Archives

Archive for August, 2017

SAP Compliance Management Demystified

Posted on: August 22nd, 2017 by Daniella Lundsberg

This post comes from our partner Symmetry Corporation.

Executives often view compliance and compliance management with a mixture of confusion and dread. The word itself encompasses so much: financial controls and reporting (SOX), privacy and data protection (HIPAA), technological deployment (HITECH), FDA regulations (21 CFR Part 11), and even national security (ITAR and EAR). Although compliance management in an SAP landscape has a very specific meaning, it often eludes decision makers.

The tragedy is that compliance rules are designed to protect your assets, security, clients and reputation. When they use the threat of civil and criminal liability, it’s primarily to get you to do things you should be doing anyway. But to benefit from compliance, you need to understand how it’s structured, and how it fits into your SAP landscape and your business as a whole.

SAP Compliance Management and GRC

Compliance management refers to the controls put in place to restrict and monitor how users access, view and modify information within the SAP landscape. These tasks are handled by a Governance, Risk and Compliance program, such as ControlPanelGRC, or SAP GRC. Sarbanes-Oxley compliance management tasks include:

  • Establishing an internal control structure;
  • Validating the effectiveness of internal controls;
  • Certifying the accuracy of financial statements;
  • Preventing tampering;
  • Reporting detailed financial information;
  • Disclosing conflicts of interest.

GRC software monitors user access to identify potential segregation of duty and excessive access risks. For example, a single user shouldn’t be able to complete multiple portions of a business transaction (e.g. creating and paying a vendor), change the record of a transaction, or modify a financial report so that it excludes or differs from information in the database. Monitoring excessive accessis also a top priority; as critical business transactions should only be  granted to appropriate individuals to prevent both fraud and errors.

GRC programs also need to monitor financial controls, and verify all access and changes to documents in order to create an audit trail. This supports authentication of important records; helps admins and auditors spot suspicious activity and bugs in the system; and provides a powerful disincentive against fraud, leaks and tampering. Finally, the GRC program needs to be able to organize and report on effectiveness of controls, according to compliance rules, while maintaining proper access control. Auditors, investors and customers will all need access to different amounts of information, and much of the data auditors need could breach confidentiality or expose trade secrets if shared with other parties. Your compliance management program also needs to account for conflicts of interest and other mandated non-financial data.

Compliance management is crucial to nearly everything your company does. It’s how you verify payroll, sales or HR records, and protect information integrity and confidentiality. Whether it’s a trade secret, a 21 CFR 11 medical study, or HIPAA PHI, compliance management plays a role in keeping it safe.

Cyber Security and Compliance

At the risk of oversimplifying it, GRC prevents people from misusing your system; while cyber security prevents them from breaking in. We can illustrate this by picturing security in a museum. Standard (GRC) safeguards include:

  • Guards to enforce rules
  • Ropes and cases to prevent theft or damage to assets
  • Locked doors and alarms to restrict access to valuable assets
  • Cameras and motion detectors for monitoring

But what stops thieves from picking a lock and cutting the power to disable the alarm, or entering through a hatch in the roof? That’s where cyber security comes in.

People get confused by the different things each compliance regime says about cyber security. For example, PCI requires specific technical safeguards like encryption across open networks, firewalls and the elimination of default passwords, while HIPAA emphasizes broader principles, training and legal frameworks like BAAs.

But under a security best practices approach, the differences are actually pretty minor. HIPAA may not technically mandate encryption or firewalls, but they vastly reduce HIPAA compliance risks. Similarly, PCI might not require BAAs, but it’s in your company’s best interest to make sure your partners are adhering to stringent data protection standards.

Process Documentation and Quality Management

It may sound obvious, but cyber security and compliance management initiatives won’t go far, unless your company implements and consistently uses them — and that requires good process documentation. Everything from network configuration, to access control to daily system health checks and maintenance needs to be spelled out clearly and succinctly; the goal isn’t impressive, weighty tomes — it’s simple documents that spell out all necessary tasks.

This documentation needs to be incorporated into a quality management program. Although quality management doesn’t focus exclusively on security and compliance, many aspects have important functions in this domain, including technology policies, SOPs, auditing procedures, training, document control, and audit trails. Putting it all together almost always requires outside help.

Choosing an SAP Security and Compliance Partner

A provider needs to understand the compliance requirements of your industry, but doesn’t need to focus exclusively on them; often, experience across multiple industries is a better sign of a company that gets security and compliance.

