SAP rumour mill: Diageo win appeal against indirect ruling, new audit tactic for user measurement

07 March 2018
3 minute read
SAP

SAP rumour mill: Diageo win appeal against indirect ruling, new audit tactic for user measurement

07 March 2018
3 minute read

Telma Rafael, SAP SME, Snow Software “SAP is rumoured to be changing their audit approach on how to classify users”

I attended an interesting session at the BCS SAM networking group last night.

The main topic of conversation was SAP, led by Snow’s subject matter expert Telma Rafael.

Notable discussion points:

New Audit Threat on User Permissions

SAP is rumoured to be changing their audit approach on how to classify users: “It is believed customers will need to classify users based on their authorizations rather than usage, typically users have a lot more permissions than they need” said Telma.

So my understanding of this is that you might have demoted a user to save money, but because that user has potential access rights you’ll get clobbered accordingly. I guess this is similar to having Microsoft SQL Enterprise sat on a server doing nothing; you don’t pay for usage, you pay for it’s existence and potential to be used. We’ll look at digging into this in more detail over the coming months.

7 Year Battle for SAP’s future

SAP R/3 support is due to end in 2025 – so many organizations with perfectly stable SAP implementations are being persuaded to migrate to S/4 HANA when a) they don’t need or want to go to cloud and b) some argue S/4 HANA is not yet fit for purpose compared to the on-premise alternative. Why might a customer go through the considerable investment in rebuilding SAP when they could go with a cheaper, more nimble, less aggressive alternative? Telma claimed S/4 HANA adoption was around 25%, so clearly a big battle and crunch time for SAP’s future over the next seven years.

Diageo win appeal with Indirect Access Dispute

I also heard during the SAP discussions that Diageo’s appeal against SAP for indirect access has been upheld. Citing a lack of specialist knowledge by the Judge presiding over the SAP litigation. I’m yet to find any court papers to verify this rumour, if any readers find anything please share.

Dinosaur Audit Tactics: Desperate times, desperate measures

We also heard that SAP was known to initiate indirect access claims and audit threats when losing a RFP to Salesforce.com or other CRM platforms. If validated, clearly things are getting a little desperate for the ERP dinosaur.

ITAMs role with GDPR

The second half of the BCS networking event was dedicated to an open discussion on the role ITAM plays in supporting GDPR. For me, GDPR is a data protection or InfoSecurity responsibility. As with a cybersecurity outbreak, ITAM’s role is supportive. Security are our friends, our allies, our stakeholders, we want to support them by identifying GDPR risk.

Thanks to Kylie Fowler and Joseph Powell for an interesting event.

  • Learn more about the BCS SAM Networking Group here.
  • Learn more about the upcoming BCS conference on the 23rd May here.

Can’t find what you’re looking for?