cloud as a concierge service) is a good one. It is a strong promise to sign a single contract, and have the related matters handled or coordinated by SAP. But when it comes down to the nitty gritty, it is not that simple, he states. “There might be customers who deliberately do not want to be completely dependent on SAP with a view to the entire stack. Even we, as one of the strongest and most loyal SAP resellers in the world, can understand this. So, we help our clients to benefit from RISE, but also manage these matters. Let me give an example: For some reasons, corporates may not want to put all of the processes into a public cloud. In this case, we guide them, helping them to find the individual perfect set-up, comprising managed services, private and public cloud. We also have customers who want to own the software as an on-premise solution due to other financial conditions.”

In Rotter’s opinion, the RISE initiative will facilitate the move to both SAP S/4HANA and the cloud while easing their transition to the hyperscaler environment. For mid‑market companies looking to reduce their data center complexity, this could be an attractive option.

For NTT DATA Business Solution’s own data center services, this will bring with it an element of competition. But with their extensive experience with both technology and business processes, NTT is a valued resource for RISE both with a view to potential clients and the actual project.

Rotter believes that customers will look seriously at the offering, especially when it comes to supporting the business case for a cloud-based transformation.

“RISE is definitely much more than just marketing. For SAP, it is critical to move faster to the cloud. For customers, it’s not a one-size-fits-all approach. Businesses that run their own IT and data centers are unlikely to switch to the new RISE just yet. What we will see is a world of combined cloud solutions, but with RISE as a dominant one,” predicts Rotter.

itelligence is now NTT DATA Business Solutions

Although rebranding itelligence as NTT DATA Business Solutions is a big step from a brand perspective, the company itself remains the same. The firm will continue to operate as a stand-alone company, with the same culture and mindset that has led to success over the years, supporting SAP projects in the mid‑market. Rotter is quick to explain that these differentiators have not changed and will continue to be relevant for the future. But together with the NTT DATA brand, its global reach, and set of technologies, Rotter feels that this will strengthen both organizations and their ability to serve their customers.

Norbert Rotter, CEO, NTT DATA Business Solutions

What Does This Mean for SAPinsiders

The road to transformation for mid‑market companies is not straightforward. Careful assessment and strategic planning of resources is critical for the survival and success of your business. Here are some pointers that SAPinsiders should be mindful of as you prepare for the transformation:

  • Be aggressive in your change and transformation strategy: Watch out for the new solutions, products, and services that other leading companies are introducing. Rotter emphasized the pressure this puts on mid‑market companies and advises them to constantly grow in order to keep from falling behind.
  • Take the time to analyze your current state and seek areas of improvement: Every company has opportunities to optimize business and IT processes. With the plethora of tools and services available, it is easier than ever to start looking at potential optimization. Take the time to perform this due diligence.
  • Leverage partner companies and cloud services to accelerate the expansion of your knowledge and skills: Due to the rapid change and evolution of cloud applications and services, relying on partners to help fill knowledge and skills gaps can help you come up to speed more quickly. This is a crucial step for mid‑market companies as they run on limited financial resources. This means efficiently optimizing your relationships and connections.
  • Start at your business and process foundation: Rotter confirms SAPinsider research which found that organizations are investing in foundational processes that support sales, finance, and supply chain. In times of disruption and uncertainty, managing cash flow, customers, and the flow of goods and materials is important to all organizations.


New Security Platform at Lundbeck Helps Ensure Business Continuity and Eliminate Risk of Fraud

By Brianna Shipley, Director of Editorial, SAPinsider

How long does it take a manufacturing company to safely develop a product? In the pharmaceutical world, it can take a decade, on average, for a company to produce a medicine or drug. In addition to experiencing a much lengthier development process than other manufacturing companies, businesses within the pharmaceutical industry are also subject to highly regulated business processes throughout its research, production, quality control, and sales and distribution — making for a unique environment when it comes to securing processes and technology landscapes.

Lundbeck, a Danish company headquartered in Copenhagen, is further differentiated within the industry by the specialty therapies that it develops for people with disorders of the central nervous system, including depression, schizophrenia, Parkinson’s, and Alzheimer’s. With the acquisition of two US companies in recent years, Lundbeck has been able to expand its research into new product areas, including treatments for migraines.

Just as the company’s research and development areas have evolved over the years, so too have security and technology trends. “Today, there is a much greater emphasis on having a global security system in place than there was 20 years ago, when it was not uncommon for key employees to have access to everything within the SAP system,” says Kirsten Kjerkegaard, Solutions Architect for Access and Security at Lundbeck, who has worked in the security space for her entire career and witnessed these changes first-hand.

Kirsten Kjerkegaard, Solutions Architect for Access and Security at Lundbeck

Lundbeck has been an SAP customer since 2003. The company currently runs one instance of SAP ERP on premise for its procurement, supply planning, production, serialization, logistics, sales, finance, human New Security Platform at Lundbeck Helps Ensure Business Continuity and Eliminate Risk of Fraud resources, and business intelligence functionality. Six years ago, the company moved to a hybrid SAP landscape with implementations of SAP Ariba, SAP Concur, and SAP SuccessFactors solutions. Today, the company is undergoing a project — with an anticipated go-live of June 2021 — to implement SAP S/4HANA in a separate system to use the built-in extended warehouse management capabilities. In the future, it plans to convert its SAP ERP landscape to SAP S/4HANA.

