1 2 3 36 Previous Next

SAP Cloud Computing

536 Posts



Back in 2006 when I worked for SAP in field services specialized group executing big technical upgrades and Unicode migrations projects for large sized customers where there was one big constant factor, before starting any migration project as starting early to think about the hardware requirements before you think about the software that you want to build.


Now all considerations are changing after one decade altogether with "new cloud age evolution", if you are planning to move business computing to the cloud especially with SAP HANA platform.


There are a number of different reasons and technical considerations, which I tried to capture in tabular format for initiating discussions with SAP customer and working in technical ecosystem and exploring all cloud options available vs on-premise feasibility




Migrate to HEC

Migrate to On-Premise

HANA Migration approach

SAP DMO tool works directly on SAP Enterprise Cloud platform(HEC or HCP) only for SoH or BWoH. 

This option is not available to any other Cloud provider as per SAP.

SAP DMO tool work on all TDI/virtualized/appliances environment running on premises. The customer (usually collaborates with consulting partners) implement highly individual requirements regarding business processes and customization while migrating on Suite on HANA using DMO

Access to systems

Via the Internet or mobile device, future ready

Client server for local workers or Terminal Server or Citrix for remote employees.

Remote Locations

HEC has multiple sites or many geographic locations but do not want to build or support remote access to existing network.

Have multiple sites across geographic locations and have a supporting network infrastructure.

Software Investment

HEC License fee enables the company to use the software. One predictable monthly payment covers everything from infrastructure and vendor software support to daily back-ups and software upgrades.

License fee enables the company to own the software only. Upfront purchase with annual maintenance / subscription renewals in the 20 – 25% range.

Initial Services Investment

HEC Migration and Implementation services tend to be less than on-premise solutions since installation, infrastructure prep, and some configuration are completed by the SAP HEC team.

A good rule of thumb is to spend anywhere from $1  - $2 for every dollar spent on the initial software license.

Ongoing Services Investment

SAP Cloud Business process consulting as necessary with maximum technical support from SAP

Software upgrades every 12 – 24 months; technical support and business process consulting as necessary.

Hardware / Infrastructure Investment for HANA migration

A reliable Internet connection and HANA Cloud base configuration by SAP

Traditional IT components including server hardware and software, data backups, storage, disaster recovery, and remote access and network connectivity

User Interface

SAP provides Web technology that enables an intuitive, customize interface and many of the user-friendly features Internet users have grown accustomed to in web-based applications.

Mature technology with a traditional Windows interface.

Company Profile

Fast growing companies who want to invest in an affordable solution capable of growing with them and want the flexibility of anywhere, anytime access without investing in IT infrastructure.

Established companies with the ability to make the required upfront investment to purchase and implement the software. Minimum timeframe for an on-premise solution should be 5 – 7 years.

Software Customization

Think “configuration”, not heavy customization

In-depth customization and integration capabilities; appropriate for companies with a high-degree of customization or a need for extensive custom programming services.

Migration Time

Varies by project size and scope, but migration time tends to be less than on-premise solutions since installation, infrastructure prep, and some configuration are completed by SAP Cloud team.

Varies by project size and scope, but migration time tends to be a bit longer and more involved, perhaps adding 1 – 2 months to the timeline of a comparable cloud-based migration using DMO

CapExpense vs. OpExpense

The HEC subscription model converts traditional technology capital expenses into an operational expense, which can be positive for maximum cash flow flexibility.

On-premise HANA Platform Software and hardware are capital expenses

IT Infrastructure

Limited or no internal IT resources and/or no desire to invest in or support additional IT infrastructure since SAP Support drives overall IT support infrastructure.

Established IT support with software domain expertise and a solid backup and security strategy.



I hope you'll find this new provided information useful, in subsequent blog I'll share considerations with other cloud providers in industry.


SAP code or application samples and tutorials are NOT FOR PRODUCTION USE . You may not demonstrate, test, examine, evaluate or otherwise use them in a live operating environment or with data that has not been sufficiently backed up. You may not rent, lease, lend, or resell SAP code or application samples and tutorials.


1. Introduction of Cloud computing

            Cloud computing means storing and accessing data and programs over the Internet instead of your computer's hard drive. Cloud computing is the                phrase used to describe different scenarios in which computing resource is delivered as a service over a network connection (usually, this is the internet).                      It is therefore a type of computing that relies on sharing a pool of physical and/or virtual resources, rather than deploying local or personal hardware and                        software.


           Major benefits of cloud computing being its flexibility of scaling up your requirements instantly (Storage, compute power, etc), coupled with other advantages            like cost efficient, easy and sturdy backup & recovery process, easy access. Some of the common example being google drive, apple icloud. Cloud computing is        typically classified on two pillars:

                    a.     Types of service offerings

                    b.    Location of the cloud computing


2. Overview of different service models of cloud computing


           In order to run an application or set of applications in any organization, there is set of services required which cuts across various skills. Based on the type of                activity, standardization and usage, these services can be bundled under defined package mentioned below.

                  Cloud Services.png

3. Types of Cloud based on location


     a. Public Cloud

                                        In Public cloud the computing infrastructure is hosted by the cloud vendor at their premises. Customer’s data is stored in the vendor’s data center and the provider is responsible for the management and maintenance of the data center. The customer has no visibility and control over the computing infrastructure where it is shared between multiple customers. Many public-cloud services are multitenant, meaning the provider runs the solution in a shared environment. By spreading infrastructure costs are across a number of users, each can operate on a low-cost, pay as you go approach against the IT services customer avails.

This type of cloud environment is appealing to many companies because it reduces lead times in testing and deploying new products. A public cloud can be considered when customer has below requirements:

  • Application is much standardized and is used by lots of people, e.g. e-mail.
  • Need to have non production environment for development, sandbox, testing
  • Frequent need to modify capacity and hardware resources on running applications.
  • Ad-hoc hardware requirement from running projects.


