Checking for vulnerabilities, flawed configurations, and critical authorizations on a regular basis is the only reliable way to ensure SAP system security. Dedicated efforts to safeguard SAP environments, however, are both technically complex and contingent upon having a great deal of time and personnel. That’s why a managed service presents an attractive alternative.
Gunar Funke, head of SAP Manages Services SAST SOLUTIONS at AKQUINET, recently sat down with us to talk about why a managed service solution makes particular sense in the context of SAP security and what’s involved with regard to SAST SUITE.
You’ve been offering managed services since 2016. What’s happened in the meantime?
When we added managed services to our portfolio around three years ago, the market for them was still in the early stages. Services like these have been around for a while, but SAP managers were still operating on the assumption that they needed to handle everything themselves. No one was even considering a type of solution that would involve handing over control of their IT. That’s changing now: Almost every day, you see stories in the media about the shortage of skilled employees and projects that have to be pushed back simply because companies need all their resources for their day-to-day business. Unfortunately, some of those projects are about safeguarding SAP landscapes. Awareness of the importance of secure IT environments is growing, however, and so is the corresponding demand. And no wonder, with the risks in this area continuing to pile up: SAP systems themselves are becoming increasingly complex, and cyber attacks more and more sophisticated. We’re adapting to these developments, of course, including by offering real-time monitoring that can identify and report data loss or espionage in a matter of minutes.
What are the areas in which SAST MANAGED SERVICES are available?
Our customers can get assistance in platform security and user access management. Here, our offerings include automated checking of parameters and settings relevant to security (SAST System Security Validation), continuous monitoring of critical system configurations (SAST Security Radar), and ongoing support in authorization management.
Who will likely find this portfolio particularly appealing?
Generally speaking, a managed service solution is an exciting option for anyone who uses SAP. Whether it’s a small business, midsize company, or major corporation, everyone is sitting in the same boat: They have to ensure the security of their SAP landscapes no matter how many systems they run or how many users are involved.
What advantages do companies have with a managed service solution?
Companies that opt for a managed service solution benefit from three types of savings: costs, time, and internal capacity. The latter in particular is in short supply, that’s just a fact. Just as important, however, is the inability to ensure SAP system security due to a lack of skilled personnel. You don’t have to be a mathematician to figure out that it’s better to invest now than it is to run the risk of exploitation or hacked systems that could cost you millions down the road.
And what specific benefits do SAST MANAGED SERVICES offer in that regard?
One definite plus is that our solution includes not only the service, but the software that comes with it. In concrete terms, this means that you don’t need to enter into any separate licensing agreements. I’m sure that lots of providers offer a decent service, but they have to work with third-party software they might not be that familiar with. Our customers get everything from the same source: software, consulting, service, and seasoned experts in security and compliance who can work both remotely and on-site with them. At the end of the day, they also benefit from the fact that we don’t bind them to long-term contracts – they can cancel their SAST service on a month-to-month basis.
What is your collaboration with customers like?
We have different working arrangements with each of our customers and tailor our service to their current requirements. Especially at the beginning of a project, we think it’s important to visit them in person to discuss things with our new contacts. The resources our work requires always depends on the size of the project at hand and the number of systems and users, of course. That said, we consider it essential to coordinate these things directly with everyone involved.
After that, our experts start helping to carry the load almost immediately, and customers see the first results in a matter of days. That’s when the day-to-day activities start. Depending on the agreed-upon service level and the severity of events, we notify the customer – within minutes, if necessary – once we identify a security risk. We also think it’s important that we be easy to reach, which is why our employees are always available to answer questions. When decisions need to be made, we provide contextual information and specific recommendations on the situation at hand. There’s a reason why we call them “managed services”, after all; a service-oriented approach is one of our main priorities.
How much market demand are you seeing for these services?
The demand among companies for comprehensive SAP system security is immense. Far too often, however, it’s these measures in particular that really take a back seat to other projects. In some cases, SAP security isn’t considered that important; in others, it’s due to the kind of capacity shortage I mentioned before. That’s what we keep hearing from customers that are already using SAST SUITE, anyway.
What arguments do you have for them?
We really put the focus on achieving a higher professional level of SAP system security and taking the pressure off their in-house IT departments. And let’s not forget the fundamental savings possible in terms of costs and other resources. For those who still aren’t sure about the benefits, we can set up conversations with reference customers – the Linde Group, for example, which we implemented a managed service solution for. It makes a big difference when you can explain the purpose and utility of a potential project based on similar examples. To be honest, once customers commission a managed service solution, a lightbulb goes on for them and they’re happy to have the support of SAST experts.
In one sentence, tell us why SAP managers should choose a managed service for safeguarding their SAP systems?
Managed services give companies the chance to keep their IT in-house while staying up to speed with the latest developments and ensuring their ability to respond to new requirements.
Gunar, thank you for taking the time to talk with us.
Gunar Funke, Head of SAST Managed Services & Support