VOQUZ NOW volume 17, edition 2


Embed or link this publication


Customer magazine

Popular Pages

p. 1

VOLUME 17, EDITION 2 MAGAZINE FOR IT SOLUTIONS GOOD DATA, BAD DATA E-COMMERCE 10 tips for your success SECURITY Software updates give security HUMAN RESOURCES A success story made by VOQUZ Data Governance: INCREASE MASTER DATA QUALITY


p. 2

FEIDNITAONRCIEAL Helmut Fleischmann Dear readers, nowadays there’s hardly a business process that isn’t somehow based on data. Quality data, and most importantly, correct data is worth a goldmine. Otherwise, if master data is faulty it can cause serious problems. Problems such as incorrect billing statements, defective goods, or lost output can be expensive for companies. However, they can avoid ending up in these situations by implementing a watertight data governance strategy, and in turn increase the quality of their master data on a sustained basis. Our colleague Jörgen Brinkmann will provide some interesting insights on how it will be successful in our lead interview. When people buy online, they often cancel the ordering process. There are a few tricks that can help reduce the number of shopping carts and baskets digitally left behind in the online shop. Heiko Mock will explain how to increase the conversion rate in your online shop in the third part of our e-commerce series. In addition, we will present the five most common mistakes made – and how you can easily avoid them – when SAP system measurements are performed. What’s more, we will explain how to prevent ruinous cyberattacks. The ‘Patch Day’ article will describe how to close the gaps by working systematically. I hope that you enjoy the read, and I look forward to receiving your feedback. Helmut Fleischmann CEO VOQUZ Group 2 CONTENT EDITORIAL /IMPRESSUM VOQUZ 3 IN FOCUS: Worldwide growth DATA GOVERNANCE 4 GOOD DATA, BAD DATA Increase SAP master data quality E-COMMERCE 6 ADDED VALUE Online shoppers want additional benefits 8 10 TIPS Increasing the conversion rate SAP 9 IT´S THAT TIME OF THE YEAR AGAIN 5 mistakes during system measurement HUMAN RESOURCES 10 A BEHIND-THE-SCENES LOOK IT careers at VOQUZ SECURITY 12 PATCHDAY Updates give security PARTNER 14 THE CLOCK IS TICKING! New privacy rules NEWS 15 THE BEST FOR LAST Trade show season and a run IMPRINT Publisher VOQUZ Technologies AG, Marketing Reichenbachstraße 2 85737 Ismaning, Germany Telephone (+49 89) 925191-0 Fax (+49 89) 925191-799 contact@voquz.com www.voquz.com Volume 17, Edition 2 Concept, Editorial Staff, and Creation Kristin Kalitt, Stefanie Lämmel, Cerstin Strauß Picture Credits Cover, S.4: kallejipp / photocase.de S. 6: sol-b / photocase.de S. 9: dommy.de / photocase.de S. 10: Kristin Kalitt S. 12: Alicia_J / pixabay.com S. 14: birdys / photocase.de S. 15: Martin Kögel, Thorsten Schmidt Back cover: SNP The content of this magazine may only be reprinted with the express consent of the editorial staff. The source must be cited, and a voucher copy must be provided.