Considerations: Since the underlying infrastructure architecture is implemented using specific design, there is less scope for customization/modification for security and performance. While, Security and reliability being concerns for most of the IT companies, hence you should emphasis on planning the strong governance around the same while considering Public cloud.

      b. Private Cloud

                                        Infrastructure following in this category of Cloud can reside on company’s own premise and used across locations via intranet or it can be hosted at external data center where all of your data is protected behind a firewall. It is dedicated for a unique customer, whether managed internally or hosted by a third-party externally, because of which these clouds have the highest level of security and control. Customer has privilege to implement it complete security policy even when it is hosted externally. However, in this case customer will have to bear hardware cost and maintain all the software and infrastructure, which impacts adversely on the cost savings.

A private cloud can be considered when customer has below requirements:

  • The data and application privacy is of top most priority. Therefore, control and security needs to be implemented under certain policy.
  • Industry legal requirements to adhere to strict security and data privacy issues. E.g. Pharmaceutical company, etc.
  • Huge requirement of hardware and where customer also has flexibility to shift workloads across different application on need base.


There are two variations accordingly in Private Cloud:

On-Premise Private Cloud: This is also known as an “Internal Cloud,” is hosted within an organization’s own data center. It provides a more flexibility to provision for standardized process and protection, but is often limited in size and scalability.

Externally Hosted Private Cloud: This private cloud model is hosted by an external cloud computing provider but the infrastructure is dedicated for the customer so as to adhere their security and control policies and hence data privacy is guaranteed. Hence in nutshell, the datacenter management and infrastructure is owned by hosting partner, whereas the security policies are followed as per customer’s demand. This construct is preferred by customers who does not want to invest on the data center infrastructure and resources associated to it, but also not willing to use a public cloud infrastructure due to the risks associated with the sharing of physical resources.

        c. Hybrid Cloud

                                           This is an integrated approach which provides us benefits of both public and private cloud setup within the same organization. Typically the demand is decent level of security & control, cost effective and scale-able. There can be few cases where Hybrid cloud can be suitable:

  • Application is standard and maintenance activities are more of less fixed, it is good to go with SaaS or DaaS services, the vendor can create a private cloud just for this customer inside their firewall which is a kind of VPN setup.
  • Deploy all non-sensitive operations like test and demo systems, non production environment on public cloud while relying on a private cloud for sensitive data like productive environment.

Considerations: Hybrid solution embarks to have a design thought on seamless integration with systems deployed across public and private cloud. Hybrid cloud models can be implemented in a number of ways:

  • Separate cloud providers can come up with mix of public and private cloud as single package.
  • Individual cloud providers offer a complete hybrid package
  • Organizations who manage their private clouds themselves sign up to a public cloud service which they then integrate into their infrastructure

4. Different scenarios of HANA Deployment on Cloud.


As we know SAP has HANA enterprise cloud solution and now it is considered as a Cloud company powered by HANA.  This is primarily focused on the service part of cloud computing.


Typically in public cloud setup, the cloud vendor manages full scope of software services and customer have no control on the modifications / development and hence all the patches / updates on the software is pushed automatically via cloud service provider. Typical e.g. are Hybris, C4C, success factor, etc.

On the other hand, customer can opt for private cloud setup where software is again managed fully by cloud vendor, but updates are done after agreement with customer. This setup is done to have a provision for customer to carryout limited customization/developments. This means, customer may need to do minor adjustments in their modification to comply with the updates. SAP is planning to put S4HANA in private mode of cloud computing.

While the above two being in place, SAP still supports the customer who wants to keep infrastructure on premise. This is traditional model of SAP implementation where customer is responsible to maintain the software services. While the cost to maintain infrastructure and services is highest among all models, but customer has liberty to customize the system to larger extent to meet their business requirements. They can however plan the software and application updates in a well-defined project plan. SAP S4HANA also has on premise edition.



Having said that, in my view the above two options (public / Private cloud) seems to be lucrative for:


  • New mid segment SAP implementations where customer have greater options to adopt standard SAP package and best practices.
  • Less complex business scenario and business is open for minor changes in order to adapt standard features.
  • Minimal interference to non SAP product, especially which has some high bandwidth/ high security requirement.
  • Existing customer where existing infrastructure is due for renewal
  • Ad-Hoc requirement to add onto their existing landscape. E.g C4C. 


While SAP/ non SAP customer which has complex business requirements and SAP needs to be customized heavily to meet their requirements can go with On premise option.

With the above mentioned options of cloud based on infrastructure and based on services, several aspects can be explored while designing a landscape onto cloud; primarily security concerns in public cloud, performance and cost implication in private/on premise solutions. We can think of a hybrid solution for deployment of HANA system on wherein we can have a mix of benefits of both public and private cloud solutions. This construct can further be optimized using multi tenancy feature of HANA (SP9 onward).

Customer can plan to have a kind of private cloud dedicated for customer via Virtual Private Network setup within public cloud, else you need to explore other options of security.



Shailendra Kumar



SAP HANA Cloud Platform (HCP) is at the core of SAP's technology strategy - that much was plain to see for everyone again at SAPPHIRE NOW a few days ago. And while that is little news for the techies around given HCP was left, right and center in all SAP TechEd keynotes last year as well as in THE demo it's still note-worthy that these days even SAP's co-founder and chairman of the supervisory board, Prof. Hasso Plattner, spent plenty of time talking about it and exclusively featuring HCP-based demos in his keynote in Orlando!




It's almost four years now since HCP was officially announced as being generally available and even five years since we started talking about it in public (codename: Project River). Looking back at the early days one can truly say that we've come a long way - all while remaining true to our original vision of establishing an open cloud platform. Back in the days I wrote a blog post titled 'The road ahead' that sketched out the ambitions of the platform (team), which are still as valid as they were back then... Now, that the HCP has matured over the years it seems appropriate to revisit these posts and once again reflect upon the big picture!




Many of you have probably seen this slide in one form or the other and as such it is well-suited to use it as a baseline to discuss the overall vision and strategy. Starting from the bottom up... let's talk about Infrastructure (IaaS) first.



Infrastructure-as-a-Service (IaaS) has became a commodity business split up among a few dominant global players such as Amazon, Microsoft, Google and a few others that try to win marketshare by constantly lowering the price points. SAP has no ambitions to compete on that level; frankly said, SAP has never been a pure technology provider and only invests in technology when there's no prior art and there is a competitive advantage to do so – like SAP HANA for example.