Currently, Kjerkegaard’s role is to help Lundbeck select the right tools and processes for supporting the access governance and authorization areas, which include processes for user administration, segregation of duties (SoD), privileged access management, and re-certification (periodic access reviews). “For the SAP systems, specifically, I am also responsible for ensuring a healthy authorization concept that can stand the test of financial audits and health authority inspections,” she says.

The Pursuit of Automated Security

When Kjerkegaard joined Lundbeck four years ago, her mission was to help the business ensure smooth audits and identify and minimize security issues. “At that time, the company’s access provisioning process was digitalized, but the SoD and privileged access management processes were managed manually through spreadsheets, which created some challenges and cumbersome reporting,” she says.

To eliminate these issues, Lundbeck began investigating options for an automated security platform. A critical component of selecting a vendor was the ability for the platform to perform in a hybrid landscape. For SoD in particular, Lundbeck needed a solution that would integrate with the SAP Ariba solutions that run its commercial purchasing. According to Kjerkegaard, out of the nine solutions the business evaluated, most of them did not meet this need.

“After narrowing the list down to four vendors, our final choice was the Security Weaver platform due to the attractive price level, the technically easy implementation, the built-in application programming interfaces (APIs) that provided for easy integration to our existing access request system — and because it had the most advanced functionality in the privileged access management solution,” she says, referring to the Security Weaver Emergency Repair application.

“With the Security Weaver product suite, Corporate IT has ensured that we can support the business with future proof control processes around the SAP platform. Also, that our SAP access process is more standardized and efficient, reducing the manual workload through automated control processes,” says Preben Klavsen, Senior Director, Head of Business IT Delivery at Lundbeck.

Lundbeck also implemented the Security Weaver Separations Enforcer application to analyze, manage, and reduce SoD conflicts and the Security Weaver Secure Enterprise application to enable SoD analysis across the SAP Ariba solutions.

The project teams took an unconventional approach to the deployments by implementing the SoD process applications (Separations Enforcer and Secure Enterprise) before the privileged access management solution (Emergency Repair). “The reason for prioritizing this way was because we wanted to start with our biggest challenge compliance-wise, namely the SoD area itself, and because we had a reliable manual privileged access process running,” says Kjerkegaard.

Uncovering Vulnerabilities and Reducing SoD Conflicts

Prior to using Separations Enforcer and Secure Enterprise to perform cross-platform SoD conflict analysis, Lundbeck was performing repetitive tasks and producing static reporting. “We were doing the same access cleanup year after year; we were analyzing historic data and were not performing exact analysis because our reporting tools could only handle transaction-level reporting,” says Kjerkegaard. “As people working with SAP authorizations know, SAP access is much more complex than this, and proper reporting cannot be handled in spreadsheets.”

The project team responsible for digitizing Lundbeck’s SoD processes with Separations Enforcer and Secure Enterprise consisted of the company’s process specialists from the involved business areas, with Kjerkegaard serving as the solutions architect, authorization specialist, and project manager during the system implementation. “Security Weaver supported us on request with online configuration guiding and train-the-trainer courses,” she says. “The applications were implemented from scratch and were quite easy to install and configure so we were able to quickly complete that phase and enter test mode.”

The solutions are capable of cross-platform analysis, which enables Lundbeck to include SAP Ariba procurement processes when measuring SoD conflicts. Together with the preventive controls during the access, the analysis provides Lundbeck with a complete overview of which users have SoD conflicts and which authorizations are causing the conflicts.

“This information can be used to ensure that mitigating controls are placed exactly where they are needed,” says Kjerkegaard. “For example, if the same user is permitted to perform the tasks of procuring a material as well as paying for that material, the system ensures that a so-called mitigating control can be placed on this user to monitor that the access is not used inappropriately.”

Prior to the implementation, Lundbeck had adopted an SoD ruleset, otherwise known as the SoD conflict definitions, from a consulting partner. The ruleset differed from the pre-loaded definitions that came with Security Weaver Separations Enforcer. “We expected the two rule sets to be similar, but they were actually very different, requiring us to dig deeper,” says Kjerkegaard.

The project team therefore spent a lot of time on the ruleset, defining SoD conflicts to ensure that they met the unique needs of Lundbeck’s processes, an exercise that Kjerkegaard recommends other companies invest in as well. “If you define a ruleset that doesn’t apply to your business processes, then you’re creating unnecessary workload that doesn’t add value,” she says. “I would advise that businesses spend time to discover what standard rules will work for them out of the box, and what might need to be configured differently, and understand that mitigating controls are money out the window if they are not placed where the actual possibilities for fraud are.”