p. 3

IN FOCUS: WORLDWIDE GROWTH VOQUZ The VOQUZ Group is pushing forward with the Group’s internationalization process by adding new locations and sales partners. Global sales of samQ, our software asset management solution, is the Group’s focus. The VOQUZ Group spent all of last year pushing forward and expanding its internationalization activities. The positive experiences gained with our U.S.- and Romanian-based subsidiaries initiated the launch of expansion for the Group’s global sales and partner networks in 2016. VOQUZ has realized that the Group is ready for this critical next step, especially based on the great success of the SAP license management system samQ in the core markets Germany, Austria, and Switzerland and the successful market launch in the U.S. The VOQUZ Group will initially focus on global sales of the samQ software solution. The Group is now also capable of meeting the demand outside of the German-speaking region, thanks to the new locations and its specialized sales partners with a local and global reach. An outbound sales team was established to provide support for the international sales activities, and it is in turn supported by the colleagues at our nearshore center in Cluj, Romania. This team also supports acquisition of sales partners and value-added resellers, in addition to the end customer business. Specialized partner for sales of samQ VOQUZ partners can sell samQ directly to their customers or use it as a tool in their own consulting projects. However, they will need to meet a number of requirements on their path to becoming a samQ partner. Resellers must bring comprehensive SAP expertise or many years of experience in software asset management (SAM). VOQUZ relies on different specialized sales partners in particular who are established in the target markets or even on the global market. For example, partnerships have been established in several strategically important regions such as Great Britain, the Netherlands, Turkey, India, Brazil, and Chile. samQ partners include companies such as TechMahindra, Freudenberg IT, SNP, DeskCenter, and SoftwareONE. The next step will be the creation of the Group’s own international presence with locations in the major markets. VOQUZ currently has offices and subsidiaries in Austria, Belgium, Brazil, Chile, France, Germany, Great Britain, Italy, Mexico, the Netherlands, Romania, Spain, Switzerland, and the U.S. 3


p. 4

DATA GOVERNANCE Data governance enhances the quality of SAP master data There is often one and the same root cause for incorrect delivery notes, production shortcomings, or mistaken business-relevant decisions: The SAP master data is of poor quality. Processes are aborted and require manual intervention to correct the data, which costs time and personnel resources. In the end, it can be rather expensive for the company. These errors and mistakes can be contained by using an efficient data quality management system. VOQUZ NOW talked to Jörgen Brinkmann, Data Governance Specialist at VOQUZ, on data quality and effective data governance. 4


p. 5

VOQUZ NOW: Why have you dedicated your time to data quality, Mr. Brinkmann? Brinkmann: We were regularly confronted with poor quality data in our customer projects in the past. As a consequence, the customer had more work and increased costs, but it also meant more work for the service provider. In turn, this situation would cause resource bottlenecking and delays in the timeframe of projects or in the daily business processes. It is aggravating for all parties involved. DATA GOVERNANCE VOQUZ NOW: How can you determine whether the SAP data is of poor quality? Brinkmann: Processes are often only aborted because the master data is faulty. You need to manually intervene and correct the data. It is time-consuming and requires manpower, which could be better utilized somewhere else. And it doesn’t really determine a root cause. VOQUZ NOW: Do you have any examples? Brinkmann: There is a field in SAP for debtor’s master data for the VAT ID number if the customer is based in another country within the E.U. By default, this field is not checked when the debtor’s master data is created. It means that a process requiring this combination of information would halt or abort. Then someone would need to configure the debtor’s master data before the process could be completed. All other datasets that could cause the same error would remain undetected. An overview of all debtors would be necessary to quickly and easily check whether they all have a VAT ID number. VOQUZ NOW: Isn’t there a system-internal solution to detect errors and mistakes early on? Brinkmann: Unfortunately, there isn’t one. SAP only checks the validity of individual fields. It doesn’t check the fields in combination with one another. A simple example is the dependency of gross and net weight. It is a simple one: The gross weight is always more than the net weight. But SAP cannot check this fact by default. VOQUZ NOW: Is the affected company aware of this situation? Brinkmann: Yes and no. I’m sure everyone knows that the data can be faulty and that we need to deal with data quality and data governance. But it’s not exactly a popular task, as it’s complicated and devoid of a real structure. The manufacturing trades are especially affected by gargantuan quantities of data. It’s often not immediately clear who is responsible for maintaining the master data. In the worst-case scenario, no one feels responsible for it. And there are often no precise rules governing how the master data needs to be set up. Frequently, there is little documentation on those rules, and they are not accessible by employees. VOQUZ NOW: Then what do you propose? Brinkmann: Companies need to implement an efficient data Jörgen Brinkmann, Data Governance Spezialist at VOQUZ IT Solutions quality management system, and data governance is the solution here. They need to have a written document that precisely defines who is responsible for data quality, who is allowed to maintain the data, and how the data should be structured. VOQUZ NOW: Which person should be responsible for this task in a company? Brinkmann: There shouldn’t be just one person responsible for data quality. Actually, each and every employee who creates, modifies, or deletes data should be responsible. But there should be one person with a main responsibility. It could be a data quality manager who is in charge of an object, like the material master data, for example. He or she is responsible for adhering to the rules and supports implementation of data governance. You could define further people to be responsible, depending on the company’s specific needs or size. You could have a process manager who checks the master data on the process level or even a data entry manager. VOQUZ NOW: How would you proceed when defining the rules for completing the datasets? Brinkmann: Whenever you establish rules, you need to apply an iterative process. It means that you first define rules. Then you check them, changing any if necessary, and doublecheck them to determine whether the rules have brought about the desired effects. It is critical in this process that the corresponding documentation is maintained up-to-date and modified regularly. The documentation is necessary for correctly maintaining the data. So you see, it’s a continual process. But it’s worth the effort. Otherwise, companies can lose up to 25 percent of operating profit due to poor data quality. VOQUZ NOW: There’s room for improvement! Thank you very much for the information and speaking with us today. 5