Instead of joining the IaaS price wars (and hereby fighting an uphill battle) it makes much more sense to establish strategic partnerships on that front. As outlined in the marchitecture above, that was one of the main reasons to invest into OpenStack. In order to decouple from concrete infrastructure technologies, an abstraction layer has been introduced that makes it easier to run SAP HANA Cloud Platform on top of various infrastructure offerings. By doing so, HCP can be operated in non-SAP data centers going forward, which will massively accelerate its growth and global footprint. In short, we are enabling HCP for multiple deployment models (public and private cloud) as well as for multicloud usage scenarios! In addition, this will ultimately lead to HCP being co-located with other cloud offerings from customers and partners (more on that later-on!)



Higher up the cloud stack, on the Platform-as-a-Service (PaaS) layer, we also see consolidation across the industry: most of the big players (e.g. Pivotal, IBM, HP, SAP and Atos to name a few) have opted for a common foundation - Cloud Foundry. Others like Microsoft support to run Cloud Foundry on top of their cloud offerings - see Azure support for Cloud Foundry for example. This common foundation ensures interoperability and reduces the risks of vendor lock-in, both of which has been valid concerns from a customer's perspective.


With this common foundation in place, cloud platform vendors are trying to differentiate based on platform services and capabilities, yet most offer comparable sets of features spanning from storage options (SQL and Non-SQL), to big data and analytical capabilities, to mobile and UX service offerings etc.


SAP is no exception here and since its incubation in 2010 HCP has seen a rapidly growing number of platform services as outlined above (for more details please refer to the HCP capabilities page.) And while SAP's offering is as broad and deep as the competition, plus given HCP's unique value proposition of being the only in-memory based enterprise cloud platform in the market - still, the biggest differentiator may even be higher up the stack!

Business Services


SAP has always been focusing on supporting business processes and for more than 40 years running mission-critical business systems has been its number one priority! That's our heritage and that's the mindset SAP is taking into the cloud. All the functionality residing in the broad portfolio of business applications (built or bought) is what separates SAP from the rest. As such, SAP wants to take it to the next level – beyond pure technical capabilities – by offering higher-level business services that can be consumed as micro services/enterprise APIs (see the Rise of Enterprise APIs).


Hybris-as-a-Service (YaaS) has been the frontrunner of this new set of services SAP will be rolling out going forward. By exposing the front-office commercial services (think shopping cart handling, credit card handling and billing services) of the classic hybris solution as microservices in the cloud, these functionalities can be used by others developers within their own applications to accelerate their own development. And that has just been the beginning, imagine SAP doing the same with its entire portfolio of SaaS applications: supply chain collaboration via Ariba, travel management via Concur, staffing contingency workers via Fieldglass, Customer Relationship Management via Cloud for Customers and so on...


In that context, it does not harm, but help SAP’s strategy that there's consolidation on IaaS and PaaS layers, as that simply makes it easier to consume services from anywhere! Going forward app developers will use APIs from various providers to develop new apps. Thanks to being co-located there's no latency to consider when consuming external services and thanks to a common platform foundation these services can be run & consumed on various vendor platforms. Hence, it all boils down to offerings enterprise APIs that developers will want to use!



Bringing it all together, the SAP API Business Hub (announced during SAPPHIRE NOW) will play a vital part in this strategy. It will act as the central place to discover and consume business services on a consumption-based API monetization model. The developers among you may want to try out the free BETA version already - if so, please refer to this step-by-step guide to get you started.


All in all, I'd claim that the future is bright indeed for SAP HANA Cloud Platform. Those who have been following the cloud platform topic for some time now will surely agree that it has been an exciting ride so far and the tracks have been set to take it to the next level!


Wrapping it up I'd like to recommend checking-out the recent blog post by my colleague Rui Nogueira who has been covering the latest development in much more detail:


A few years ago in Part 1 and Part 2 of It's Good to Have Your Head in the Cloud(s), I explored my personal usage of the cloud in order to better understand the role and strategy of "the cloud" in business.  At that time, I focused primarily on packaged cloud applications, many of which fall into the category of SaaS (Software as a Service) applications; basically, ready to use apps in the cloud.  This certainly helped me obtain a great deal of clarity around "the cloud" and the term SaaS now makes sense to me.  But cloud usage has grown exponentially and technology has changed and expanded just as quickly.  I now hear terms such as PaaS and IaaS floating around (yes, another pun intended) and, once again, I feel a bit "hazy" about the cloud.


In Parts 3 and 4, I will explore these new cloud domains from a personal perspective and see if I can once again make sense of them. 


The 'aaS'es

Before I dive into these FLAs (four-letter acronyms) called PaaS (Platform as a Service) and IaaS (Infrastructure as a Service), I thought I should start by gaining some context around how these various 'aaS' (as-a-Service) components related to each other.  The best example I found was originally created by Timothy Hughes (@Timothy_Hughes) using pizza.  Yup, pizza.  More specifically, Pizza-as-a-Service (a different kind of PaaS).  The diagram below reflects 4 different methods of consuming pizza and, importantly, especially to me, who is responsible for the various aspects and materials that go into delivering the pizza experience.  On the far left is pizza made at home - it's all up to you, from creation to delivery.  On the far right is dining out - someone else does it all for you.  In the middle are two in-between options - take & bake and delivery - where the responsibilities are divided up depending on how much you wish to own (or not own).




The insightful visualization that Mr. Hughes created was correlating these pizza consumption concepts to 'aaS' concepts in the cloud.  Below is the same type of diagram, but specific to software in the cloud.  On the far left is on-premise (pizza made a home) - you take care of all aspects of the software including required hardware, connectivity, the software itself, and more.  On the far right is what we explored in Parts 1 & 2 - SaaS solutions that are ready to use (pizza dined out).  In the middle - options depending again on how much infrastructure and effort you wish to own. 




Before dissecting PaaS, I first took a pass at IaaS - Infrastructure as a Service.  From our handy examples above, I can see that IaaS basically correlates to someone else owning hardware while I deal with software (take and bake pizza).  One nuance though is that box called virtualization.  But that just means the provider is enabling me to running multiple operating systems on the hardware, like Windows and Linux, but I still need to manage them.  Overall, I think that is fairly straightforward.