Sandra Ebbesen, Compliance Controller at Lundbeck and project manager for the implementation of the mitigating control process, adds: “Besides the waste of money implementing controls that are not mitigating actual risks, unnecessary controls will also increase the resistance from line of business against a project like this, and, in the end, result in controls not being properly performed. So, it is very important that businesses spend time on this task and acknowledge that it is not a one-size-fits-all.”

According to Kjerkegaard, having the company’s SAP business processes predefined in Separations Enforcer beforehand was a big help. “Technically, this made it very easy for us to create or remove SoD conflicts, so we could concentrate on the business part of the implementation rather than on the technical part,” she says. “Also, Security Weaver did a great job in expanding the ruleset to include business processes on the SAP Ariba side, ensuring that we had all relevant corporate business processes included in the SoD analysis.”

Lundbeck’s project team has defined up to 80 different ways that a user could access the SAP system and potentially commit fraud. “We now have complete transparency into where SoD conflicts exist in the company’s landscape, and which users have the conflicts,” says Kjerkegaard. “That’s a huge step from earlier, when we were using spreadsheets for reporting and we only had historical data to look at. Now we have real-time knowledge about our systems.”

Of course, not every conflict can or should be removed – especially for the organization’s smaller companies that only have a few employees. “To streamline control monitoring, we are now also implementing an e-mail-supported mitigation process so auditors (for example, local controllers or managers) can confirm the mitigating controls they are performing to document that a conflict has not resulted in fraud,” she says. “It is a big advantage that the mitigation process is also part of the Security Weaver Separation Enforcer application; unlike in competing products, where the SoD monitoring and mitigation process lies in different modules – hence a bigger investment.”

In addition to auditors, for projects such as this, she also encourages involvement by busines leaders: “With these kinds of compliance projects, most important is to ensure that top management is involved and supporting the project. As key competencies are needed from various business areas, it is critical that management supports that the project is prioritized – preferably that it is reflected in the delivery goals of the involved business areas. Otherwise, it can be a struggle to ensure project resources and keep project pace.”

Streamlining Privileged Access Supports Business Continuity

Privileged access is a term used for extended, temporary access to IT production environments, which requires monitoring (of an audit log) due to its critical nature. At Lundbeck, privileged access is obtainable for SAP project participants for cutover activities and hypercare in connection with project go-lives as well as for internal and external SAP specialists in connection with first- and second-level support activities.

“Prior to implementing the Security Weaver Emergency Repair application, we used unnamed privileged users which were manually handled, only in Denmark office hours,” says Kjerkegaard. “With 3,000 requests per year, this was of course a timeconsuming task handled by some of our most experienced specialists.”

Now, with the Security Weaver Emergency Repair application, the automation has resulted in significant time savings for key specialists in Lundbeck. Also, when it comes to giving privileged access to its offshore support partners, which operate in a different time zone, the Security Weaver application has meant a lot of waiting time saved. Because of the automation, Lundbeck’s partners receive access faster without having to wait for an administrator to wake up, open the computer, confirm that the request is appropriate, and provision the access.

Instead of reviewers having to manually review the audit log for discrepancies — which are uses of privileged access that do not match the stated intentions — the process is automated. Logs matching the requested access are automatically reviewed, saving 60 % of the review work. With 3,000 cases a year, this is a significant amount of time savings, according to Kjerkegaard. “Now, when discrepancies occur that need to be reviewed, the request is routed directly to the reviewer assigned to the privileged user — via email — to investigate and approve (or reject) the log,” she says. “This has given us the possibility of delegating the review task to the right specialists and provides a much more qualified review than we had before the system implementation when the review task was centralized due to manual processes.”

She adds, “With the implementation of Security Weaver Emergency Repair, there are so many wins, both economically and security-wise. The tool works seamlessly with the automatic log review in all system types and is easily adopted by users.”

Looking Forward

Lundbeck has rolled out all three Security Weaver applications to the company’s main SAP ERP system, as well as to SAP Advanced Track and Trace for Pharmaceuticals and SAP Business Warehouse. According to Kjerkegaard, Lundbeck is looking forward to moving its Security Weaver applications onto SAP S/4HANA when that conversion is complete.

“We have already configured and tested Security Weaver Emergency Repair on our SAP S/4HANA system for extended warehouse management and haven’t seen any issues with it,” she says. “The user acceptance testing for extended warehouse management has run smoothly without any issues detected. Although Security Weaver had promised us that the system was SAP S/4HANA ready, it was a relief to see the test pass with our own eyes.”

Lundbeck plans to implement a fourth Security Weaver application, Secure Provisioning, in April 2021, which will allow the company to replace its custom code system with a standard access request and user provisioning system.

A word of advice to Kjerkegaard’s colleagues in the SAP security space: “Instead of only looking at one or two products, I suggest that organizations get a proper market overview and select a broader range of vendors during their evaluation process,” she says. “I have seen several Danish companies implement small, local SoD tools instead of looking at international vendors, such as Security Weaver who offers much more advanced and future-proof products for competitive price levels.”

