Wednesday 30 September 2015

Vulnerabilities stuffed: SAP HANA makes safer

SAP has sealed twelve vulnerabilities within the in-memory platform HANA.

Vulnerabilities stuffed: SAP HANA makes safer



SAP has in May and April this year, closed twelve security vulnerabilities in the in-memory platform HANA. Onapsis has gaps disclosed only now bundled, it is apparent from a study published on Tuesday of yesterday security warning from Onapsis.

HANA was vulnerable to SQL injection, XSS attacks and memory fault. In the course of an attack, an attacker could execute commands, among other things on the platform, delete user data and can read any information stored in the database.

According to SAP Admins must itself ensure that the patches are installed. If updates are available, the system displays.

SAP users are demanding more openness in HANA

SAP tries of course to position its own database technology in the market. Nevertheless, many users do not want investments in Oracle, DB2 and other databases must simply jettison.

The DSAG, the German-speaking SAP user group, wants to round the database technology of SAP more openness. SAP, the SAP user, declares that allows the power potentials of SAP applications to fully exploit only through a deep integration of SAP HANA.

SAP users are demanding more openness in HANA

In the still conservative ERP environment but businesses often have already invested in different databases and platforms, and companies can and do often denounce these investments.

And not all users always see benefits by switching to in-memory. As Gartner analyst Alexander Drobik explained in an interview with known sources, switchover implies also more dependent on one supplier. He also criticized SAP to the effect that the manufacturers too little talking still about use cases, where a clear added value through in-memory has been achieved.

"Therefore, the DSAG calls from a technological perspective enhance the openness of the systems. It must be admitted alternatives without sacrificing the functionality and performance, "says Hans-Achim Quitmann, chief technology officer of the DSAG.”This will require standards and disclosure of specifics, so that other database vendors have the ability to be used in the context of SAP."

Brand new this requirement is not, however. Already at the presentation of S / 4hana explained Sven Denecken, GVP Co-Innovation and Strategy S/4 hana that SAP offer open standards here. However, he also restricts that unfortunately no database technology on the market available today, which could fulfill the specifications set by SAP.

For Drobik is also clear that migration is thus excluded on the technology of a third party more or less. "The suite is optimized and tuned to HANA. It is very unlikely that you simply can exchange the database here. "

As Gartner analyst Drobik also sees the DSAG that the IT becomes stronger by the shifts in the market for printing and the focus is increasingly on the provision of flexible processes.

Even with the DSAG one sees the established procedure in the IT "made new business models to the test" by what show primarily in new requirements for applications and application solutions.

Drobik: "Even if you have a single vendor such as SAP, one often gets an integration problem." So it was often not possible to synchronize the plethora of products such as Ariba or Success Factors simultaneously. And in this respect do SAPs new suite also from the perspective of analyst’s sense.

"There are many indications that the sustained, rapid and profitable implementation of a digital transformation is only based on a reassessment of the role of IT in the enterprise and its performance contributions are possible," says Gerhard Gottert, board application portfolio at the DSAG. And here S/4hana could actually provide an answer to the requirements in the field of applications, explains Gottert. But apparently, the assistance, the SAP here not the users in the form of targeted information on the benefits of S / 4hana and the transformation process sufficiently. Again, the DSAG demands more initiative from SAP.

With the transition from the ERP world to S / 4hana advances the theme upgrades to the fore. "We need a roadmap for the digital transformation and not only for the orientation on S / 4hana. This means that even the existing Business Suite must equal to S / 4hana and be fully developed primarily "is a requirement of Andreas Oczko, Chief Operating Officer / Service & Support.

Because even if many SAP customers are affected by the digital transformation, they change not necessarily on S / 4hana. "You expect the systems to be maintained, in whose maintenance they invest regularly," says Andreas Oczko. Has the customer but positioned with its investment strategy with SAP. Consequently, he expects a pricing policy that allows adequately innovations in the future, and that of the maintenance (software maintenance), the solutions are held technical and content up to date. It looks Andreas Oczko an important task for SAP to its role as a strategic partner of the customer to meet.

Last year SAP Mainstream had promised support for the on-premises version of the Business Suite to 2025th this means investment protection for existing applications, but not that SAP also with the same verve classic suites evolved as the new S / 4hana.

The question of support which business processes and models S/4 hana for hot topics and industry 4.0 Internet of Things was loud DSAG often still open. Clear, however, is for Otto Schell, professional board industries / business processes that an end-to-end view must be possible on the business processes with S/4 hana. Precisely because many industries are in the transformation, he expects the integration of new intuitive applications taking into account the existing. The same applies to the integration of hybrid on-premise or cloud solutions and their interaction. Otherwise, necessary additional products would need to be easily and smoothly integrate, so the demand of Otto Schell.

Viewed across all areas is clear: the use of new technology is only a means to an end. More important for the company to develop individual strategies for the digital transformation or consider new business models. There are many possibilities - one should not only be deterred by external factors and rather pursue food for thought in all directions.