Back to PaaS

Fantastic!  Now I understand, at least conceptually, how SaaS relates to PaaS relates to IaaS relates to On-Premise (whew!).  But I'm still a bit unclear on exactly what a PaaS is used for and when.  The image below depicts capabilities offered by SAP's PaaS offering - HANA Cloud Platform.  Wow, that's a lot of stuff - and it's the high-level view!  So I asked myself another question, "Do these platform services relate to me personally?"  And that's where I continued my exploration.


I started by grabbing the definition of PaaS from Wikipedia (the definitive resource, right?):


Platform as a service (PaaS) is a category of cloud computing services that provides a platform allowing customers to develop, run, and manage web applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app.


Huh?  Let's try to break it down a bit:


  • "a category of cloud computing services" - These sound like various types of tools to me
  • "provides a platform allowing customers to develop, run, and manage web applications" - Building stuff and using it!
  • "without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app" - Sounds like it handles the boxes from that IaaS thing in the image above but more


Sounds great, but tools to build and customize software have been around forever.  What's new here?   And why is a PaaS even needed?  In order to answer this question, I needed to back up and examine the bigger picture.


Transformative Reasoning

Another hot term I hear in business today is 'Digital Transformation'.  Seems to me like everything is already digital today, but when I stop and think about it, there are non-digital examples everywhere:  mortgage paperwork, applications, bills, and more.  So at first glance, this simply sounds like converting old physical processes and artifacts (e.g. paper) to their digital equivalents (e.g. digital form).  And while there are still manual, physical examples today, we have certainly seen an amazing array of digital transformation in our personal lives. 


Way, way back, even before the original PDAs (personal digital assistants) like the PalmPilot arrived, I actually used to carry around a little book that carried all of my contact information.  It was handy, but was hard to use - I couldn't "insert" records to keep them alphabetical, and if I left the book at home, I was out of luck.  Remember physical maps (yes they actually existed)?  Same problems, and flat out dangerous to try to use while driving.  When these functions went digital, it wasn't just about creating the same experience in digital form.  The digitization of contact data enabled us to transform how we could interact with the data - we could now search it, automatically dial phone numbers, quickly find out all persons within a single company, and much more. 


Anyone in or around a business of any type knows that all businesses are being impacted by the drive towards Digital Transformation.  It is happening on every level, and only accelerating.  Some are fighting it, some are overwhelmed, and others are embracing and capitalizing on it.


This is when I suddenly had my epiphany:   If Digital Transformation is rewriting business, then the tools to enable such a transformation had to be reimagined as well.  And looking back at the PaaS definition from earlier, that's exactly where it plays.  Boom!  And I'm willing to bet that the businesses having the most success on this journey are embracing these next-generation tools.


Now I understand why PaaS exists, but what does it do?  How did I personally deal with this up to now?  Before we dive into what I discovered, I ran across a startling statistic that sets the stage:


"By 2020, 70% of enterprise mobile apps will be

developed or adopted without IT involvement."

Gartner Inc. Picking the Best new Mobile AD Technology: MBaaS and RMAD


Certainly looks to me like the way tools are being used will change dramatically over the next few years.  That's both frightening and exciting all at once.


Stay tuned for Part 4 to find out what I discovered when I once again stuck my head back in the cloud(s).





The classic, Don Quixote is reckoned to be the first modern novel, and was written by Miguel de Cervantes, a Madrid resident. He had the misfortune to die in the same year as Shakespeare, so in anniversary years such as this 400th he has to share with the better known Bard of Avon. But Cervantes' most famous work regularly appears high on lists of the greatest works of fiction ever published. So let's look at what this most famous Madrid resident wrote, and how it relates to the announcements at SAPPHIRENOW and SAPAribaLive.


"Tilting at Windmills"

Probably the most famous image of Cervantes is that of Don Quixote's "tilting at windmills", battling imaginary enemies. What imaginary enemies are you battling in your procurement quest? Perhaps you are following the mantra of "capturing more spend", or clamping down on "mavericks". At SAPAribaLive you will hear that these aspirations are somewhat imaginary. New capabilities square the desire of procurement to maintain control with the need of stakeholders to just get the job done.


"Forewarned forearmed"

This familiar expression is another which was first written by Cervantes. How are you forewarning yourself and your organisation: learn at SAPAribaLive in Madrid how to mitigate risks using the newest Supplier Management capabilities.


"The proof of the pudding is in the eating"

Features and neat stuff only take you so far. At SAPAribaLive, unlike many conferences, you will hear from actual customers who have implemented the software and have the numbers to prove it. The "proof" will be improvements in unit price, reductions in headcount, better cash positions or closer connections to customers.


"No Limits but the Sky"

One of the most famous quotes, often appearing on New Age jewellery can also be inspiring in business. What artificial limits are you implicitly putting in place: do you think Ariba is just for Indirect Materials? Maybe you haven't heard how open the Network is now. Or maybe you think we are just a procurement company and haven't yet experienced our solutions for sellers, treasurers or supply chain professionals.


"Maddest of all is to see life as it is and not as it should be"

This quote was very much at the centre of SAP Business Network Executive Steve Singh's Sapphire presentation where he expressed the same sentiment, telling us "Don't think about how the world works today. Think about how the world SHOULD work." Simpler. Smarter. Connected.


At SAPAribaLive in Madrid, learn how to see the potential of the connected enterprise. The world as it should be.

This blog first appeared on Ariba Exchange

Lutz Bartsch

Security @ SAP?!

Posted by Lutz Bartsch May 17, 2016

Have you ever been looking for more and better insights what SAP is doing to ensure Security for the SAP business and the SAP Cloud offerings? Are you interested to learn and understand how serious SAP deal with common and new treads of Cybersecurity

  • as a company - Corporate Security
  • Security fundamentals during Product development - Product Security
  • Protecting your business and data within the SAP Cloud - Cloud Security?

Here is your new one-stop shop: Public on the SAP Webpages: Security | SAP

I hope you'll find this new provided set of assets useful.

Stay focused,

Lutz Bartsch

Follow me along on a journey through time.

Pre-Cloud Age

When discussing the next thing it is always important to have a deep reflection of how it used to be.

Back in 2007 I was  working for 7 years at SAP and there was one constant factor, before starting any project. Start early to think about the hardware before you think about the software that you want to build, before you had any specs or details and request the virtual or physical hardware, because we had to wait for 4-8 weeks (in the best case) until your one single virtual server with OS was ready.

