As one of the global leaders in enterprise apps and platforms, SAP is taking its position in regard to mobility seriously. So seriously in fact, they are leveraging their own enterprise mobility management solution, Afaria, to enable both a corporate provisioned and BYOD policy. I got a chance to sit down with Oliver Bussmann, CIO of SAP, at SAPPHIRE NOW to discuss SAP’s approach to mobility. Bussmann’s breadth and depth on the subject of enterprise mobility was made clear by his very thoughtful and articulate responses.
We began by discussing SAP’s position on corporately provisioned devices. In the past, SAP had standardized on a single device. However, that is no longer the case. As Bussmann pointed out, “We changed completely. We now provide choices; not unlimited choices, but there is a choice.” Presently, SAP allows users to select from Apple, Android, and RIM devices. For each platform there are several options. I asked him how he decided on which devices make the list. Bussmann replied that “the key motivation for me is that my users are excited. They want to have that device and that they are excited to use it. That is the moment I’ll jump on it. At the end, I am not saying our entire sales- force has to use iPad devices. They can pick and choose.”
There are some categories of employees at SAP who do not qualify for a corporate provisioned device. “We are generous in giving out corporate devices.” Bussmann noted. Those who don’t get them are roles within the company, such as finance and HR, that are typically on-premise. Even so, they see great value in providing the mobile experience for all their users. This lead to enabling BYOD within SAP. “The motivation is all about this mobile experience. We had a discussion on the board level with Jim and Bill and there’s a strong belief that even those people should have access to those mobile apps. Everyone should have that experience.” And it isn’t just the experience that is of concern to Bussmann and SAP. He understands the prominence implementing BYOD brings the enterprise as well. “I think from a brand value, a brand perception, it is critical. I have to, we must.”
BYOD in a global organization brings on many added challenges. Even with the challenges of the laws in Europe, Bussmann thinks it is worth the hassle of setting up the policy to allow BYOD. “Absolutely. You’d be surprised how many emails I’m getting from German users who want to use personal devices. There’s definitely feedback from the different communities. People are saying they want to bring their devices into work.” Since last September, they have brought on about 1,100 personal devices. “We thought we would do a global deployment but decided to do it country by country because the global laws are so specific. We started in Asia and North America and we are now going to Europe. It’s a big push and we are using the same infrastructure [as the corporate provisioned devices]. He continued on to explain that BYOD is done on a voluntary basis and they sign a consensus form to participate. This also means that their device will be managed by Afaria.
There is nothing like using your own platform to understand how it could better serve your clients. In discussing Afaria, Bussmann gave insight into which functionality he would like to see enabled in their solutions. “We need a third email client integration for devices. This is a particular issue for Europe to have a separate email client, a separate password. We have third party vendors who would like to integrate with us. That is something that we want to see. That’s the number one topic. The other topic is that we want to see Afaria integrate with SAP Box. In all my customer meetings it comes up…people love it.”
Mobilty also raises many security concerns, not just with SAP, but all organizations. Bussmann is brokering the interchange between the business need and IT’s concern. Bussmann keenly invited IT staff to a board meeting to discuss their concerns and hear from the top about the business need. “You need, in these cases, executive support to push back and say ‘guys do a risk assessment, find a way to work around and see if it is possible’.”
Bussmann is ushering in fresh perspective into traditional approaches to security at SAP. He pointed out that, “In the end, security has become a case by case risk management topic. I transformed my security guys because they were always thinking ‘kill it or we’ll all bleed.’ I said, understand what’s the benefit, what’s the probability, and what’s the worst case? If it meets the threshold then we’ll have to bring it up to the board and they will make the final call. But we have to move away from people locking everything, everything has to be 150% secure. That’s the old way. That’s not risk management. I can guarantee you that the appetite on the business side to take on more risk is there. If IT isn’t willing to find a way to balance that, the business will find a way to bypass us, no question about it, no question about it.”
This does not mean abdicating all control to the business side’s desires. He believes IT should drive the security analysis. “The experience and sensitivity to understand what it means to be in the worse-case is not there on their [the business] side. They see the pure business benefits. The risk potential, the security threat, is sometimes underestimated. We are the opposite side, the IT folks. We are too pessimistic, too risk averse. Finding that balance, finding the workarounds, finding what’s the acceptable risk level, and making that transparent to everybody so they understand that. You need the risk management procedures in place. We have procedures in place on how we qualify and quantify risk probability; depending on the threshold that gets escalated to the next level. The risk of a million or more, then the board has to walk through and understand and document that. In our case having a combined risk and IT security function is absolutely critical.
SAP’s adroit implementation of mobility within their own organization can only further provide to their wealth of enterprise experience. The willingness to leverage their own solutions and address experience and security in fundamentally new ways, speaks volumes of their commitment and understanding of mobility. I think we can continue to look to SAP to be a leader in mobility for the forward thinking enterprises.
Benjamin Robbins is a Principal at Palador, a consulting firm that focuses on providing strategic guidance to enterprises in the areas of mobile strategy, policy, apps, and data. You can follow him on Twitter or connect on LinkedIn.