Company Snapshot

Lundbeck Headquarters: Copenhagen, Denmark

Industry: Pharmaceutical

Company details: Lundbeck — a global pharmaceutical company headquartered in Denmark — is driven by a call to find answers to the unsolved questions of neuroscience. The company fulfills its mission through state-of-the-art research and development and by engaging in the manufacturing, marketing, and sale of pharmaceuticals across the globe. Lundbeck has been at the forefront of neuroscience research for more than 70 years.

SAP solutions: SAP ERP (for procurement, supply planning, production, serialization, logistics, sales, finance, human resources and business intelligence), SAP S/4HANA, SAP Business Warehouse, SAP Advanced Track and Trace for Pharmaceuticals, and SAP Concur, SAP Ariba, and SAP SuccessFactors solutions.

Third-party solutions: Security Weaver Separations Enforcer, Security Weaver Secure Enterprise, and Security Weaver Emergency Repair.

 

 



The Power of Prevention

The Power of Prevention How Patching and Awareness Can Fortify SAP Systems Against Hacks

By Aditi Kulkarni, Product Security Senior Specialist, SAP Labs India

Unpatched vulnerabilities in systems are one of the primary factors that cause cyberattacks today. We don’t need to look far back to recollect the nightmare caused by the WannaCry ransomware attack in 2017. While the software vendor had released patches previously to close the vulnerability, much of WannaCry’s spread was from organizations that had not applied imperative patches or were using older end-of-life systems.

Then, in 2020, the unprecedented advent of COVID19 forced organizations to restructure their workforce management and impacted the way normal patching operations were conducted. Organizations had no time to plan for such a scenario, leaving their systems open to potential vulnerabilities that threat actors could easily misuse.

In our new normal of remote and cloud environments and rising cyber risk from more sophisticated threat actors, it is more critical than ever for organizations to prioritize their patching strategy.

How SAP Addresses Security – And How Customers Can Help

By ensuring that products are developed, tested, and delivered in the most secure way, SAP’s teams continuously work on enabling security by default in SAP products. But there is no such thing as flawless software.

At SAP, the Product Security Response Team (PSRT) collaborates with external security researchers for responsible disclosure of vulnerabilities identified on SAP products. These researchers can send their findings to SAP through a form or by directly writing to secure@sap.com. Besides showing appreciation to the external researchers for helping secure SAP products, the PSRT also coordinates private Bug Bounty programs on BugCrowd, HackerOne platforms.

While vendors do much to limit risk through vulnerabilities, customers too need to play an active role in safeguarding their assets and data. SAP periodically publishes new security patches to vulnerabilities on SAP products. It is important that these patches are applied by SAP’s customers. In the next few sections of this article, you will read about Security Notes, Security Patch Day, SAP services that help SAP customers stay updated about security patches, and recommendations for how SAP’s customers can plan their patching strategy.

Continuous Monitoring and Updates through SAP Security Notes

New security patches that need to be applied by SAP’s customers are published as Security Notes (Note: This portal is accessible only to users having S-User ID.) on the SAP Support Portal (see Figure 1). A Security Note can contain patches to one or more vulnerabilities for a certain SAP product. They include details about the vulnerabilities, their impacts, relevant patch description, and product versions.

Exploitability risk and impact of a vulnerability on a product is currently evaluated at SAP using Common Vulnerability Scoring System (CVSS) Version 3. CVSS is an open industry standard, initially developed by the National Infrastructure Advisory Council and continuously improved by the Forum of Incident Response and Security Teams, which consist of teams and companies all over the world. Based on the evaluated CVSS score, a vulnerability is categorized as Hot News, which corresponds to ‘Critical’ in CVSS severity rating scale, or as High, Medium, or Low. Consequently, a Security Note’s severity is decided by the severity of the most critical vulnerability that it patches.

Figure 1
Screenshot of SAP Security Notes & News

SAP Security Notes are categorized in two ways

1. Patch Day Security Notes contain patches to vulnerabilities of Hot News severity and to vulnerabilities of High, Medium, or Low severities reported by customers or external researchers. 2. Support Package Security Notes contain patches to vulnerabilities of High, Medium, and Low severities found internally by SAP. SAP primarily consolidates all security patches to vulnerabilities found through internal quality assessments in Support Packages. However, a small subset of these are prerequisite to other functional notes that are released as individual corrections. Therefore, as an exception, security notes that are prerequisites to functional notes are released as Support Package Security Notes.

A Security Note might undergo an update after its release, for example, to enhance the description about the solution. SAP decides how and when to update a Security Note after analyzing its need, and each update undergoes quality reviews. An updated Security Note contains information about what was changed.

If a product is under maintenance, SAP releases security patches covering product maintenance versions released within the last 24 months. This is for vulnerabilities of Hot News or High severity. For vulnerabilities of Medium or Low severity, patches are released at least for the latest version of the product.

Read more about maintenance strategy here.

Some SAP products offer Customer Specific Maintenance (CSM) for product versions that are out of maintenance. If a vulnerability is patched on a product that has a version that went out of maintenance, then the Security Note will cover the out of maintenance version for the next one year. This is applicable for vulnerabilities of Hot News, High, and Medium severities.

Read more about SAP Security Notes here.