The Cloud …

November 2007, I participated in a startup conference, where Werner Vogels, Amazon CTO, spoke about the Amazon Cloud. He also used this event to launch the m1.large instance with 2 vCPUs and 7.5 GB RAM.

Back then I was attracted by 2 aspects of the cloud

  • Any number of machines at any time
  • Charge by the hour of metered usage

Continue to read: 2008 .. 2016

CC license. Photo by https://www.flickr.com/photos/schizoform/












The main difficulty in assessing cloud risks is the lack of visibility about the implemented security controls by the cloud provider. Oftentimes customers can see security certification information, but these are not sufficient to have a precise cloud risk assessment. We published a research paper with a practical approach to perform cloud risk assessments, with reproducible steps that potential cloud customer perform:

1 - Define the cloud risk scenarios affecting your business There are relevant cloud-specific risks to watch out for: lock-in (interesting thoughts about this topic appear in this post by Floyd Strimling), compliance challenges, shared technology risks, most of them are discussed in the ENISA recommendations for information security in the Cloud, from 2010, but you will likely add consider other risks affecting your business, such as foreign government espionage, which was not in the ENISA’s enumeration, but became extremely relevant since 2013.

2 - Determine relevant security controls to protect your assets Each risk scenario links to a number of vulnerabilities. In order to mitigate these, one must select appropriate security controls, more often by adopting a security standard. The Cloud Controls Matrix by CSA is a great resource for that. It contains an extensive collection of controls and practices extracted from the most prominent standards. These controls are grouped in relevant categories (called Control Domains), which make it easy to relate to a number of risk scenarios. For instance, the Compliance control domain will help in addressing the “Regulatory” and “Legal” risk scenarios, whereas controls in the Resiliency domain will help to mitigate some risks related to service delivery and quality of service.

3 - Assess your cloud provider The main difference with doing risk assessments in general is that by moving data to the cloud, the organizations do not have the same level of control as on premise. Depending on the delivery model, a considerable part of the responsibilities will rely on the cloud provider. It is important to assess how the provider implements the controls that are relevant to your risk scenarios from step 1. For that, an excellent source of information is the CSA Security, Trust & Assurance Registry (STAR). Each provider in the repository responded to around 300 questions related to the most important information security standards (this is the Consensus Assessments Initiative Questionnaire, CAIQ). As a cloud consumer, your organization needs to know which controls are the most suited to mitigate the threats in your risk scenarios. Ah, the cloud provider you intend to contract is not in the CSA Registry? Just ask them to fill in the CAIQ. Or the answers in the Star Registry aren't clear? Ask for more details to the provider. It has probably already gone through this exercise and they are sharing the answers only under some NDA.

4 - Estimate the residual risks and further measures to be taken Not all responsibilities are on the hands of the provider. There are controls you will need to put in place, even if you are using a SaaS. For example, your employees need to be aware about social engineering attacks. For PaaS and IaaS there are many more security controls to activate and monitor by yourself.

5 - Make your decisionDetermine which data and/or business process will move to the cloud and estimate the impact to your organization to their CIA (confidentiality, integrity, and availability) properties. Different cloud offers will address security needs in different ways. In the paper, we show an approach to cluster risk scenarios in three main risk indicators allowing compare different providers easily, a screenshot with pseudonymized providers is given below. Another important point is to review SLAs, privacy policies and further contractual documents very carefully. Finally, once you made your choice, keep in mind that sometimes there is room for negotiating specific contracts terms to obtain better guarantees.

CARAM screenshot


Planning to move to business computing to the cloud? There are a number of different reasons why you might want to do this. For one, it’s actually more secure than you might think. For another, you have the resources of an entire team of dedicated cloud service professionals at your disposal. You’ll find that they are actually more efficient than most companies IT teams because they only have to focus on keeping the cloud servers running. However, there are a number of financial reasons why moving to the cloud is a great idea. Let’s take a look at four of these reasons and see how the cloud can actually save you a lot more than you might think.


There’s No Upfront Cost


There’s not a lot of upfront investment or cost with using the cloud. That’s because you’re actually paying for a service, not for hardware or anything similar. Here are some of the upfront costs you’d have to pay if you were putting in your own servers:

  • Storage space
  • Cables or wireless routers
  • A larger IT staff
  • Extra training for your IT staff to handle server needs
  • Server security software


There are some other costs you’d incur, too, in order to get your servers up and running. But if you go to the cloud, you’re not going to have to purchase any of these things. All you’ll need is your computers or other devices and an internet connection. Now you can store all of your documents, databases, and other files in the cloud and retrieve them whenever you need to. Don’t need those much space? Then you won’t pay for it! Unlike buying large hard drives for your own servers, you’ll only need to pay for what you use in the cloud. It’s perfect for small businesses that have a very limited budget, but even large companies can benefit from this pay-as-you-go method. For instance: If you are planning for a deployment of SAP financial management software, rather than going for an on-premise implementation, you can go for SAP HANA enterprise cloud which ultimately saves on the servers hardware as you just need to take a cloud service; moreover, it is an easier and comprehensive solution for deployment.


There’s Less Risk


Because you’re only paying for what you need, there’s less risk involved in using the cloud. You won’t have to worry about stretching your budget too far or using up all of your extra funds early on. Instead, the subscription-based fee structure means you can pull back if you find yourself running up against the edge of your budget. You can also easily remove certain software or other options if you decide you don’t like them—it’s not like you’re actually buying the software and are stuck with it, nor have you committed to buying a license for an entire year. Simply add or remove subscriptions as you need to. Any risks incurred are done so by the cloud service provider, not by you.


This also goes the other way. You don’t have to risk suddenly realizing that you need additional software, more licenses, or more storage space towards the end of the fiscal year when your budget may already be stressed by unexpected costs. If you reach that point, you don’t have to allocate a large amount of money to buy new hard drives or software. Instead, just add to your subscriptions or rent additional hard drive space. Since you only have to pay for what you need, you’ll find that this is much cheaper than buying everything yourself.


There are Lower Electric Costs


Another way you save money using the cloud is on power costs. It may not seem like it would be a major savings, but by not having all of those servers and other hardware needed to run your own data center, you actually use a lot less electricity. You’ll find that the amount of money you save on your electric bill counters some of the costs of your cloud services.