p. 6

E-COMMERCE Online shoppers demand added value Often there is a mistaken belief that high bounce rates and low conversion rates can solely be attributed to a poorly designed online shop. These key figures can also be an indication that there is no added value for the customer. Customers will not make a purchase if they do not find what they were looking for, despite the shop having a perfectly designed navigational structure, alongside the customer’s pledged intent to purchase and a high confidence rating in the provider. Customers visiting an online shop need to remain on the site until making their purchase, or at the very least, they need to be certain that they will return. The site needs to offer functions with an added value for the visitor in order to make the site stand out from the rest and convince the shopper of making a purchase. Provide a link to similar products Using links to related products is a tried-and-true means to offer added value. For example, if a visitor to the site is interested in a specific television, there is a good chance that they are also interested in other televisions or accessories. The potential customer is ‘forced’ to look at similar products directly on the product detail page. This is extremely important because the majority of customers will not land on the product using the category overview. More often than not, they will have used a search engine, which means they will not have seen all possible products. So it means that when the shopper clicks ‘Back,’ they return to Google and the other engines before having an opportunity to see other possibilities. It would be much better if they could click ‘forward,’ so to speak. Boost sales by offering product reviews and seals of quality There are other features intended to retain the online shop visitor, as opposed to using links to related products. Product reviews are a typical example of this. Users can provide a detailed picture of the product. Product reviews and evaluations help shoppers better remember the online shop, and they improve the probability of the customer returning another time. A similarly popular means is including reference posts on the product (product suggestions, for example) or test and comparison features. Another means worth mentioning is special service offerings that greatly differentiate the online shop from the competition. Service offerings are especially interesting because they can be integrated into the layout using a separate seal of quality. This move creates additional trust. For example, you can allow the customer 30 days to return products, instead of the typical 14-day policy, and provide a live chat feature for any questions, or a service hotline. These offerings can make an online shop stand out from the competition. The number of cancelled orders can be reduced by offering the option to chat. The customer can click a button (click-to-chat) in the shopping cart and on the checkout page and interact with the provider directly. There are other options with similar effects, like a ‘fly-in’ chat, which is activated when a visitor stays on a product page for a longer period of time. If a visitor spends more time than the average visitor on a product page, he could be uncertain or that they still have questions about the product. Sometimes all that is necessary is a single answer to motivate the visitor to make a specific purchase. The ‘fly-in’ chat signals customers that they are important to you, and that you are interested in their problems and needs. Several online shops have applied a similar approach. A chat window is opened anytime a visitor terminates a session wit- 6


