Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label SAP. Show all posts

The Biggest Tech Talent Gap Can Be Found in the SAP Ecosystem

In today's job market, employers are facing a challenge in finding the right talent for tech roles that go beyond just coding. They're not just looking for people who can write code; they want individuals who can implement, integrate, and run a variety of software platforms crucial for modern businesses. 

This demand spans across diverse fields like cybersecurity, data science, and industry-specific software, transforming the idea of entry-level jobs. Employers are seeking candidates with not only the required skills but also hands-on experience in navigating the digital complexities of 21st-century workplaces. 

This shift emphasizes the importance of not just theoretical skills but practical, hands-on experience in navigating the complexities of 21st-century workplaces. The impact could include a redefinition of career pathways, a greater emphasis on continuous learning, and a more dynamic and adaptive workforce to meet the evolving demands of modern businesses. 

A recent Forbes case study explored dynamic areas like cybersecurity, data science, and the growing use of innovative software platforms such as Salesforce and Workday in different industries. Software-as-a-service companies, like Epic in finance and WellSky in healthcare, are on the rise. 

The study emphasizes the increasing need for various skills, from sales and marketing with Hubspot to customer service using Zendesk, software development on Atlassian, low-code app development with Pega, cloud computing through AWS, and the broad field of digital transformation with ServiceNow. 

Salesforce and Workday are not the most widely used software platforms; ERP systems like SAP and Oracle hold that title. One reason is their age, as SAP and Oracle date back to the 1970s. Additionally, ERP systems cover a broad range of business functions like accounting, budgeting, project management, and supply chain management. 

Many large companies adopted ERP long before Salesforce even existed. For instance, SAP serves over 425,000 clients across 180 countries, almost three times more than Salesforce. Companies using SAP have always needed certified SAP experts to manage their on-premises ERP platforms. However, there's a big change happening. 

Thanks to companies like Salesforce, businesses now prefer buying and using software differently. Instead of installing software on their own servers, SAP is moving clients to the cloud with its S/4HANA platform. Running ERP in the cloud has many benefits like scalability, features, security, and cost savings. But moving a whole ERP to the cloud is a significant task. 

With SAP's 2027 deadline approaching for moving legacy ERP systems to S/4HANA, clients must decide whether to stay on-premises or move to the cloud. The advantages of cloud adoption are increasing, and delaying the decision may lead to challenges with outdated systems. So, for many clients, migrating to S/4HANA means moving to the cloud. 

The shortage of SAP talent is affecting not only companies but also SAP partners like consultancies. Moving to S/4HANA, SAP's latest platform, may face challenges due to a skills gap. 

The CEO of the Americas SAP User Group warns about potential issues with external partners lacking the necessary skills. According to surveys, many SAP professionals feel they have not received sufficient training. While traditional education may not quickly address this gap, apprenticeships, combining training and experience, are a promising solution. 

However, these initiatives may likely come from SAP partners rather than SAP clients, who often seek perfectly qualified candidates. In the coming years, expect SAP partners to launch programs providing trained S/4HANA talent, filling the growing demand in the SAP ecosystem.

SAP's Generative AI Integration: A New Era in Customer Experience

 


Announcing Joule, its version of a natural-language AI copilot that will be integrated with SAP's enterprise software tools this week, SAP has joined the party of generative AI digital assistants with the announcement that it will be joining the generative AI digital assistant party. The SAP company claims that Joule will allow people to do their work more quickly and therefore make their businesses more successful.  

With SAP Joule, a platform for creating AI-powered copilots based on the SAP Business Technology Platform, SAP is at the forefront of the business technology revolution that involves artificial intelligence (AI) at the core of business processes. 

As it is intended to enhance user productivity as well as enable better business outcomes through intelligent SAP Business AI functionality, it also provides contextualized insights and task automation functionality for end-users. Achieving the goal of empowering users with the power to take control of their own experiences by providing an AI assistant, SAP Joule can help users navigate complex tasks easily. This is SAP's fifth year of all-encompassing foray into the world of customer experience software on the heels of its successful career in the database management, ERP, and back-end enterprise software fields. 

As part of SAP's new advanced customer experience suite, the company now offers its latest generative artificial intelligence features, designed to streamline marketing and customer service processes and provide businesses with detailed insights that can help them deliver a more personalized service to customers. 

As a matter of fact, AI is only as good as the data that powers it, and for that reason, companies should make sure that their ERP systems are integrated deeply in order to make it possible for operations data to be seamlessly integrated into customer experiences. This was explained by Sven Denecken, the SVP of marketing and solutions for SAP Industries & Customer Experience, in an interview with CMSWire. 

As SAP has the unique ability to deliver more personalized experiences for customers and better individualised decision-making and profitability for businesses through the use of artificial intelligence, it is capable of pulling data and insights from SAP's ecosystem and third-party sources. 