In addition to saving money, you’re also reducing your carbon footprint. Rather than you and other businesses using all this energy to run your own data centers, one cloud company is using less power to provide all of the same, if not more, data storage and other services. Showing your customers that you’re going green can give you a nice boost in business.


Lower Operational Costs


Finally, using the cloud helps reduce the amount of operating costs your company incurs. We’ve already looked at how you will save money by paying only for the services that you need. But there are a number of other ways that the cloud helps you decrease your operating costs. You may not need as many IT people because you won’t have to have a dedicated employee or employees working on your data center servers. There are no maintenance costs more there.


But you can also make use of some different technologies to cut your operating budget. For example, you can use a cloud based phone system to save money in several ways. With this cloud phone system, you won’t have to have any phones in your office. Instead, all of your calls are routed through the internet. Every employee can have their own business phone number that they can take with them no matter where they go. They can have calls to this number sent to their own cell phone, their tablets, or their computers. You won’t need to install any hardware at the office or deal with maintenance or break downs.


You’ll also save money on making long distance or international calls. This is great if you have clients in another country or are working with another branch office or business overseas. In addition to voice calls, they are fully integrated with Microsoft Office 365, so sharing files is also very easy.


Are you Ready to Start Saving?


If you are already thinking to start saving and not certain where to cut your budget, it is demonstrating that you need a transition to the cloud. You may be surprised at just how much money you can save, even if you already have spent money upfront to build your data center. If you’ve moved to the cloud, how has it impacted your bottom line? We’d love to know how using the cloud has saved you money and helped improve your business.

Whenever I write about Cloud computing I get a bit nostalgic about the pioneers that came before this perfect marketing term was created. For some of us, it’s not hard to remember a time when there was no open source software or hardware and compatibility was a question that had to be checked and double checked before signing on the dotted line. However, the same lock-in that existed yesteryear is alive and well today.


When most people think about cloud computing, Infrastructure as a Service (IaaS) jumps to the front of the line. The foundation of IaaS is compute, network, and storage but there is much more to the story. Most IaaS providers have evolved to IaaS+ which blurs the line between IaaS and Platform as a Service (PaaS). IaaS+ provides additional capabilities, from content delivery networks to managed databases, that offer valuable solutions which generate long-term revenue for their respective vendors. However, these capabilities also limit portability as they are integrated into a customers’ overall solution.


Hold on, what about containerization? Doesn’t this change the equation? Within itself, containerization provides some degree of portability (see the Open Container Initiative). However, most customers will build applications using a combination of containers and IaaS+ capabilities offered by the vendors. While you can move your containers from IaaS Vendor A to Vendor B, you cannot move or, in some cases, replicate these enhanced capabilities. Of course, even if they did exist, cross-vendor, it would still require some development effort to integrate the new IaaS+ offerings into your original application.


The unintended consequence of this model is customers are making short-term decisions, often project based, that have long-term consequences. The biggest of which is the advent of cloud sprawl, also known as Multi-Cloud Multi-Vender (MCMV) which creates a management and integration complexity that falls squarely on the customer. Oh sure, just like the pioneers of utility computing who faced the challenge of identifying virtual machine sprawl many years before it became a reality, MCMV sprawl sprinkled with vendor lock-in will emerge as the next great challenge for the Enterprise.


Think about your own company, how many IaaS vendors to you use? How many SaaS solutions are deployed? How many different PaaS solutions are you using or considering? How is IT tackling the challenges of managing these clouds? How is security handled? What happens when something goes wrong? Do you get an integrated view of your business?


What is needed is a new approach that transcends both technology and marketing. This new approach focuses on providing overwhelming business value by reducing complexity, increasing agility, and exposing the vendor lock-in chameleon hiding in the cloud.

SAP is the world leader in enterprise applications and delivers the most comprehensive portfolio of line-of-business cloud applications. SAP has around 30 million users divided across four core verticals namely: People, Customer, Money and Supplier.


The recent vision of SAP is to have a unified cloud strategy to help businesses integrate their existing enterprise solutions into one SAP HANA cloud platform.


SAP HANA Cloud Platform comes with prepackaged integration flows that lets the customers use the best-practice templates in order to integrate their SAP software investments with line-of-business cloud applications and best-of-breed third-party applications. The biggest benefit offered by such integration is in terms of cost. Without any hassles, one can easily upgrade their existing set up and shift their entire business enterprise solutions across SAP HANA.


Major Players Who are Already Adopting SAP HANA


Digital identity security provider, Certified Security Solutions (CSS), is working with SAP to integrate the CSS Verdetto IoT Identity Platform with the SAP HANA Cloud Platform for Internet of Things (IoT) applications. Other companies who deal with a vast amount of big data like the $18 billion consumer goods giant, ConAgra Foods, classifieds search engine Adswish, regional airlines like Bangkok Airways etc have already implemented or should implement SAP HANA in order to effectively handle the big data load and to simulate the entire business activities.

How to Get Ready For SAP HANA Implementation?

The following steps will significantly boost up the success ratio of a proper SAP HANA implementation:

1- Cleanse your data and identify which data sets needs to be migrated. Data cleansing will take care of all the factors needed to accurately size your required SAP HANA hardware. This will also help to remove the bad data and make way for effective and timely integration.

2- Keep a knowledge transfer plan ready. The core teams handling the data should be informed about the integration and how they can successfully deal with the after effects of a new platform without any loss of productivity.

3- SAP HANA will interact with other systems that are already in place so make sure to define a proper approach to the implementation.

4- Have a expert team ready who can take care and guide about any technicalities that one might face during or after the implementation phase.

Why Choose SAP HANA?

The core of SAP HANA is build up of SAP HANA App Services, SAP HANA DB Services and SAP HANA Infrastructure Services. These services lets customers quickly deploy their existing HANA licenses in the cloud for use with HCP. Moreover, it lets a business create custom prototypes that SAP-using clients can touch and feel. With a promise to deliver the best security and smooth implementation, SAP HANA is growing rapidly to take over the cloud business community.

When it comes to enterprise software, what’s not to like about fast, flexible, and powerful?


This is why so many companies today love cloud technology. After all, it gives you the flexibility to get up and running quickly with new software at an affordable price that switches cost from a capital expense to an operating expense?