It’s crucial, however, that your partner practices what it preaches. They should have a quality management program in place, and be able to show you things like:

Formalized Quality Policy, Quality Plan, and procedures

  • Audit trails
  • Version control
  • Sample Installation Qualifications

SOPs for critical systems should be recorded on controlled documents, approved by management, stored where no one can tamper with them, and trained and retrained regularly by anyone who does the work. And they should be ready to answer questions on anything from employee training and monitoring, to server hardening, to what happens when you call the help line.

In particular, they need good quality assurance, with separate task completion and verification staff. Finally, they should be ready to undergo regular 3rd party audits to assess and validate internal controls.

The Case for Bundling Security and Compliance with Managed Services

In the SAP hosting and managed services realm, companies that once had separate providers for hosting, IT project management, admin, DR/HA and so on, are moving to an integrated approach, citing benefits like lower cost, increased flexibility, greater knowledge base and less administrative overhead. In security and compliance management, however, tasks like IT security auditing, physical security auditing, GRC, monitoring and incident response are often farmed out to a web of different providers.

Forward-looking companies, however, are already starting to see the benefits of a unified managed services approach incorporating security and compliance. This approach lets you leverage your provider’s internal controls and knowledge base, along with their auditing framework. The people auditing, monitoring and hardening your system can work directly with the people running it, meaning better communication, quicker results and a lower administrative overhead. In an emergency, you won’t have to make frantic calls between your hosting provider, your DB admin and your network engineer — everyone is already working together, which means quicker resolutions, leading to better outcomes.

It also provides legal cover in the event of a breach, attack or outage. Successful hacks often simultaneously exploit weaknesses in hardware setup, software patching, GRC, training, monitoring and other domains. In a disaster, everyone goes into damage control mode, and you can end up with multiple agencies fighting it out in the courts (and in the press!) for years. If one provider handles everything, on the other hand, it’s their reputation on the line.

Getting SAP Security and Compliance Management Right

The most secure organizations don’t look at SAP compliance management and security requirements as onerous burdens, but as a way to protect their investments. Governance, risk and compliance provides a powerful framework to protect your organization from errors, corruption and costly mistakes, and industry-specific compliance regimes provide a similar bulwark against external threats.

But legal regimes and industry guidelines can’t account for every threat an organization faces. The right partner won’t view compliance regimes as boxes to check, but as one aspect of a program that includes risk assessment, training, auditing and monitoring, across your organization.

Interested in learning more about SAP Compliance, please contact Symmetry Corporation at 888-SYM-CORP.

Should you migrate to SAP HANA?

Posted on: August 18th, 2017 by Daniella Lundsberg

Faster is better. This is especially true when it comes to accessing business data, which can now be made available in real-time thanks to SAP HANA. Beyond speed, SAP HANA wraps data into reports and analytics, delivers it to your desktop, and uses it to provide relevant offers to customers and users. This level of speed and transparency helps companies innovate, mitigate risk, and make all of those critical decisions that drive operations each day.

Real-time data availability is the primary benefit driving growth and demand for SAP HANA, a database and applications platform developed by SAP SE. SAP HANA, a High-Performance Analytic Appliance, is now the fastest-growing technology in SAP history due to its revolutionary in-memory platform. It can be used for any kind of application, capable of processing both structured and unstructured data instantaneously.

SAP HANA is an in-memory column-oriented relational database management system that combines database with application processing along with integration services. Available for both on-premise and cloud deployment, SAP HANA makes big data, real-time analytics and aggregation, powerful data processing, data management and data warehousing possible on a single platform. SAP HANA notably out-performs traditional databases, thanks to its ability to keep vast volumes of information in memory, or physically closer to the CPU, and instantly accessible. So you can monitor and analyze incoming data the second it enters the system.

How fast is fast? While actual speed is dependent on the data model and other factors, SAP HANA is shown to perform between 1,000 to 10,000 times faster than a traditional database platform. This is due to its in-memory design, which overcomes challenges naturally inherent in on-disk systems including bottlenecks between CPU and disk. To drive performance, SAP HANA leverages multi-core processors, low-cost main memory or RAM, and solid state drives.

SAP HANA stores data in columnar structures which enables data compression making entire data retrieval process even faster. When a traditional database system tries to improve I/O performance to these levels, it can only do so by heavy memory consumption and CPU cycles. So users are forced to choose between, for example, a broad and deep analysis or high-speed performance. Traditional databases also use much more memory, caching, and CPU cycles to maintain the cache on top.

But SAP HANA’s in-memory platform eliminates disk I/O, reduces memory consumption, and minimizes data redundancy along with the associated need for more storage space. Superior performance is backed by optimized compression, columnar RDBMS table storage, persistent data and log storage, partitioning, massive parallel processing, and ACID compliance. ACID (Atomicity, Consistency, Isolation, and Durability) compliance ensures transaction reliability, while partitioning supports the deployment of massive tables – dividing them into smaller segments that may be placed on multiple machines.

