Back in 2019, a friend recommended me for a weekend gig that involved attending and covering an SAP conference in Sydney. Being completely curious and interested in what this would entail, I said “yes”. So here now is the first of three articles produced for Inside SAP.
This piece was published on 26 March 2019.
The original piece can still be read on the company’s website.
Mastering SAP Sydney too place last week on the 18th and 19th of March. The opening presentations had a strong emphasis on security and risk in addition to recurring industry staples.
As with most trade shows and conventions, there’s never enough time to meet, speak with, and catch up with everyone we’d like. However, we did have the pleasure of meeting several brilliant people and attending some highly informative presentations. Notably, we listened in on Mark Weatherford (former USA Department of Homeland Security’s first Deputy Under Secretary for Cybersecurity) providing unique insights into the world of supply chains and the risks they can be exposed to through a lack of due diligence and poor security.
Organisations both large and small can make the exact same mistakes and suffer equally similar financial, social, and physical repercussions. Consider the assorted manufacturing and distribution pipelines at risk for the car manufacturing industry in a world where we can buy German cars with Dutch engines that have Taiwanese computer sensors, American-made wheels, powered by petrol imported from the UAE. The fallout that would ensue if even a single link in that chain were to rupture or break for any period of time can have vast and negative knock-on effects upon other connected suppliers, distributers, wholesalers, and retailers.
As such, it’s important to map one’s supply chains, identify where problems might emerge, and critically: engage with staff. Want to avoid having staff that feel like a nameless cog? Engage with your employees. Brief them regularly. Create a culture that values security and awareness – to know how and when to spot potential issues or problems.
The changes being undertaken by the ATO are a particularly relevant subject to many delegates at Mastering SAP. Matt Voce (Local Product Manager, SAP Australia) addressed Single Touch Payroll in his session: “Deep Dive: Understanding Single Touch Payroll for a Successful Go-Live.” The ATO is currently undergoing the biggest change in tax-related legislation since World War 2. We live in a world of constant change, uncertain as to how anything will work in the future. Yet Australian tax law has, despite obvious developments, not undergone a drastic upgrade in over 70 years.
Matt shared advice and guidance on navigating the change as the STP deadline approaches on the 1st July 2019. His session included a live demo and real feedback from SAP Payroll customers.
As many surely noticed, the topic of security was also a focal theme at the conference. And who better to speak to on the matter than Melissa Price, the CEO of Aust Cyber, who spoke of the importance of a holistic and inclusive strategy to ensure good security practices, standards and enforcement.
“Everyone is responsible for security now”, because if organisations are going to manage risks, it has to involve people from different business unites, and every single person in an organisation needs to be provided a unique set of incentives to entice them to learn about and care about security and change in policies, software, hardware, and procedures. But to avoid a simple band-aid solution, we need to employ change management to ensure the right long-term decisions are made and applied properly.
On Identity Management, we spoke with Simon Ell at Sailpoint, a company that specialises in identity governance, risk management, and access certification. Consider: staff members come and go at organisations, and sometimes a new hire will inherit the computer and access privileges of the previous owner of that particular position. Often times, inheriting a person’s role involves having access to all the same files, directories, and systems of the previous job holder.
But is that necessary? Should someone be able to access folders and files they don’t understand or don’t need access to? Failing to track folder privileges can lead to security risks.
There’s an obvious overlap between the need for wise managerial policies that can ensure employees remain engaged and understand the value of sound and change-prone security policies. Such goals cannot be attained if we do not first stop to pause and reflect upon a long-term strategy.
Opening speaker Dr Jason Fox, summarised the concept when he said: “I guess my hope for folks is that we can pause and reflect a little bit more.”
Interested in learning more about the people we met?
Dr. Jason Fox: https://www.drjasonfox.com/
SAP Australia: https://www.sap.com/australia/index.html
AustCyber: https://www.austcyber.com/