With the newly introduced features, an assortment of sectors like commerce, sales, customer service, and marketing will be able to take advantage of these features: 

The role-based AI tools are designed to enhance productivity via the automation of routine tasks. There have been over ten tools available to enhance productivity. AI can for instance provide a quick summary of customer issues, suggest probable solutions, and monitor how long it takes to resolve the issue. 

Enhance catalogue management: By using AI to review product tags and catalogues, generate product descriptions, and guide customers to the right product for them, commerce managers will be able to ensure a high level of visibility and discoverability of their products. 

Providing intelligent Q&A features allows for rapid identification of customer queries, as well as prompt response to them. 

Intelligent customer profiles provide SAP's customers with an accurate 360-degree view of their personal and business needs so that they can interact with SAP in a way that is more tailored to their needs.

In order to be able to answer a question or pose a problem to SAP Business Intelligence, users can use plain language in order to address the question or frame the problem as they see fit. Joule was used as an example by SAP to demonstrate how the company could identify underperforming regions in the supply chain, link to other data sets that reveal issues with the supply chain, and offer potential solutions to the issue automatically by connecting with the supply chain system. An HR manager could use this tool to generate relevant interview questions and unbiased job descriptions in order to create an unbiased interview process. 

AI-Based Security For Customer Data


With the introduction of artificial intelligence-driven risk-based authentication capabilities into SAP's Customer Identity and Access Management (CIAM) solutions, SAP is enhancing its CIMAM solutions. By gathering intelligence across all digital touchpoints, these innovations strengthen the security of end-user identity data and help to prevent threats. SAP officials claim that this ensures that customer information remains secure and confidential, which is a key component of maintaining the trust of customers. 

By using the SAP Emarsys Customer Engagement platform, which includes Generative AI, marketers can produce targeted email content that resonates with their target audience as part of the customer engagement process. In addition to these features, there will be new generative AI features introduced into SAP Sales Cloud and SAP Service Cloud, including AI-generated summaries and email response generation, to assist users in pinpointing relevant information and enhancing customer relations.  

Using his Intelligent CX strategy as a springboard for the future, Denecken highlighted SAP's strategy of offering industry-specific, AI-infused customer experience solutions. There are four pillars to SAP's Intelligent CX strategy: industry-tailored, connected, insightful, and adaptive. SAP intends to unlock value by providing differentiated, industry-tailored, AI-infused solutions that enable customers to unlock greater value from their businesses.

Throughout the announcement, SAP was keen to point out that Joule builds upon its existing AI offerings, and that the SAP Business AI platform can already be accessed across multiple scenarios and by partners for more than 26,000 SAP cloud customers.  

With its wide range of products and customer base, the vendor is well-positioned to succeed with this new generative AI play. It has been estimated that nearly 300 million enterprise users regularly utilize the cloud solutions of the company, as stated by the firm's CEO Christian Klein. Joule is taking a narrow approach rather than a general one, focusing on specific job roles and functions rather than broad-based functions.  

This particular type of AI assistant is quite similar to the ones introduced by rival vendors. For example, Salesforce has recently begun testing its own AI assistant called Einstein Copilot. Similarly, Freshworks has developed its own version called Freddy Copilot, which is currently being used by around 390 beta customers. Furthermore, Microsoft has integrated its AI assistant, Copilot, with its employee engagement product known as Viva. 

During the recent press launch event, Saueressig highlighted the fact that SAP has been actively involved in AI research for several years now. He further mentioned that the company has already implemented over 130 AI cases with its customers, and has made more than 360 partner apps with AI capabilities available in the SAP app store.

SAP Security Patch for July: Six High Priority Notes

The July 2022 patch release from SAP was released in addition to 27 new and updated SAP Security Notes. The most serious of these problems is information disclosure vulnerability CVE-2022-35228 (CVSS score of 8.3) in the BusinessObjects Business Intelligence Platform's central administration console.

Notes for SAP Business One 

The three main areas that are impacted by the current SAP Security Notes are as follows, hence Onapsis Research Labs advises carefully reviewing all the information:
  • In integration cases involving SAP B1 and SAP HANA, with a CVSS score of 7.6(CVE-2022-32249), patches a significant information release vulnerability. The highly privileged hackers take advantage of the vulnerability to access confidential data that could be used to support further exploits.
  • With a CVSS rating of 7.5 (CVE-2022-28771),  resolves a vulnerability with SAP B1's license service API. An unauthorized attacker can disrupt the app and make it inaccessible by sending bogus HTTP requests over the network if there is a missing authentication step.
  • A CVSS score of 7.4(CVE-2022-31593), is the third High Priority note. This notice patches SAP B1 client vulnerability that allowed code injection. An attacker with low privileges can use the vulnerability to manipulate the application's behavior.
On July 20, 2022, SAP announced 17 security notes to fix vulnerabilities of medium severity, the bulk of which affect the NetWeaver Enterprise Portal and Business Objects.

Cross-site scripting (XSS) vulnerabilities in the NetWeaver Enterprise Portal were addressed in six security notes that SAP published, each of which had a CVSS score of 6.1. Medium-severity problems in Business Objects are covered by five more security notes.

