SAP

SAP or any other ERP project execution in compliance way is a challenge for security and controls team.

In the project initiation and planning phases, security and controls will be given lower priority by which security KPIs will not be defined and Security objectives will not be covered in Scope statement and WBS processes.

A methodological approach shall be defined depends on customer environment and requirements. A lot of planning, coordination and attention by the PMO will help for robust security design and phase wise planning.

In general, most of process and functional teams will have little or more security knowledge and feels that security can set up easily. If no attention was given during planning, scoping and preparation phases, there will be lot of maintenance costs for security. Security is not just authorizations.

In a typical project following ASAP (Accelerated SAP) deliverable-oriented methodology or any hybrid methodology, the core processes, tasks, functions, sub tasks, cross-functions for the customer business will be identified and defined during Business Process Management (Project Preparation & Business Blueprint), the main Authorization Requirements and Design information will be shared to the security and controls team in Realization phase. There will not be any security validations or compliance checks in the first two phases. The compliance check shall be done at high level in parallel in the Business Blueprint phase.

Similarly, in an upgrade project, the customer plan for simple technical upgrade giving low priority for security. A parallel effort shall be planned for security redesign (may be a sub-project) considering current and future ERP versions to meet the SOX like regulatory compliances.

Similarly, Identity management and In-direct user provisioning shall be in PMO radar for successful planning. It reduces future maintenance cost and gives flexibility and extensibility for the customer.

With an efficient Identity management architecture, the global help desk tasks can be made simple with centralization and automation.

Few more details on project planning for new SAP systems (PLM7.0, GRC10, IDMs, GRC provision framework) shall be shared in next part.

Posted by Raghu Duggirala at 2:53 PM | Permalink | Comments ( 0 ) | TrackBacks ( 0 )

What is Cloud Computing?

Cloud in simple words is 'Pay as you use'. Cloud computing is analogous to the way we pay for our utilities like electricity or water based on the consumption. The underlying Infrastructure is owned  and managed by some third party and cost is billed to us in form of units consumed

a)Demand: - Massive computing power on demand available immediately
b)Unlimited Elasticity: - Infinitely scalable on demand and resources can be released as well when not required 
c)Low cost of ownership/ Affordable: - Pay as you use for minutes , hours or days based on capacity used.

Types of Cloud

a)Public cloud: - This is pure form of cloud where infrastructure, service is provided & managed by third party and we pay as we use.
b)Private cloud: - There is lot of debate around whether private cloud is actually a cloud because all infrastructures is still managed and owned by a company. In real sense this is not a cloud but just a internal shared network which is not satisfying the parameters of cloud computing but still a topic worth for a debate because of different view points from Industry. 
c)Hybrid cloud: - Combination of private and public cloud.

Business Intelligence / Data warehouse and Cloud Computing.

Growing data in TBytes, high performance expectations, low cost of ownership, easy to acquire, organize & manage are some of the key expectations for any Data ware house application. BI in cloud is a new approach for business Intelligence which can address all future expectations of data warehouse with following distinct advantages

1.No need to install any hardware or software: - Access through web browser ( depends on kind of cloud service) 
2.Unlimited bandwidth and geographical scalability: - System will automatically assign or release computing resources based on requirements
3.Shorten BI implementation cycles and help BI implementations to become more flexible & scalable.
4.Pay as you use - If you use less, pay less: - This is as opposed to current scenario where an organization installs their own infrastructure and always pay for the peak load.
5.Common Data exchange method (Transaction data feed to cloud BI):- Lot of items to be sorted out at time of actual deployment.
6.Availability of best-of- breed infrastructure and services with unlimited computing capacity (based on the type of services purchased)

BI Delivery options
Business Intelligence can be on a private cloud or a public cloud depending on business needs and usage type

1.Delivery options based on service  :- BI  clouds generally have following service options

a)Infrastructure-as-a-Service (IaaS) :- Here vendors like GoGrid ,Rackspace , Right scale or Amazon etc can provide hardware and system software and then you can deploy  own BI/ DW applications . Here you only pay for hardware and system software on usage basis but you still need purchase your BI/ DW applications.

b)Platform-as-a-Service   (PaaS) :- BI Players like Good Data, Pivot Link etc  which provide the BI/ DW platform but you need to develop and deploy the same as per your business requirements

b)Software-as-a-Service(SaaS): -Here vendors like SAP Business Objects ,salesforce.com are offering 'On Demand BI' or prepackaged end to end BI solution with limited customizations. This is typically suitable for SME category for cost advantages and short cycled BI projects.

All these options are analogous to a transport industry
a)Roads are basic Infrastructure  (analogous  to IAAS )
b)Cars , Buses are the platforms which runs on roads (analogous to PAAS)
c)GPS can guide as how to reach correct destinations(analogous to SAAS )

2.Delivery options based on  Usage Type: - Like staging data in local systems but accessing reports in cloud or using cloud for Protypes as a sandbox or a fully live application in cloud.

 BI in cloud: - Issues in debate 

BI in cloud enables a variety of new possibilities and it can be future of BI looking at the current trneds in BI industry .   However, it's not a silver bullet and one might need to evaluate following parameters as well.

1.Easy migration from one cloud to other cloud
2.Common data exchange mechanism: ¬ Data flow mechanism & strategy between local transaction system and BI cloud.
3.Deciding on what should be done locally and what should be done in cloud: - How much to use from cloud as there is too much offered by cloud
4.Security, Risk and Regulatory concerns: -While managing data outside the enterprise, data security can be a key concern .
5.Measuring long term cost of ownership
6.New era BI technologies like in-memory etc: - Are they being developed keeping cloud into consideration.

Conclusion

One should check and decide between overall cost and business value and take a decision based on following parameters
1.Dollars spent
2.Goals:-This might be other business priorities which are not cost driven
3.Type of organization and regulatory requirements
4.Whether it can meet the objectives of organizations

In subsequent blogs , I will focus on following cloud areas

a) Security concerns : What BI Vendors are doing in this areas.

b) BI trends in cloud : Vendors and solutions with focus on SAP on Demand

c) Is cloud a future or just a hype

Posted by Aakash Arora at 10:40 AM | Permalink | Comments ( 0 ) | TrackBacks ( 0 )