As a result, HANA makes computing faster, easier, and more efficient. It makes broad and deep analyses possible along with real-time availability, high-speed response, and powerful reporting capabilities. Code, application development, and set-up are simplified, with end users able to enjoy a richer and more relevant experience. Finally, SAP HANA streamlines a company’s data footprint making processing and operations more efficient than ever.

Contact American Digital to discuss whether or not SAP HANA is right for your organization.

Protect Patient Data and Provide Better Care With Hybrid IT Solutions from HPE

Posted on: August 16th, 2017 by Daniella Lundsberg

Hospitals are seeking new ways to improve patient care, reduce readmissions, and improve or maintain a healthy bottom line. EHR systems, telemedicine, and cloud-based diagnostic applications provide clinicians access to information anywhere at any time. These technology capabilities let healthcare organizations optimize ways to monitor patients’ health status, especially when remote. They capture and analyze an increasing amount of data to make better patient care decisions. Additionally, these technologies improve collaboration among internal caregivers, pharmaceutical reps, and payers.

The benefits to implementing these technologies are well documented.1 For example:

  • Facilities using healthcare IT systems can fully audit patient records in 1.4 hours as compared to 3.9 hours with paper auditing systems.
  • Over 82% of healthcare professionals reported that electronic prescriptions save time and reduce efforts.
  • Over 75% of laboratory clinicians said that using EHRs allowed them to receive lab results faster than with conventional methods.

In order to leverage the power of technology, healthcare providers need an IT environment with the flexibility to meet their patients’ needs and to facilitate communication, data collection, and analysis for faster and more accurate patient diagnosis. This means implementing a system that is agile, secure, meets compliance requirements, increases transparency, and improves overall quality of care while meeting cost goals.

Legacy IT environments are frequently unable to support the processing requirements of analytics or the network bandwidth required for cloud applications. These older systems hinder healthcare organizations’ ability to keep mission-critical applications available when downtime can be a matter of life or death. Different systems that can’t share data have a negative effect on quality of care. Older systems are also less likely to be robust enough to meet imaging/video requirements for patient diagnosis.

Modern, virtualized hybrid IT environments offer the agility, availability, and security necessary for healthcare providers who need to control and keep patient data confidential onsite, yet want to access cloud-based applications and critical information to make better diagnoses.

In a hybrid IT environment, organizations can leverage on-premises infrastructure and seamlessly connect to the cloud for workload optimization. Organizations can tailor their individual approach to IT, deciding which workloads should move to the cloud and which ones to keep on-premises.

Modern hybrid IT can improve the quality of patient care and control costs through:

  • Visibility across healthcare sites
  • Higher, more consistent availability
  • Greater data security
  • Faster data analysis
  • Improved collaboration among doctors, patients, and staff
  • The ability to provision compute needs and reduce downtime or latency
  • Increased scalability
  • Lower costs and a more predictable method of managing the budget by shifting capital expenditures to operational expenditures

To embark on the hybrid IT journey, healthcare organizations need to modernize and virtualize their on-premises legacy IT environment and supplement it with a simple set of comprehensive, yet easy-to-use management tools. Hewlett Packard Enterprise offers “out-of-the-box” hybrid IT solutions for healthcare that are tightly integrated servers, storage, and networking components in a simple-to-deploy virtualized appliance. Smaller organizations with smaller IT staffs can benefit from the HPE ProLiant Easy Connect EC200a Managed Hybrid Server that provides pre-configured cloud services, complete with automated backup and recovery. This solution requires no capital investment as it has a predictable monthly subscription fee.

For larger entities, hyper converged solutions, such as the HPE SimpliVity 380, offer a pathway to the cloud with more advanced IT capabilities. These all-in-one virtualized systems feature tightly integrated compute, software-defined storage, and software-defined intelligence to provide automation, intelligent analytics, and affordability with investment protection.

Hewlett Packard Enterprise hybrid IT solutions enable healthcare facilities to create a single platform for onsite and campus environments, facilitating ease of management and secure predictable performance. Additionally, hybrid IT solutions enable healthcare organizations to determine where best to execute workloads to comply with data residency laws and HIPAA regulations.  Improved access to data provides better control and improved quality of patient care.

To learn more about hybrid IT solutions for healthcare and if it’s right for you, contact American Digital today.

1 The Certification Commission for Health Information Technology, “Benefits of Healthcare Information Technology,” Dec 20, 2015.

Hewlett Packard Enterprise specializations include Platinum: Converged Infrastructure, Networking, Storage; Gold: Cloud Builder.

The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. 