The SAP July Patch Day illustrates the value of examining all SAP Security Notes prior to applying patches. 

Active Cyber Attacks on Mission-Critical SAP Apps

 

Security researchers are warning about the arrival of attacks targeting SAP enterprise applications that have not been updated to address vulnerabilities for which patches are available, or that utilize accounts with weak or default passwords. 

Over 400,000 organizations worldwide and 92% of Forbes Global 2000 use SAP's enterprise apps for supply chain management, enterprise resource planning, product lifecycle management, and customer relationship management.

According to a study released jointly by SAP and Onapsis, threat actors launched at least 300 successful attacks on unprotected SAP instances beginning in mid-2020. Six vulnerabilities have been exploited, some of which can provide complete control over unsecured applications. Even though SAP had released fixes for all of these flaws, the targeted companies had not installed them or were using unsecured SAP user accounts. 

"We're releasing the research Onapsis has shared with SAP as part of our commitment to help our customers ensure their mission-critical applications are protected," Tim McKnight, SAP Chief Security Officer, said. 

"This includes applying available patches, thoroughly reviewing the security configuration of their SAP environments, and proactively assessing them for signs of compromise." Researchers also observed attackers targeting six flaws, these flaws, if exploited, can be used for lateral movement across the business network to compromise other systems. 

The threat actors behind these attacks have exploited multiple security vulnerabilities and insecure configurations in SAP applications in attempts to breach the targets' systems. In addition, some of them have also been observed while chaining several vulnerabilities in their attacks to "maximize impact and potential damage."

According to an alert issued by CISA, organizations impacted by these attacks could experience, theft of sensitive data, financial fraud, disruption of mission-critical business processes, ransomware, and halt of all operations. 

Patching vulnerable SAP systems should be a priority for all defenders since Onapsis also found that attackers start targeting critical SAP vulnerabilities within less than 72 hours, with exposed and unpatched SAP apps getting compromised in less than three hours. 

Both SAP and Onapsis recommended organizations to protect themselves from these attacks by immediately performing a compromise assessment on SAP applications that are still exposed to the targeted flaws, with internet-facing SAP applications being prioritized. 

Also, companies should assess all applications in the SAP environment for risk as soon as possible and apply the relevant SAP security patches and secure configurations; and assess SAP applications to uncover any misconfigured high-privilege user accounts.

"The critical findings noted in our report describe attacks on vulnerabilities with patches and secure configuration guidelines available for months and even years," said Onapsis CEO Mariano Nunez.

"Companies that have not prioritized rapid mitigation for these known risks should consider their systems compromised and take immediate and appropriate action" Nunez added.

SAP Issued Warning and Updates Regarding the Serious Flaws with the Code Injection

 

A German multinational software corporation SAP ( Systems Applications and Products in Data Processing ) is known for developing software solutions that work on managing business operations as well as customer relations. SAP is the name of their software as well as of the company that works on this technology. SAP provides “future-proof Cloud ERP (Enterprise Resource Planning) solutions that will power the next generation of business.” With its advanced capabilities, SAP can boost your organization's efficiency and productivity by automating repetitive tasks, making better use of your time, money, and resources. 

SAP has published some 14 new updates or the Security Note on the 2020 December Patch Day. Whereas in January 2021 they published another set of 7 new Security Notes, later providing their new updates as well. Five of the seven have the highest severity rate of the Hot News. Later in the month, they made a proclamation where they published 10 advisories to a document of flaws ad fixes for a range of serious security vulnerabilities. In the congregation of asserted vulnerabilities, the most important issue bears a CVSS score of 9.9 in the SAP Business Warehouse. 

 The very first note addressed CVE-2021-21465 which according to SAP is multiple issues in the Database Interface. These bugs are an SQL Injection with a missing authorization check which should have featured a CVSS score of 6.5. A SQL Injection is basically a code injection technique that might at times destroy the database interface. One of the most common hacking technique used by hackers is SQL Injection. In the SQL Injection, another thing that was missing was Onapsis, a firm that secures Oracle and SAP applications. These missing authorization checks would easily exploit to read any table of a database. 

 Mentioning that minimum privileges are required for successful exploitation, Onapsis in a blog quoted, “An improper sanitization of provided SQL commands allowed an attacker to execute arbitrary SQL commands on the database which could lead to a full compromise of the affected system,” SAP decided to fix such bugs b disabling the function module and applying the patches that will result in abandoning of all the applications that call this function module. 

 Another serious issue, other than the aforementioned issue, is a code injection flaw in both Business Warehouse and BW/4H4NA , that addresses as CVE-2021-21466. This issue is a result of insufficient input validation. Such flaws are misused to inject malicious code that gets stored persistently as a repot. These issues potentially affect the confidentiality, integrity, and availability of systems. The remaining three from the total five updates are fixes for the programs released in 2018 and 2020. 

 Further SAP added as a warning, “An issue in the binding process of the Central Order service to a Cloud Foundry application” that could have allowed “unauthorized SAP employees to access the binding credentials of the service”.