It’s also why companies love in-memory database technology, which enables you to process incredibly high volumes of data and transactions in real time to improve responsiveness, increase insight, and even predict what’s coming next.


To meet this demand, the SAP HANA Enterprise Cloud combines the flexibility of the cloud with the speed and power of the in-memory SAP HANA Platform. This helps you do more – both better and faster.    Yet, even while your future looks bright with SAP HANA Enterprise Cloud, the fact remains:


You still need to manage your landscape effectively if you want to succeed in the new era of fast, flexible, and powerful.


So, why not make it easier on yourself?



SAP Services closes this gap and delivers to you a version of SAP Solution Manager that is preconfigured to work with SAP HANA Enterprise Cloud. You could set it all up yourself – but with us, it’s faster, easier, and you know the job will be done right, the first time. With this service you get selected scenarios and best practices for effective application lifecycle management (ALM) – as well as additional add-ons for immediate use after installation.


These include the following:


Requirements management: This add-on enables you to record and manage requirements or functional gaps. Integrating smoothly with business processes, test cases, and changes, it provides an intuitive, Web-based user interface with the traceability you need to track all changes across the entire lifecycle of any requirement.


Test management: The test management service supports professional test planning and execution for all of your SAP solutions. You can run project-specific test plans based on IEEE 829/ISTQB, access training for testers and managers, identify issues with integrated defect management, and generate professional-grade test reports to help ensure the quality of all your projects.


IT service management (ITSM): This service supports the efficient implementation of ITSM processes according to our standard offering – but with additional functionality for enhanced incident and problem management. You get a workshop for gathering specific requirements – along with training, training materials, and comprehensive solution documentation. The result is an efficient path toward setting up an effective service desk to keep your landscape operating at peak performance.


Change request management: This add-on package includes basic configuration for change request management with additional enhancements to augment the process. We also deliver add-on documentation, process models, and guided procedures that help you set up, execute, and modify the process quickly and according to your own needs.


The value


All of this is delivered at a fixed price with no extra licensing costs. You get expert implementation, training, and workshop services – and when the service is delivered, your system is ready to use immediately. The end result is a simplified and standardized ITIL-compliant system of governance that greatly accelerates your journey to ALM while reducing cost and risk. And, of course, it also enables you to maximize the benefit you receive from the fast, flexible, and powerful SAP HANA Enterprise Cloud.


You can contact us at:emea.cloud@sap.com

"Forget HANA. Forget cloud. Let's talk platform!"


There... I said it ... in public! Guess that leaves me only a couple of minutes until they came and get me!


Jokes aside - with today's blog post I want to address some of the misconceptions floating around in regards to the SAP HANA Cloud Platform (HCP)! Many a times I've been hearing from people that SAP HANA Cloud Platform is not of interest for them because


a) they don't use HANA (yet) and/or

b) cloud is not a topic in their companies (yet)


Call me biased, but nothing could be further from the truth! As such, I'd like to talk about the last part of the name - platform.


Platform [definition] - a horizontal surface or structure with a horizontal surface raised above the level of the surrounding area. - Reference: dictionary.com


In simple terms, one could say that a platform is an elevated area compared to your current position - "the next level" if you will. Furthermore, it's a stable, reliable and future-proof foundation to build on. So, one is truly well-advised to look beyond the HANA and cloud part of the name and have a closer look at the the platform aspect!


From a technical perspective one could truly state that HCP is the successor of NetWeaver. While they have completely distinct code-lines and upbringings they share a common mindset; only this time SAP develops & operates the platform for you. This implies a shift of responsibilities very favorable for customers, as now it's SAP that takes a lot of the heavy lifting while customers can exclusively concentrate on developing apps( and not having to worry of operating the underlying platform).That's the whole promise of Platform-as-a-Service (PaaS) and in non-technical terms it translates to business agility.




In today's economy, everyone is competing on a global level and the speed of innovation is constantly accelerating. To gain or keep an competitive advantage companies need to be able to roll-out innovations quickly: time-to-market is critical. At the same time, ensuring smooth operation of the core processes is fundamental. Gartner has been referring to this concept of bimodal IT requirements as pace-layered IT, see In the Digital World CIOs Need Bimodal IT: Rock Solid IT with Ability for Fluidity.


That's one of the value propositions for SAP HANA Cloud Platform and it's something that is relevant for every company regardless of whether they have embraced HANA or cloud (yet).


Note: Of course, I strongly promote considering to use HCP to leverage HANA and make your first step towards the cloud, but to stay true to the title of this posts I'll continue with emphasizing on the platform aspect.


In simple terms, HCP enables you to out-source your innovation - in the truest and most literal meaning of the word. Instead of doing plenty of custom-coding, configuration and customizing (or even modifying) directly within your core backend system(s) SAP recommends to use HCP for these purposes. That way, you don't start/continue to pick up baggage (aka technical debt) and consequently benefit from being able to constantly update/upgrade your core system(s) without having to worry that something breaks.


At the same time, given the comprehensive set of platform capabilities and services provided by HCP you can develop and roll-out new applications and solutions in unprecedented time.




For many customers a great way to get started with HCP are so called on-premise extensions. In such a scenario, one uses the cloud to expose functionality residing within the on-premise Business Suite (or S/4HANA) system(s) to the end-users. Typical use-cases are employee self-services (ESS) or other Fiori-like scenarios. In general, I usually recommend to start with non mission-critical use-cases in order to have the chance to gain experiences first. Also, keeping the scope to a small or medium complexity level also helps to ensure that the first pilot solution will be a success. From my personal experiences I can say that once you have demonstrated to the business that you can now develop new solutions in a matter of weeks (not months or years) they will quickly come up with more ideas and suddenly you don't have to convince the business people any longer, but they help you shape the path towards the cloud.


With that, I hope I was able to pique your interest and if you should happen to attend TechEd (or watch from afar) then you'll sure hear more about SAP HANA Cloud Platform in the following days. I hope you tune-in and now that you know that HCP is more than just HANA in the cloud you may realize that there are many ways to leverage the platform as part of your own agenda.


At the end of the day, HCP is a platform intended to help you take it to the next level and build amazing things on top. Only you know what the next "killer app" may be within your company, your domain or the whole industry... so, let's get started!


