SAP users look to software suppliers to help with fast-approaching GDPR

SAP users are revisiting security concerns with respect to the cloud delivery of business software as the European Union’s (EU’s) General Data Protection Regulation (GDPR) hoves into view.

According to research from the UK and Ireland SAP User Group, 86% of users do not fully understand the implications of the GDPR in relation to their SAP estate, and their future use of SAP.

The survey also found that of those SAP users concerned about security, 64% said they have similar concerns for other applications. Off those SAP users that cited greater concerns about compliance, half said they had experienced a similar increase in compliance concerns for other enterprise applications. 

Just over half (51%) of users said they had greater concerns concerning the compliance of their SAP usage than they did 12 months ago. Some 53% of users said the emergence and growing use of cloud computing had increased their compliance difficulties, and 57% said the same regarding workforce mobility.

Just under half (49%) said they had greater concerns regarding the security of their SAP landscape than they did one year ago.

Brian Froom, chair of the Audit, Control and Security Special Interest Group for the user group, said: “GDPR is presenting a huge challenge for many organisations and this isn’t just restricted to users of SAP. With the continued growth of cloud computing and increasingly mobile workforces, it is a challenge for organisations to fully understand where their data is residing and how it is being accessed.

“At a time when SAP’s product portfolio is becoming ever more focused on cloud and mobile, it is essential that users fully understand both the technology and its security and compliance implications.”

Froom told Computer Weekly that the user group’s members seem to have come full circle with cloud. “Security concerns were there, they went away and now they have come back again. They had been allayed but GDPR is having the effect of moving the goalposts,” he said.

“The major issue is where the data is. With the cloud, it could be anywhere in the world. Under GDPR, there will be strict guidance on where European data can and cannot be stored and processed. There are tools to ensure good access control [to data in the cloud and through mobile devices], so we are trying to get that message across.”

“The mobility side is similar, in that the data can be stored anywhere, and on a device that can be lost in the back of a taxi. Now, that’s been happening before, but the fines under the GDPR will be much higher: 4% of global turnover could kill some companies,” Froom added.

“It’s not SAP’s software that’s causing the problem. We are looking to SAP, and their ilk, to provide software that will help us to be compliant with the GDPR. This is as much an issue for them, as a company, as it is for us, their customers – and they are helping.”

Nearly three-quarters of users (70%) stated that they found SAP access control a challenge. Overall, the survey reports 73% of users saying that they find it hard to “balance workforce productivity and flexibility” against “ensuring their SAP landscape is secure and compliant”.

Just under half of users (47%) said they are currently using SAP Governance, Risk and Compliance (GRC). Of those not using SAP GRC, 35% said it was too expensive, and a further 18% said it was too complicated.

The survey questioned 102 SAP user organisations in May 2017. The group is holding a Securing Your Systems in the Digital World event in Birmingham on 5 July, part of which will be focused on putting GDPR into practice for SAP information.