Setting an Example: SAP Security Patch Day

To help customers plan a consistent patching strategy, SAP releases its Security Notes on the second Tuesday of every month, the company’s Security Patch Day. Patch Day Security Notes are typically released on Security Patch Day, along with Support Package Security Notes and Update Notes. Scroll down on the SAP Security Notes page to view planned Patch Days for 2021.

In 2020, SAP completed ten years of conducting Security Patch Days. A steady increase in the number of Security Notes released over the years corresponds proportionally to the increased awareness about software security in the industry.

Compared to the year 2019, 2020 saw an increase by 24% in the total number of Security Notes released, and an increase by more than 100% in the number of Hot News Security Notes released (see Figure 2).

Figure 2

Comparison of the number of Security Notes and Hot News Security Notes released in 2019 vs. in 2020

 

These numbers make it evident that SAP software consumers must keep their SAP landscapes secure from external threat actors by applying patches regularly. In the next few sections, we will see how these released SAP Security Notes can be consumed by SAP customers.

Accessing SAP Security Notes

The complete list of SAP Security Notes and the information in each Security Note can be accessed in the SAP ONE Support Launchpad. (Note: This portal is accessible only to users having S-User ID.) S-User ID is a unique identifier that allows an SAP user to log in to report an incident, download software, configure connections, and more. An S-User ID contains the letter ‘S’ followed by a string of numbers.

An extended search option is also available in SAP ONE Support Launchpad via Expert Search, which provides multiple filtering options to identify Security Notes of each user’s interest. SAP Security Notes can be accessed via Expert Search and by filtering the Document Type as SAP Security Notes.

Public Disclosure of SAP Security Notes

Transparency is a key pillar of SAP’s security strategy. While access to SAP Security Notes is limited to S-User IDs, SAP also publicizes the patched vulnerabilities through the following channels:

Common Vulnerabilities and Exposures (CVE) Publications — These publications are considered an industry standard and a mechanism to publicly disclose patches to vulnerabilities. SAP became a CVE Numbering Authority in 2017, and since then publishes CVEs for all vulnerabilities patched via Patch Day Security Notes. The release of CVE disclosures is aligned with SAP’s Security Patch Day.

SAP Security Patch Day Blogs — These blogs are publicly accessible on The Official SAP Product Response Space, and contain details about released Patch Day Security Notes, their respective CVE, SAP product versions for which the Security Note is released, and their severity and CVSS ratings.

Security Spotlight News — SAP’s PSRT carefully monitors if a certain vulnerability, patched by SAP Security Note, has been gaining special attention of external threat actors and poses risk of unpatched systems getting exploited. If such an instance is identified, Security Spotlight News is published to call for immediate action to apply the SAP Security Note. The Security Spotlight News is publicly accessible.

Managing SAP Security Notes with SAP Tools

Several tools and services are available to help technical experts on the customer side identify the notes relevant for their landscape, analyze whether applying an SAP Security Note has side-effects on the system, and confirm whether application of the SAP Security Note was successful. These tools can be used individually, as well as integrated with other SAP tools for optimum usage. These tools include:

System Recommendations — enables organizations to automatically identify SAP Security Notes that are relevant to them. Read more about the tool here.

SAP Usage and Procedure Logging (UPL) — aids in the gathering of system usage data to easily identify SAP Security Notes addressing unused components. Read more about the tool here.

Business Process Change Analyzer (BPCA) — helps in efficient testing after applying an SAP Security Note by determining the business processes affected by the SAP Security Note. Read more about the tool here.

Configuration Validation — assists in validation after applying SAP Security Note; for example, by validating if a selected SAP Security Note has reached the production systems. Read more about the tool here.

SAP EarlyWatch Alert — helps in identifying resource bottlenecks, misconfigurations, and security problems. By verifying the security checks in the Alert’s report, organizations can proactively prevent severe security problems. Read more about the Alert here.

SAP Security Optimization Services

SAP Security Optimization Services (SOS) ensures smooth operation of a customer’s SAP solution by acting proactively, before severe security problems occur. As part of these services, an expert team of security consultants publishes the SAP Security Notes Advisory on Support Portal after every Security Patch Day. The Advisory contains detailed analysis of each SAP Security Note, risk of not implementing it, recommended implementation process according to the experts, and expected downtime during implementation.

In addition to the Security Notes Advisory, a monthly Security Notes Webinar is conducted by the experts. In this webinar, the experts explain every security note to the attendees, including the implementation method. Learn how to register for this webinar by visiting this page.

Both Security Notes Advisory and Security Notes Webinar services are available, without extra cost, to all customers of SAP, who are encouraged to take advantage of the information provided through these services.

Support Launchpad Notification

Security Notes classified as Hot News contain patches for critical vulnerabilities. SAP Support Launchpad provides an option to manage notifications for Security Notes with severity Hot News. Based on the mode of communication that the user opts for, a notification is sent in Launchpad or on-the-go via e-mail or SMS.