With that - let me wrap it up with a hat-tip to Hugh MacLeod aka “gapingvoid“. In his eBook “Authenticity is The New Bullshit” there's a paraphrase from an interview conducted by Tom Peters with Horst Brandstätter (owner and CEO of the Germany-based toy manufacturer Playmobil):




Replace ‘toy’ with ‘platform’ and ‘child’ with ‘developer’ and you have a very inspiring guiding principle for any aspiring enterprise developer, don't you agre?

With all the hype about Cloud Computing we have witnessed in the past 5 years, one might think Cloud Technology is some kind of superhero coming to the rescue of IT "damsels in distress", whisking them away from danger and leading them to a world (or at least IT-landscape) of perfect harmony. The reality is quite different of course – cloud solutions can become real challenges for enterprises. But that doesn’t mean they don’t have potential superpowers. As always it is a question of picking the right ones and knowing how to unleash their full potential.

No doubt about it - the world is moving into the „Cloud“, to benefit from a superior, easier access to functionality - without the need to take care of hardware, installation or even backups; and all of that with only minor or no implementation time whatsoever.

By this time almost every company out there has already thought about using cloud solutions and the majority of them already use cloud solutions in some areas.




The easy entry for most enterprises started with point solutions, which directly address one specific area of excellence or one specific LoB or Department. The reasons for being successful with solutions for HR, Sales Automation, Service, Marketing or one of many others was, that it directly addressed one specific target group which had the need to react fast to solve a specific issue and the ability to drive the decision by themselves.

No installation, quick implementation were the keys to success. Integration to existing backend systems was very often not an option, or not considered. This missing integration into existing systems often ended in a challenge for IT-organizations to connect the system back to the mother ship later. The seamless integration to backend systems like Finance, Sales or logistics is one of the major benefits of SAPs Cloud solutions, which are ahead of all other players.

In the meantime, cloud solutions are a commodity in many lines of businesses and currently moving forward to finance. While in the past the core systems of most enterprise where not in discussion to be moved into the cloud, now it is possible.


The full power of S/4HANA Finance is available in smart tailored cloud packages with an attractive subscription model.

Do you want to learn more about how S/4HANA Finance, cloud edition can simplify your live?


Have a look on our infographic here

or visit www.sap.com/finance

Sky is the Limit.jpgNo matter what their industry or line of business, today’s enterprises share many common goals. To gain advantage over their competitors, companies want to increase revenues through top-line growth and improve profit margins, helping to pad operational cash and funding that can be reinvested in the organization.


Another priority is to enhance customer satisfaction, which boosts loyalty and increases new sales. Companies also strive to reduce costs, especially those related to IT operations, and improve the performance of IT operations. For example, relying less on legacy tools and traditional outdated technologies can free up money for other business areas.


Yet a recent IDC report, “Custom Applications Powered and Enabled by Cloud Computing,” says that meeting these goals is not without challenges. When asked to identify the greatest impediments to executing their corporate strategy, 43% of respondents cited focusing the right people and resources on their strategic initiatives. Due to budget restraints and daily operational requirements, it can be difficult for organizations to acquire the highly-skilled personnel and budget needed to build, maintain, and augment in-house customized software applications.


In addition, 36% cited the lack of alignment between business needs and IT capabilities. Keeping older in-house built applications current and developing enhanced functionality can be a struggle, especially given the rapid pace of business process change.


Reduced IT complexity, minimized cost and risk


To become more nimble and cost-efficient, many companies are beginning to deploy cloud-based IT solutions. According to IDC, nearly 50% of organizations have adopted software as a service (SaaS) and more than a third have embraced platform as a service (PaaS). Another 20% plan to deploy PaaS in the next 12 months.


These high adoption rates stem from the fact that cloud solutions deliver proven business value. In a recent Oxford Economics study, 75% of leading companies said they use the cloud to “innovate at the pace of business and meet rapidly changing market needs in real time.” Organizations that use cloud software report 2.5X higher profits than their peers, and 81% of surveyed executives say that cloud solutions increase collaboration across the organization.


However, standardized cloud solutions are sometimes less effective at supporting highly transformative  or unique  business processes. “While packaged cloud applications have their advantages – such as speed to deploy, standardized processes, and consumption-based pricing – they can be limited not only in supporting highly unique and differentiated processes but also in application customization flexibility,” writes Pete Marston in the IDC report.


In fact, many standardized cloud solutions lack the deep,  business-critical functionality of traditional on-premise solutions. Without  unique, competitively differentiating software extensions, 42% of organizations in the Oxford Economics study worry that the continuity of essential business processes is put at risk by cloud adoption.


What is the best way for companies to realize both the functional richness of on-premise software and the speed and cost-effectiveness of cloud-based solutions?


38644_Journey to the Cloud_blog_tweet cards_en_FINAL_1.jpg


Tailored  cloud applications and extensions


Leading users of cloud technologies often rely on application development services to tailor packaged solutions and develop new  enterprise-specific applications. Some 48% of organizations surveyed by Oxford Economics view the development of new applications as a key driver to business innovation and better business outcomes.


By using  application development services from a trusted partner, enterprises can realize several benefits that help them differentiate themselves against the competition. These benefits include:


  • Faster end-to-end process execution, through increased automation and the ability to map software to actual business processes
  • More effective resource utilization, with decreased time spent on in-house application development
  • Reduced application maintenance costs, by offloading responsibility for application upkeep to cloud service providers


Application development services for the cloud can support business innovation, competitive differentiation, and growth – all with subscription pricing. Properly deployed, these services can help companies accelerate innovation, reduce IT complexity, and speed time to market.


To better understand whether cloud is the right choice for your business goals, look for a vendor willing to help you assess your needs and match them with potential technology solutions. In addition, seek a trusted partner skilled at quickly and cost-effectively extending existing cloud solutions or developing new applications that meet your unique and -critical business requirements. Your business goals may be similar to those of your industry colleagues and competitors, but sometimes those competitively differentiating aspects require technology  tailored to address the specific needs of your enterprise.


Ready to learn more about using tailored cloud applications to speed innovation? For more information about application development services for the cloud from SAP, visit us at www.sap.com.


Filter Blog

By author:
By date:
By tag: