I attended an interesting session at the BCS SAM networking group last night.
The main topic of conversation was SAP, led by Snow’s subject matter expert Telma Rafael.
Notable discussion points:
New Audit Threat on User Permissions
SAP is rumoured to be changing their audit approach on how to classify users: “It is believed customers will need to classify users based on their authorizations rather than usage, typically users have a lot more permissions than they need” said Telma.
So my understanding of this is that you might have demoted a user to save money, but because that user has potential access rights you’ll get clobbered accordingly. I guess this is similar to having Microsoft SQL Enterprise sat on a server doing nothing; you don’t pay for usage, you pay for it’s existence and potential to be used. We’ll look at digging into this in more detail over the coming months.
SAP R/3 support is due to end in 2025 – so many organizations with perfectly stable SAP implementations are being persuaded to migrate to S/4 HANA when a) they don’t need or want to go to cloud and b) some argue S/4 HANA is not yet fit for purpose compared to the on-premise alternative. Why might a customer go through the considerable investment in rebuilding SAP when they could go with a cheaper, more nimble, less aggressive alternative? Telma claimed S/4 HANA adoption was around 25%, so clearly a big battle and crunch time for SAP’s future over the next seven years.
Diageo win appeal with Indirect Access Dispute
I also heard during the SAP discussions that Diageo’s appeal against SAP for indirect access has been upheld. Citing a lack of specialist knowledge by the Judge presiding over the SAP litigation. I’m yet to find any court papers to verify this rumour, if any readers find anything please share.
Dinosaur Audit Tactics: Desperate times, desperate measures
We also heard that SAP was known to initiate indirect access claims and audit threats when losing a RFP to Salesforce.com or other CRM platforms. If validated, clearly things are getting a little desperate for the ERP dinosaur.
ITAMs role with GDPR
The second half of the BCS networking event was dedicated to an open discussion on the role ITAM plays in supporting GDPR. For me, GDPR is a data protection or InfoSecurity responsibility. As with a cybersecurity outbreak, ITAM’s role is supportive. Security are our friends, our allies, our stakeholders, we want to support them by identifying GDPR risk.
About Martin Thompson
Martin is also the founder of ITAM Forum, a not-for-profit trade body for the ITAM industry created to raise the profile of the profession and bring an organisational certification to market. On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.
He is also the author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management. In addition, Martin developed the PITAM training course and certification.
Prior to founding the ITAM Review in 2008 Martin worked for Centennial Software (Ivanti), Silicon Graphics, CA Technologies and Computer 2000 (Tech Data).
When not working, Martin likes to Ski, Hike, Motorbike and spend time with his young family.
Connect with Martin on LinkedIn.