p. 7

hout completing an order, enabling the visitor to contact someone directly. This action can reduce the number of times that an order is aborted before purchasing. You can even offer special coupons in this area to motivate visitors to complete their purchase. E-COMMERCE Fast page loading times for an improved user experience You can further optimize your conversion rate by implementing a few technical tweaks. The amount of time your online shop takes to load the page is one of the most important aspects. Generally speaking, users are impatient and know full well that there are alternatives to your online shop. If the page takes too long to load, potential customers will quickly change their mind and pay a visit to a competitor’s shop. Three seconds is considered the average amount of time for loading the page. Ones that take longer will be closed. The loading time is not the only thing governed by a visitor’s (im) patience. The amount of time needed to search for products or load product detail pages is important. Studies have shown that, for each additional second that it takes for a page to load, the conversion rate drops by up to seven percent.1 An optimized loading time for the overview pages is particularly essential for online shops that offer hundreds of thousands of products and versions. For example, Amazon took note of the connection between loading time and revenue in a study ten years ago. When the loading time is increased by 100 milliseconds, Amazon’s revenue drops by one percent.2 Vodafone has already experienced the importance of loading time. The company’s online shop once took 35 seconds to load for the first time when accessing the accessories page. Typically, the KPI for this type of page is 3.5 seconds (max.). Further, Kissmetrics monitoring and performance tests indicated that nearly 80 percent of customers who were dissatisfied with the website performance were not willing to purchase something from the website in the future.3 For this reason, online shops need to implement caching strategies on the application server instances or with in-memory cache tools to improve performance metrics. In addition, online retailers need to optimize their offering for mobile devices, as well. One-third of German shoppers (35 percent) now makes their purchases using a mobile device,4 and this is an upward trend. This poses special challenges for these retailers. For example, the design of the layout must be responsive, or there needs to be a separate website for mobile devices. Mozilla offers an example of how an optimized loading time affects the conversion rate. The company tested the effects of loa- Heiko Mock, Consultant and ORACLE Commerce Architect at VOQUZ IT Solutions ding times for download conversions of its Firefox web browser in an A/B test. When the loading time of the comparative page was cut by 2.2 seconds, the download rate increased by 15.4 percent in comparison with the regular (slower) page.5..5 Keep it as simple as possible You should keep it as simple as possible for your customers to make purchases from your online shop. Complicated page structures and registration processes have an effect similar to long loading times or long lines at the supermarket. Try to structure your online shop as clearly and simply as possible. But remember to also try to reduce to a bare minimum the number of steps it takes for a customer to make a purchase. Studies have shown that customers will leave the website if they cannot find what they set out for within three clicks of the mouse. They will end up on a competitor’s site eventually. If possible, avoid having customers register to make a purchase. Instead, offer them the option of ordering as a guest. This option makes it easier to complete an order because the purchaser only needs to enter the truly relevant information. It is also important from the customer’s point of view to be able to choose their preferred method of payment. Online shop providers who offer ‘1-click checkout’ have discovered this method’s popularity recently. Likewise, the shipping options are as important as the method of payment. IHF Köln, a German-based market research company, supports this argument with a study. The company determined that the choice (or lack thereof) of payment method affects purchasing behavior. It found out that a purchase was cancelled 24 percent of the time if the customer could not find their preferred method of payment. Source: 1, 2 https://www.findologic.com/zusammenhang-von-conversion-rate-und-ladezeit/ (17.08.2017) 3 https://blog.kissmetrics.com/loading-time (17.08.2017) 4 https://www.springerprofessional.de/mobile-commerce/multichannel-vertrieb/immer-mehr-deutsche-shoppen-mobil/13353384 (17.08.2017) 5 https://blog.mozilla.org/metrics/2010/04/05/firefox-page-load-speed-%E2%80%93-part-ii/ (17.08.2017) 6 https://www.ifhkoeln.de/pressemitteilungen/details/online-handel-kauf-auf-rechnung-immer-noch-am-beliebtesten/ (17.08.2017) 7


p. 8

E-COMMERCE 10 TIPS TO IMPROVE THE CONVERSION RATE Design Visitors to an online shop decide on their first visit to a site subconsciously and within a few seconds whether they want to make a purchase. Customers are attracted to a good, structured design. It influences their decision and affects loyalty. If their expectations and needs are not met in terms of design and usability, they will not make a purchase. Search feature In addition to a well-designed shop, the search capabilities of an online shop are important. If customers cannot find what they are looking for, they will switch to a different site. The search feature should possess a well-functioning filter and have a logical structure. Seals and certificates You can create confidence and demonstrate competency by displaying quality seals and/or certificates. Trusted Shops is the leading seal of approval for online shops. When an online shop displays it, it instills confidence and provides customers with a sense of security. You should place this seal of approval in a prominent position on your online shop, if you have received it, and it should appear on all sub-pages. Further seals of approval include the TÜV SÜD seal and the certificates from Safer Shopping and EHI – Geprüfter Onlineshop. Product descriptions Product descriptions are not only critical for optimizing your search engine functions, they are also intended to evoke positive emotions in the potential buyer. In addition to a detailed product description, the product’s added value and its main characteristics need to be highlighted. The product description should be no longer than 200 to 300 words. Product reviews Product reviews are particularly important because they show that other customers have been satisfied with their purchase of the product. It is human nature to want to follow the recommendations and reviews of other people. Well-crafted product descriptions are an incentive to buy, and they should also be integrated in an online shop. You should try to motivate customers to review the product they just purchased so your reviews are always up-to-date. Shipping costs Customers will purchase items more often from an online shop that does not charge for shipping, as observations have shown. They are more inclined to accept a higher price for a product if it means no shipping costs. An alternative to free shipping is an online shop with a limit to the shipping costs. This means that customers are not charged for shipping if their order exceeds a certain amount. The customer will try to order this amount or even more. Delivery times The faster the delivery comes, the higher the conversion rate. Customers are not used to waiting long for their products, as there are companies offering same-, next-day, or two-day delivery. Many products are also available from other online shops, so it is important to offer customers fast delivery. Otherwise, they will go to a competitor. Payment methods Customers have their preferred method of payment. If they are not offered this option, they will also go to a competitor. For this reason, it makes sense to offer a wide range of payment methods. The most popular payment method is still an invoice, in addition to PayPal, direct debit, and credit card. Live shopping Live shopping is a type of shopping in which a product or service is offered at a lower price for a certain period of time. It creates desirability because it is a rare opportunity and it evokes many emotions in potential buyers. They have a chance to save big money, but for a limited time only. Bonus system If you offer a bonus or ‘goodie’ to a customer when they make a purchase, they will be more inclined to buy again. A bonus system helps create customer loyalty and adds an incentive to purchase. 8


p. 9

IT’S THAT TIME OF THE YEAR AGAIN The five most common mistakes made when SAP system measurements are performed It’s the second half of the business year already. It means for many SAP users that the next system measurement is imminent. This time is accompanied by a huge amount of work to procure the proof needed to show that the SAP systems are be used according to the license agreement. SAP It is not an easy job. SAP customers need to have the appropriate licenses based on their current usage and according the price list. And things can go wrong in the process. We have compiled a list of the most common mistakes made, and we will also let you know how to avoid them. 1. Your license manager and the SAP basis have different ideas regarding assigning licenses License managers are normally not power users, and they place their absolute trust in the USMM results. The basis, however, does not know the entire license portfolio. Yet they need to decide how to assign the licenses. Often, the licensing terms are not clear for both parties, making the situation even more difficult. The easiest solution: overlicensing, which also leads to greater costs. For this reason, you need a guideline for licensing. Ideally, you need a license management tool. 2. You do not have an idea of indirect usage There are third-party applications that use SAP data in nearly every company. If you ignore this usage, it can become very expensive very quickly without the corresponding SAP agreement. For this reason, we recommend analyzing all technical interfaces in your SAP landscape. Determine which usage is critical for your business to be successful and what is the cost for licensing it. Be proactive. Reach out to your SAP representative. 3. You optimize your licensing landscape just before the measurement takes place These short-term ‘clean-up’ measures only give SAP more reason to take a closer look. You can qualify yourself for an audit involuntarily when you optimize or deactivate users shortly before a measurement. A much better option is to optimize your licensing on a regular basis over the course of the year. Smaller-scale changes are easier to follow and justify. If you use an appropriate tool, there will not be any extra effort involved. 4. You do not know how much more to purchase If the system measurement determines that you need to purchase additional licenses, you do not have any time to check your actual need on your own. Your company discount is no longer effective and you lose your negotiating leverage. You absolutely need to know exactly if and how many additional licenses need to be purchased before the system measurement. Look up which licenses you need and know the terms. A license management tool can help you with these tasks. 5. You blindly accept the system measurement results You send your results to SAP without checking them first after using the SAP-based tools USMM and LAW. Remember, remain vigilant. Compare the results with your own calculations and carefully check any discrepancies. A license management tool would be helpful in these situations, as well. 9


p. 10

HUMAN RESOURCES IT careers at VOQUZ Alexander Kargl started working at VOQUZ ten years ago as a student trainee. Back then, he was just bridging the gap until the next semester started, and wanted to gain hands-on experience. Ten years later, he is a successful consultant and still feels very happy at VOQUZ. Why? And what is his motivation at work? He explains this and more in an interview with VOQUZ NOW. 10


p. 11

HUMAN RESOURCES VOQUZ NOW: What made you choose VOQUZ? Kargl: When I finishd trainee ship as an IT specialist, I was looking for an opportunity to further my education and applied to a vocational school for business IT. I decided to look for a job as a student trainee to bridge the gap until the new semester started. And I found what I was looking for at VOQUZ. I started out in network administration and had an opportunity to delve into the various IT areas. VOQUZ NOW: What other learning opportunities have you taken besides studying? Kargl: IT studies are not very practically oriented, so my job as a student trainee at VOQUZ was perfect for combining theory with on-the-job experience. I learned a lot here, and it helped me understand complex information. Often, the key to success was self-appointed studies. If I didn’t know something specific about programming, I just picked up it on my own. Training onthe-job and working as a member of a team helped me greatly. You could learn a lot from one another. VOQUZ NOW: What did VOQUZ offer in the way of development possibilities? Kargl: The flat hierarchies here enabled me to quickly start working on my own, and I was responsible for my own IT area. It gave me the chance to continually develop myself further. In addition, I could look for other areas into which I could delve deeper. They included Microsoft technologies such as SharePoint and windream, the document management system. All the while, I learned about various programming languages. I could really actively contribute to the company’s productivity by developing and expanding software solutions for in-house use. It gave me a good feeling and made me feel highly motivated. VOQUZ NOW: After you completed your studies, what did you do at VOQUZ? Kargl: I earned my qualification in 2011 and I started on a project immediately. As a junior consultant, I was in charge of creating the HR area for a customer within the CMS system in use. The next few projects were to replace the previous CMS system with Microsoft SharePoint and then roll it out in the HR area I had just developed before. It was invigorating and I learned a lot. VOQUZ NOW: What exactly did you learn? Kargl: I learned, for example, that you cannot forget about the user when implementing IT projects. It is absolutely necessary to have the user’s acceptance, as well. These ‘soft’ facts are often neglected nowadays because their costs cannot be visualized so well in projects. I realized that it was to my advantage to have a command of soft skills, in addition to knowing the technical aspects. You need a certain degree of human understanding when consulting and dealing with customers. You need to react well to the various situations if you want to wrap up a project successfully. VOQUZ NOW: In the meantime, you’ve been with the company for more than ten years. That’s a long time nowadays. Did you ever consider changing jobs? Kargl: No, not really. There are still a lot of new tasks for me here. I worked in various departments and I proactively sought out change because I’ve always been curious about new technologies and tasks. You can actively contribute much to a company, especially an SME, because you’re more than just a cog in a gear. There’s a great advantage. Work has always been a lot of fun, and I like my work environment. When the company changed its business form in 2014, there were new and interesting opportunities available, such as working in a development team and the associated travel abroad for it. The new international orientation of the company is Alexander Kargl, Consultant at VOQUZ IT Solutions attractive, and I was able to improve my command of English. VOQUZ NOW: What professional goals have you set for yourself in the upcoming years? Kargl: I’m pretty diverse in my choice of topics, so I have a good basis enabling me to help customers as a consultant. Currently, I am focusing on consulting because it is an area I still enjoy, and I would like to delve deeper into it with the skills I’ve already learned. VOQUZ NOW: It sounds exciting. We wish you the best and much success. Thanks for speaking with us! 11


p. 12

SECURITY Closing the Gaps by Working Systematically The ransomware worm known as WannaCry paralyzed big-name companies such as FedEx, Telefónica, and Deutsche Bahn in just one weekend. At the same time, it demonstrated to the entire world the need for software updates. The companies affected by the cyberattack would have known about the gaping security gap. It was based on a neglected patch management system – an update that was forgotten. But could the cyberattack really have been avoided by a simple update? 12


p. 13

SECURITY A new software version or an update to software is highly susceptible to hackers’ attacks shortly after it is released. For this reason, most companies wait until the kinks have been worked out before they apply the update. It is a mistake to assume that you are safer with the older version of the software. Often there will not be another update for it after a certain period of time. Case in point: Windows XP, which has not had an official security update in three years. Despite this fact, there are still many companies using Windows XP. Likewise, there have been no more new patches for Windows Vista. The updates for Windows 7 will be discontinued in 2020, and for Windows 8 three years later. The situation is different for a patch update. Once a security gap in a system is discovered and the software provider releases a patch, it must be installed. A patch release is a perfect indicator for a hacker to mount an attack. The race begins, and the hacker should not be allowed to win it. Patches, patch management, and updates What are patches, patch management, and updates in the first place? And how do they differ from one another? An update is a new version of an existing system. It offers new functionalities, expansions, and greater protection. A patch is a minor change to the software’s code; for example, to close a security gap. Patch management is one of the most important parts of system management, and it deals with applying the updates and patches. A well-designed patch management system can greatly reduce the probability of falling victim to a cyberattack. The problem is not solved by patch days alone It may be the case that, every Tuesday, Windows releases its security updates, but this move will not solve the overall problem. Unfortunately, people still assume that many security problems can be resolved by applying the new Windows update, and nothing else. "CVE Details", the popular security vulnerability database, detected 389 security gaps in Windows 10 (as of 17 July 2017), but the real numbers are certainly higher. What’s more, the risks posed by Java platforms and Adobe solutions cannot be neglected either. Adobe and even SAP have recently released new patches to close security gaps. However, companies use many other software products and applications alongside Windows. If they are not also kept up-to-date, a hacker has an easy time. The consequences for a company can be varied, ranging from data theft to infiltration of viruses that can paralyze the entire system. the costs and work effort low. It is important that IT departments know exactly which systems, programs, and applications are installed, and where. There are special tools to manage the existing systems, programs, and applications in order to maintain the big picture despite the gargantuan quantity of information. In addition, tools can also automatically apply patches and updates, even. However, you cannot forget in the process that each computer is different. A hacker will be far more interested in the CEO’s computer than in the receptionist’s computer. Consequently, the missioncritical systems need to receive highest priority when implementing a patch management system. Furthermore, the first systems to be patched are the freely accessible front-end and e-commerce systems. There can always be complications when applying a new update or patch, so it is essential that you make a backup of the data first. It must always be possible to restore the system to the previous state. You can avoid any surprises by testing the update or patch on a separate system that does not pose a risk to the company. A larger company should use its own testing environment. In addition, the IT department needs to know which updates and patches are actually relevant for the company. Just because something is on the market currently, it does not mean that it is also important. It makes no difference to a company if the color of the font changes with the update. But if the update means improved security or enhanced user friendliness, then it is a good reason to apply the update. Setting the right priorities is critical. Summary Companies need to rely on secure software and an operating system that works properly now more than ever. The first step for companies is to protect themselves from viruses and hacker attacks by implementing firewalls and other security products. To ensure proper protection, both hardware and software need to be kept up-to-date, and they need to work together seamlessly. Updates are important because they improve software features and fix bugs in the software, but more importantly, they close security gaps. If you do not apply updates and patches, it is like crossing the street with your eyes closed. You might make it to the other side, but you might not. The question that a company needs to ask itself is: Do we really want to take such a big risk? In the end, the hacker always wins and the company always loses. Patch management takes special needs into account and prioritizes tasks Patch management is increasingly more difficult for companies as the IT landscape becomes more complicated. The increasing number of applications makes it essential to implement a strategy that offers the highest level of security possible, while keeping 13


p. 14

PARTNER New data protection rules are forcing IT departments to act Many companies needed to check their data protection policies by May 2016 at the latest. That marked the date when the new General Data Protection Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data was passed in the E.U. There have not been many large visible changes made, although the clock is ticking. IT departments will increasingly be under pressure to act when the new regulation officially takes effect in May 2018. It is an ambitious deadline, but feasible, provided that companies start implementing measures now. Companies need to act now More specifically, the data protection and IT departments need to act and start developing concepts that ensure that information is secure when the data is processed. These concepts define how to use personal data in the company’s own IT landscape and describe the policies and processes that take into account data protection, accountability/responsibility, data portability, and implementation of the individual’s desire for deletion. Companies are called on to start closely reviewing the current status of the processes they use that affect personal data in order to not succumb to the intense deadline pressure and risk heavy fees for non-compliance. The complexity of the transformation process can be significantly reduced early on if companies carefully assess which data is necessary in the first place. This saves time and money. In addition, the data quality is a critical factor: The better the data fits to a defined data profile, the easier it is to determine measures to fulfill the new regulations by the deadline. Powerful software tools ensure that your analysis is precise and that implementation is successful Automated software tools such as SNP System Scan and SNP Business Process Analysis can offer substantial benefits when it comes to the anonymization of data and the identification of processes that used personal data. SNP System Scan provides an overview of the SAP system and especially targets the scope of the organizational structures and the usage of modules. On the other hand, SNP Business Process Analysis (SNP BPA) is used for analyzing and visualizing business processes and workflows. When the analysis and design stage is complete, SNP Data Provisioning & Mas- king (SNP DPM) automatically implements the determined requirements. With the software, it is possible to reduce the costs of testing and training scenarios, and this protects sensitive customer and product data from misuse, both internally and externally. Clear-cut interface analysis accelerates transformation projects Practical experience has shown that you cannot view an application system as an isolated object when anonymizing. The analysis needs to incorporate the systems that communicate with one another and which data is exchanged at the interfaces. SNP Interface Scanner (IFS) checks and documents interfaces with little effort and displays which types of interface are used where and how often. An article by Gerhard Krauss, Managing Director at SNP Applications DACH GmbH. 14


p. 15

NEWS THE BEST FOR LAST Fall kicks off the trade show season Our marketing department is working in high gear, scheduling trade shows. Brainstorming sessions are taking place. Employees are planning, organizing, and designing the best possible exhibit. We will be attending the 2017 DSAG Annual Conference in Bremen, Germany, from 26–28 September. It is the largest Germanspeaking SAP event that takes place every year. This year’s conference will be the 18th, and attendees will be rallying around ‘Between the Worlds – ERP and Digital Platforms.’ We will be exhibiting samQ, our SAP license optimization tool, at booth E14 in hall 5, offering valuable tips on indirect usage. A few weeks later, we will be at the it-sa in Nuremberg, Germany. It is Europe’s largest expo and conference for IT security, focusing on cloud computing and mobile and cyber security, as well as data and network security. This year’s it-sa will take place in the Nuremberg trade show center from 10–12 October 2017. Our partners DeskCenter and Acunetix will share our booth with us (10.0-114). Running Well A healthy body means a healthy and alert mind. For this reason, our colleagues in Munich, Germany, have laced up their running shoes for the B2Run again this year. This large-scale race is directed at companies, and it takes place in a variety of cities around Germany. This year, more than 30,000 runners and walkers have registered in Munich. The race route is six kilometers, so the fastest runner needed only 18 minutes to complete the race. Hat’s off to the winner. Our colleagues thought so, too. However, we place more value in the Olympic mindset of our runners. For this reason, good job on a great race! And we look forward to seeing you next year! VOQUZ LOCATIONS DACH Hamburg T +49 40 675968-0 Dusseldorf T +49 211 577996-0 Berlin T +49 30 3641 8831 Frankfurt T +49 69 6607680-0 Stuttgart T +49 7195 92255-0 Munich T +49 89 925191-0 Austria T +43 1 5222015-10 Switzerland T +41 52 62008-80 contact@voquz.com 15



no comments yet