Design a Patching Strategy to Fit Your Needs

Every organization should have a systematic plan to apply security patches released for the products they are using, with a primary patching strategy goal of finding a balance between addressing security risk and business risk. Organizations can reduce the risk of exploitation from threat actors by applying the SAP Security Notes as they are released, staying current with patches, trends, and advice.

However, in practicality, it might be challenging for an organization to apply all SAP Security Notes released every month at once. The following practices may help customer organizations overcome this challenge.

Analyze — Schedule a periodic analysis of the released Security Notes. Leverage SAP tools and services to identify the relevant Security Notes, estimate the effort involved to apply those Security Notes, and understand the risk posed by not applying them.

Clarify — Additional information may be required to understand the relevance of Security Notes. Every Security Note with Hot News severity includes a document containing frequently asked questions, which can provide more clarity. Additionally, SAP’s customer support channel can be utilized to report customer incidents and get real-time support from experts.

Prioritize — Because Patch Day Security Notes are for vulnerabilities reported by sources external to SAP, there is a higher risk that these vulnerabilities are exploited by an external threat actor on unpatched systems. Security Notes should be prioritized by organizations considering this risk, along with the severity of the vulnerabilities. Security Notes with Hot News severity should always be considered with greater priority.

Decide — Primarily, there can be two ways to secure SAP systems: apply SAP Security Notes, or upgrade to the latest, secure product version. Security Notes identified as higher priority should be applied without delay. This step can be scheduled every month.

The Security Notes that are identified to be of lower priority need not be applied immediately. Instead, the product can be upgraded to the latest version in the next maintenance cycle. This decision, however, should be carefully made, as any disclosed vulnerability has a risk of being exploited in unpatched systems.

Apply Workarounds — SAP provides workarounds as part of the solution in some Security Notes if it is technically feasible. The feasibility is determined by the customer’s efforts involved in applying the workaround. If Security Note cannot be immediately applied due to the efforts involved, SAP recommends applying the workaround, which can temporarily prevent the occurrence of the vulnerability in the product. However, a workaround is only temporary until the actual patch in Security Note is applied.

Schedule Maintenance — All security corrections, including those found by SAP’s internal QA processes, are consolidated in Support Packages (SP) and in the latest version of an SAP product. Organizations are advised to update to the latest SPs or product versions by scheduling a maintenance cycle to ensure that their systems are secured.

Collaborations by SAP’s Product Security Response Team

As helpful as the above tools are, people power SAP’s security as well. SAP’s PSRT collaborates with developers, quality reviewers, customer support, and other internal SAP teams to ensure that quality Security Notes are released to SAP’s customers. Based on the severity of the vulnerability, strict timelines are assigned to patch the vulnerability. All of the involved entities in SAP work collectively to provide patches regularly and to publish Security Notes for SAP’s community.

Along with SAP’s internal teams, SAP’s PSRT also collaborates with various external researchers and research companies to ensure responsible disclosure of vulnerabilities. The team also coordinates private Bug Bounty programs on BugCrowd and HackerOne platforms.

When customers report vulnerabilities to SAP by creating customer support incidents, PSRT engages in the process of driving these vulnerabilities to closure and also coordinates customer-initiated penetration test reports on SAP’s cloud solutions.

In addition, SAP PSRT collaborates with governmental agencies like US CISA and German BSI to ensure accurate and synchronized alerts to SAP’s customers about critical SAP Security Notes.

Conclusion

Although SAP continues to keep security of its customers as a priority, it is equally important that the released security patches are applied in a timely manner to secure SAP systems. You can help prevent your SAP systems from getting hacked by instituting a monthly or at least quarterly Security Patch Day at your organization by following the updates and advice in SAP Security Notes and the patch disclosures. By having a systematic plan for patching at your organization, you can take an active role in reducing risk. Be sure to prioritize vulnerabilities identified as high-risk in the Security Notes, updating right away, while deciding which lower-risk vulnerabilities can be patched or can wait until your next upgrade. Finally, you should plan to update to the latest SPs or product versions by scheduling a maintenance cycle to ensure that your systems are secure.



Migrating to SAP S/4HANA for All the Right Reasons

Three motivations have been articulated for moving to SAP S/4HANA. Two are false beacons—promises that won’t deliver. Focus on the right one: digital transformation.

By Alice LaPlante, Contributing Writer, SAPinsider

There are three plausible reasons to migrate to SAP S/4HANA. The most common one is also the most obvious: mainstream maintenance for SAP ERP systems released before SAP S/4HANA will end in six years (2027). A second reason is to seize the performance enhancements offered by the new technology. And the third reason is to achieve true digital transformation.

The first reason—eventually-to-be-discontinued support—is a non-starter. First, six years is a long time. There’s no urgency to this arbitrary deadline. A project with that long a lead time will not be prioritized in your IT planning, and consequently you risk it not being done thoroughly or well. Additionally, third parties will rush in to fill the services gap left by SAP after it discontinues support for its legacy ERP systems. So you won’t be left without resources. Not at all.

“If you migrate to SAP S/4HANA because either you want to check that box, or because you’re afraid of being out of support, you’ve fallen victim to the fear game,” says Dr. Steele Arbeeny, Chief Technology Officer at SNP, “and making a large investment under either of those circumstances is not a great way to kick off such a significant project.”