Hyper Converged Systems Tackle IT Challenges

Posted on: August 8th, 2017 by Daniella Lundsberg

IT professionals have a laundry list of challenges to tackle. Rising to meet the changing dynamics of the businesses they support can be a full-time job in itself. Add to that the task of keeping up with new technology, infrastructure that is difficult to deploy, disparate tools that can be cumbersome to maintain and hard to manage, limited personnel resources…you get the idea.

Still, job #1 is ensuring that they can accommodate the demands of today’s businesses. In response, many IT organizations have launched virtualization and cloud projects to drive improved service delivery and increase IT agility. However, for some organizations, these virtualization and cloud initiatives have led to incomplete projects, increased management complexity and higher operational costs. What is really needed is an IT infrastructure where everything is designed to work together as a unified system.

Enter the HPE Hyper Converged infrastructure

It is the natural progression in the evolution of IT architecture. Everything an organization needs to compete in today’s online marketplace is integrated and packaged together into a single appliance—from a single vendor. This includes servers, storage, virtualization software, networking and intelligent management capabilities.

Hewlett Packard Enterprise Hyper Converged systems are preconfigured, preinstalled and designed to scale—the system is essentially a virtualized data center in a box. The HPE Hyper Converged 380 powered by Intel® Xeon® processors is based on the highly configurable HPE ProLiant DL380 Gen9 Server combined with VMware vSphere®. These systems significantly improve flexibility in deployment and ease of management. HPE Hyper Converged 380 is available in configurations for general purpose virtualization or cloud applications or tuned for VDI/client virtualization. HPE Hyper Converged 380 is delivered as a fully integrated system including storage, server, graphics and virtualization, fully tested and supported.

Adjusting for growth is frictionless as these systems scale out in a linear manner. The HPE Hyper Converged architecture integrates grid software that automatically discovers and adds new nodes to the cluster, delivering additional compute and storage resources as needed. With the integration of all components in a simple chassis and a common management scheme, you don’t need an extra team of specialists. As such, these systems create an immediate and positive impact on capital and operational expenses.

At American Digital, we live and breathe data center transformation. As an HPE Platinum Partner, we can help you identify, source, implement and manage your ideal IT environment. Contact us at marketing@americandigital.com or call us at 847-637-4300 for a free assessment.

Intel, the Intel logo, Xeon, and Xeon Inside are trademarks of Intel Corporation in the U.S. and/or other countries.

 

Increase Value & Velocity: Transform to a Hybrid Infrastructure

Posted on: August 1st, 2017 by Daniella Lundsberg

Organizational IT departments are facing increasing demands to facilitate rapid innovation. The goal to create better customer value puts pressure on IT to meet expectations with greater velocity. IT must adapt to deliver efficient, agile services in new ways. Therefore, there has never been a better time for organizations to reexamine their existing environments to ensure that they are positioned to deliver value with velocity in the era of digital business transformation.

Companies of all types and sizes are racing to modernize their IT infrastructures to take advantage of real-time data. They’re upgrading legacy IT to hybrid IT infrastructures in order to do so. Once real-time data is available, the ability to convert it into immediate, actionable information opens up a whole new world of business opportunity.

HPE ConvergedSystem 500 for SAP HANA powered by Intel® Xeon® processors is tightly integrated and optimized to deliver the highest levels of performance and availability for in-memory computing initiatives. This solution helps businesses achieve increased efficiencies by transforming data into real-time intelligence and actionable insights. HPE ConvergedSystem 500 for SAP HANA allows organizational IT departments to shift their focus to innovation that improves customer experiences instead of operations.

How does it work, and what makes SAP HANA special?

SAP HANA is an in-memory, relational database management system that integrates database services with application processing services. It is available for both on-premises and cloud-based environments. SAP HANA takes big data, real-time analytics and aggregation and combines them with robust data warehousing—all on a single platform. SAP HANA significantly outperforms traditional databases due to its unique ability to keep vast volumes of information in memory—making it instantly accessible. Hence, incoming data can be monitored and analyzed immediately upon entry into the system—unlocking the value trapped inside your corporate data.

HPE Hybrid IT for SAP HANA systems deliver the highest levels of performance and availability for clients’ in-memory computing initiatives. From managing analytics and data warehousing workloads to running mission-critical business applications, they help businesses unlock operational efficiencies and turn large amounts of data into real-time, actionable business insights.

HPE and SAP HANA have a proven track record of delivering rock-solid solutions together. The HPE ConvergedSystem 500 for SAP HANA powered by Intel® Xeon® E7 v4 architecture is a best-in-class system that is readily deployable, yet can scale up and scale out to support even the largest mission-critical application environments.

 

Contact Us

Learn More About Us

Share