Podcast: Jon Reed Interviews SAP Mentor Gretchen Lindquist on ASUG 2009 and SAP Security Trends

podcastlogo_jonerp.gif"Reactions to ASUG-Sapphire 2009, The Pros and Cons of Co-Location, and SAP Security Trends"
Podcast Interview Date: June 11, 2009
Download Podcast (Must be Registered and Logged In!)

Sometimes in the glitz of Sapphire announcements, the ASUG part of ASUG/Sapphire gets less attention. To learn more about why the ASUG part of the conference matters - not only to SAP users, but to industry analysts - I invited Gretchen Lindquist, SAP Mentor and stalwart ASUG volunteer, to share her views on ASUG/Sapphire 2009 and the pros and cons of co-location. I also had the opportunity to ask Gretchen about trends in SAP Security from the vantage point of her work as chair of the SAP Security Interest Group (SIG) for ASUG.

Since Total Cost of Ownership (TOC) is such an important talking point for both SAP and its customers, I was very interested to hear Gretchen's take on how security and authorizations often form a "hidden" expense in ERP TCO that needs to be reckoned with during implementations and assessments of new products like SAP Business Objects.

During the twenty-four minute podcast, we also talk about why sustainability has gained traction as a priority for businesses, and how the themes of security and sustainability converge into the area of Governance, Risk and Compliance (GRC). Gretchen shares her own take on her previews of the SAP GRC suite and where the challenges for SAP lie. In the sustainability discussion, Gretchen refers to Halliburton's sustainability report which can be downloaded here. After the podcast, Gretchen made a point of telling me that she wouldn't have become the prolific conference blogger she has become without the counsel and inspiration of fellow ASUG volunteer Jim Spath and SCN Community Evangelist Marilyn Pratt, both of whom are also SAP Mentors

Podcast Highlights

1:00 Gretchen is a legend at ASUG events for her prolific blogging, which makes other bloggers like Jon look like slackers. So, Jon asks for her secret, which is: writing experience dating back to her high stakes deadlines at her high school paper.

2:00 Jon asks Gretchen about why she has been a dedicated ASUG volunteer and why she believes in the organization. Gretchen talks about how ASUG creates an environment for learning from other SAP customers, as well as working with SAP and partner organizations. The benefits are bi-directional: SAP can get an honest view on how SAP customers are using the functionality, and relay that feedback to SAP as well.

3:56 During the conference, Gretchen Tweeted to Jon that more bloggers and analysts should move off the executive interview circuit and come to some ASUG sessions. Jon asks Gretchen why she thinks those reporting on the conference should hit ASUG events. Gretchen explains that the use cases are not always the same as how SAP might be presenting them in a more idealized scheme. Learning from the strong points and weak points and identifying the experts in particular areas amongst the user base is invaluable. One example: SAP Mentor and ASUG Volunteer Jim Spath's session on sustainability was just as good, if not better, then SAP's official session.

6:00 All we hear is that the ASUG-Sapphire co-location is a "win win" for both sides. But Jon asks for Gretchen's honest take on the pros and cons of co-location. There are major advantages in the critical mass of putting both shows in one place, but the co-location creates a lot of schedule conflicts. All the Sapphire keynotes can create a time crunch for ASUG users who are looking for more educational sessions to bring knowledge back to their companies.

8:15 Gretchen is very active in the ASUG Security Interest Group (SIG). Jon asks Gretchen about the Security SIG meeting at ASUG. The focus was on current challenges and pain points in security. The issues that stood out to Gretchen: issues with user provisioning deployment, SAP's Identity Management solution, and security design across the landscape. Other challenges involved inexperienced security teams that have faced turnover due to the economy.

9:56 The phrase "Identity Management" has become the trendy term in the SAP Security world. Jon wants to see a more precise definition of the term. Is it just good old fashioned SAP Security in new lingo? Gretchen explains that Identity Management is a different, more expansive view that traditional SAP roles and authorizations. Identify Management manages user provisioning across a number of applications, not just authorizations in the core SAP system. Now, authorization involves so much more. It's a much more complex landscape, involving other systems such as BI and SRM. Making sure users get the right access across these systems can be a real challenge.

11:36 Total Cost of Ownership, or TCO, is the hot phrase in ERP right now. Customers want to lower the TCO, and SAP wants to make the case that it is lowering the TCO for its users. But how does security fit in? Jon asks Gretchen how security can be a hidden cost that needs to be better understood in a TCO context. Gretchen explains there's no way to be expert in all the different security concepts and schemes, and if you have a key person that knows how these systems fit together, that's a lot of dependence on one individual that understands the scope of the system. Security becomes a big TCO risk.

13:00 TCO also comes into play when evaluating new functionality such as SAP Business Objects. Harmonization of authorization concepts is an important piece of the puzzle. Gretchen asked executives about this issue at TechEd 2007. These are important roadmap issues. Business Objects, for example, has its own authorization concepts - yet another scheme for people who are configuring the system and have to support it. SAP's Identity Management solution is a neat concept in terms of the business role that covers the technical roles is a nifty idea, but underneath that are authorization issues across an increasingly complex landscape that need to be addressed. A simplified (or harmonized) authorizations concept. Another issue is that security is not taken up early enough in new projects. One point of emphasis from the security sessions at ASUG is that users need to reckon with the security aspects of new product installs sooner than they are doing.

15:40 Sustainability is a lifelong interest for Gretchen, and it's now gaining more traction at Halliburton and other companies. Jon asks Gretchen to share her views on the evolution of sustainability and why it has gotten on the corporate agenda more prominently later. Halliburton has published its own sustainability report, and the carbon capture and storage technology is something Halliburton anticipates being on the forefront of. It's a nice change when companies like Halliburton are seeing the opportunity in sustainability and not just the downside. Jon asks Gretchen for her take on why sustainability is gaining momentum. Sustainability is harder to dismiss now. Scientists have made a compelling case for the need for action, and people see the steps they can take personally to have an impact. Plus, there are new tools and approaches that will work.

19:34 Gretchen's interest in security and sustainability come together in the area of Governance, Risk and Compliance (GRC). So, Jon asks Gretchen if she has looked into the SAP Business Objects GRC suite. Since one of Gretchen's main responsibilities at Halliburton is compliance, she has been looking at the GRC functionality and attending preview sessions. Gretchen likes the business roles concept SAP has put into GRC, which grants authorizations to the core system and also into BI systems, etc is a neat concept, but Gretchen still has questions about deployment. One of Gretchen's concerns is that many organizations are such moving targets with new acquisitions and product lines that by the time the roles are structured, the company has changed significantly. Gretchen will be tracking this to see how SAP can address the need for a very adaptive compliance structure within GRC.

21:33 Jon examines SAP skills issues in most of his podcasts, so Jon asks for Gretchen's recommendations for how SAP users should approach SAP training and knowledge retention in turbulent times where there is a great deal of turnover and a need for affordable and fast means of getting SAP teams up to speed. Gretchen believes ASUG can have a big impact in this area, from regional and national events to virtual ones.