The second reason — to take advantage of SAP’s technical innovations — will lead to very real innovations in embedded artificial intelligence (AI), machine learning, and analytics that SAP has been lauding, says Arbeeny. But the incremental productivity and efficiency improvements you are likely to achieve from them might not deliver sufficient value on their own to justify the disruption. Your ROI analysis could potentially run into negative numbers that won’t win you any accolades in the C-suite. And your users won’t thank you for disturbing their routines without measurable advantage to them.

This brings us to the final, and, according to Arbeeny, recommended solution — digital transformation. Organizations that make a move to SAP S/4HANA an integral part of their digital transformation strategy will find ample value in the migration. A full 65% of respondents to an SAPinsider survey said digital transformation was necessary to making a business case to move the new technology. But a prerequisite to achieving this business value is choosing the right migration path.

“Businesses absolutely have to migrate to SAP S/4HANA to complete their digital transformations, otherwise, they’re going to be left behind,” declares Arbeeny. In this article, Arbeeny provides his expert guidance on why now is the time to move to SAP S/4HANA, and explains how to choose the right migration path for your organization, accompanied by lots of real world examples.

Much is at stake, he says.

“It’s a complex endeavor because legacy systems are often heavily customized, and hold massive amounts of data that are not clean,” he says. “The SAP S/4HANA migration can thus be a risky and costly process if thoughtful planning around a migration approach is not applied.”

How Digital Transformation Will Drive SAP S/4HANA Value

Most businesses are undergoing some type of digital transformation — and businesses that are not are at great risk. Migrating to SAP S/4HANA should absolutely be part of your transformation journey, according to Arbeeny.

However, many large companies have huge data landscapes that have evolved over time. Perhaps they have acquired other companies but never fully merged the systems in order to avoid associated costs. Or maybe they have divested a department or division but left the data in the system rather than pay to eliminate it. In either case, these organizations are faced with a lot of baggage consisting of segregated, unused, and out-of-date data.

“The real benefit of migrating — and our colleagues at SAP realize this — and the real way to unlock value is through harmonizing the data through the digital transformation itself,” says Arbeeny. “It’s the transformation of getting there, the merging of those systems, the cleansing of the data, the migration of the historical data, and the unifying of trusted data to a common structure, that delivers real value.”

How does that work? The analytics that come with SAP S/4HANA.

SAP S/4HANA’s new embedded analytics is its most popular feature at this time. According to SAPinsider research, 58% of survey respondents cited this capability as a primary way to make a migration case.

With SAP S/4HANA, both transactions and analytics exist together in a single platform. This allows business users to conduct business and perform real-time analytics on live transactional data. They can get real-time, actionable insights from the data without worrying about the underlying data structure. And SAP S/4HANA embedded analytics can be placed directly into transactional business processes or be consumed by standalone third-party analytics applications.

Let’s consider a real-world example of how having the SAP S/4HANA embedded analytics can drive business value.

An SNP airline client was raking in revenues, but its procurement costs were too high, squeezing margins. By transforming itself into a digital business and migrating to SAP S/4HANA, the company will capture and categorize procurement costs more granularly, in real time. Thus it can closely track individual costs for spare parts, maintenance, fuel, computers, and so on. Because the airline will have tight control over the costs in each category, it will be in a strengthened position to negotiate buying terms. With an annual procurement outflow of $30 billion, even if analytics saves only 1% of total costs, that’s still $300 million — a significant ROI.

“Becoming a digital business is allowing organizations to attack the root of the problem by addressing the highest cost areas and applying resources and effort where it will help the most,” says Arbeeny.

This concept applies to every process within a business — not the procurement process alone. Companies that produce products with warranties can, after digital transformation with SAP S/4HANA, track and rigorously control the warranties. And, for example, regarding accounts receivables, companies can consider payment terms and optimize margins by establishing shorter payment terms for most customers, permitting longer payment periods for only a select few. This way, the company is not effectively “loaning” cash to vendors, but can use it in more strategic ways.

SNP has witnessed businesses able to save, on average, between 8% and 9% through digital transformation.

“In such cases, moving to SAP S/4HANA is not a technical upgrade, but a business transformation. It’s going to change the way your company does things and change people’s day-to-day jobs,” says Arbeeny.

However, he says, a big caveat is that you have to make sure that you’re giving your system the data it needs to make the appropriate analytical decisions. “Being able to access sufficient volumes of clean data should be the motivational reason for migrating in the first place,” says Arbeeny.

One recurring question Arbeeny hears when businesses talk about their desire to take advantage of the advanced analytics available in SAP S/4HANA: what to do with the often-numerous and separate SAP ERP systems they now possess? These organizations must understand that if they do one-to-one upgrades of each system, their analytics will never work properly.

To get the benefit of the analytics, the data needs to be collected in a single SAP HANA database, Arbeeny says. Unless these systems are merged into one SAP S/4HANA system, “the migration project will never deliver on value,” he says. “It will join the realm of most ERP projects that deliver negative ROI.”

You can see from these examples where the true value lies. It is not in the adoption of a new ERP system or some new underlying technology. “The value is in the transformation itself,” Arbeeny stresses. “The act of merging and harmonizing these systems is what allows SAP S/4HANA to deliver on its promised value.”

But How To Do It?

For organizations ready to make the leap, the first challenge they frequently face is the complexity of legacy systems that are often heavily customized, and which hold massive amounts of data that is not clean or trustworthy.

You basically have three choices when it comes to migrating to SAP S/4HANA: greenfield, brownfield, and Bluefield. Let’s consider these one at a time.

Greenfield Migration

Greenfield is like wiping your ERP slate clean. You start from scratch with an empty system and then bring over master data. It involves a complete reengineering of your SAP processes and workflows. Any customization is also reset.

This has its advantages. If you’ve been using SAP for a long time, and have accumulated complicated legacy workflows and heavily customized code, a fresh start is what you might need to reduce complexities. But there’s one huge disadvantage, according to Arbeeny.

“If we accept the premise that becoming a digital business and using analytics is the driving factor for migrating, then you just destroyed all potential value,” he says. “Because now you have to wait five years to build up enough data in that greenfield system for the analytics to work.”

Unfortunately, a lot of businesses take the greenfield approach because it seems like the safest bet, Arbeeny says.

Brownfield Migration

Brownfield is an in-place technical upgrade. It enables you to migrate to SAP S/4HANA without re-implementation or disruption to existing business processes.

The way brownfield works: your company takes your old ERP system and installs SAP S/4HANA right on top of it. Although that might sound appealing, this often leads to broken features and flawed data that pollute the future analytics you want to perform. The broken or incorrect code and data will remain broken or incorrect, even in the upgrade, thus limiting the value of the migration yet again.

Consider a company that has five SAP ERP systems and wants to perform a brownfield upgrade to SAP S/4HANA on each. All the issues and inconsistencies of the old systems move into the new upgrades as is. Additionally, as the company has processed five separate migrations, there is no one combined SAP HANA database with historical information that could serve as a single source of truth for the entire organization. Because it lacks a consolidated view of data in one system, it’s impossible to identify trends or perform meaningful analyses.

Customizations have long cost SAP customers pain. Most businesses have systems with thousands of unused customizations, says Arbeeny. If migrating one customization takes an average of 10 person-days at the cost of a thousand dollars a person-day, that could add up to millions wasted on useless customization.

“Each time you do an upgrade, you have to make sure all customizations get pulled over,” says Arbeeny. This makes the system bigger, and it drags out the migration. “In many cases, you’re dragging all the customizations along without realizing that maybe only 10%, 20%, or 30% are really mission-critical,” says Arbeeny.

Bluefield Migration

According to Arbeeny, the solution to these challenges is SNP’s Bluefield migration approach. It takes the best of both worlds, offering options for selective and simultaneous business and technical transformation, and lets you choose the features you want to innovate. Bluefield allows companies to merge multiple systems, harmonize the data, and pick only a certain amount of relevant history in a single project. All this drives you towards the goal of unlocking the value of SAP S/4HANA transformation. The act of merging and harmonizing the systems allows SAP S/4HANA to deliver on this promised value.

Consider a company that is contemplating using the brownfield technique to innovate. A unique finance business, they have a highly customized usage and billing program for processing their invoicing. As their system is exclusive, Brownfield would not allow them to take advantage of the innovations in SAP S/4HANA. Similarly, using Greenfield would get rid of all their mission-critical usage and billing process details. However, with SNP’s Bluefield approach, they could choose to migrate the most important customizations and bring them over during the transformation.

SNP recently worked with a large consumer packaged goods company that had created a roadmap for a Brownfield migration. The timeframe for completion was a full 10 years. With the help of SNP’s Bluefield method, they were able to complete the migration within two years, and get the benefit of SAP S/4HANA 80% faster than expected.

Conclusion: Identify the Right Business Case for Digital Transformation

By taking the time to explore all the possible paths, and then quantifying how SAP S/4HANA can support your digital transformation efforts, it will become clear that the time for migration is now. A recent SAPinsider survey found that 73% of companies have at least started evaluating a business case for SAP S/4HANA. Additionally:

■ Nearly half (42%) of respondents said that they were examining the cost/benefit of deploying SAP S/4HANA on private, public, or hybrid cloud environments as part of their migrations and digital transformations.

■ Almost as many (41%) want to migrate so as to improve their ability to better support organizational change.

■ Almost three-fourths (73%) said their business cases for migration centered on finance, followed closely by supply chain, procurement, and manufacturing (71%).

■ The majority (80%) of respondents said that they are expecting to see financial benefits in improved productivity as a result of their transition to SAP S/4HANA, with 69% expecting financial benefits through increased efficiency.

Take a look at your aging on-premise infrastructure and the lack of agility in your business processes and see how transitioning to SAP S/4HANA is an opportunity to drive digital transformation. Use the tools available from both SAP and third parties like SNP to build business cases. Then your SAP S/4HANA-fueled digital transformation is certain to succeed.