Tag Archives: relationship

SAP Embrace gets new love from SAP-Microsoft partnership

SAP and Microsoft are making their cloud relationship almost exclusive with a new program.

SAP Embrace was announced in May as a program to help SAP customers move workloads to public cloud hyperscalers Microsoft Azure, AWS and Google Cloud Platform (GCP). Earlier this month, SAP and Microsoft announced a new development in the program with a three-year agreement to use Microsoft Azure as the preferred hyperscaler infrastructure provider for SAP systems. The deal is intended to address SAP’s issues in moving customers both to the cloud and migration to S/4HANA by providing a simpler, more cost-effective and risk-mitigated path.

SAP Embrace is intended to provide SAP customers a path to the cloud on Microsoft Azure infrastructure, according to the companies. SAP and Microsoft, along with systems integrators, including Deloitte, Accenture and IBM, will offer SAP customers bundles of cloud services, including unified reference architectures, road maps and market-specific information to help mitigate costs and risks of moving to the cloud. Microsoft field sales teams will sell the SAP Embrace bundles directly to customers and Microsoft will also embed and resell components of SAP Cloud Platform in Azure.

SAP worked with Microsoft, AWS and Google to develop the initial phase of SAP Embrace, but subsequent development over the summer led to the partnership agreement with Microsoft to use Azure as its preferred public cloud provider, said David Robinson, SAP senior vice president and managing director of the cloud business group.

SAP customers are in large measure satisfied that any of the three public cloud providers can handle SAP HANA database workloads and run HANA-based applications, Robinson said, but they are looking for a clear and simple path to the cloud, which was the main goal of SAP Embrace.  

“[Customers] would like to understand that, as they migrate to S/4HANA in conjunction with the lift to the cloud, they can follow a path that leads to the intelligent enterprise and will give the most cost-effective and risk managed journey,” he said.

SAP customers lean toward Azure

David Robinson, senior vice president and managing director of cloud business group, SAPDavid Robinson

The SAP-Microsoft partnership came about mainly because the majority of customers that SAP worked with to validate the SAP Embrace model were already leaning toward Azure, Robinson said.

This was primarily because Microsoft had demonstrated that Azure provided a consistent enterprise degree of engagement and support beyond just the compute network and data store, such as support services and lifecycle management, according to Robinson.

“Microsoft understands the enterprise to speak the enterprise language, and has processes wrapped around their compute network and storage around Azure that are more aligned with what SAP customers need to be able to consume and drive their S/4HANA environment,” he said.

SAP and Microsoft relationship may get cozier

It’s unusual that SAP would go with something that’s relatively exclusive, said Joshua Greenbaum, principal at Enterprise Applications Consulting, but it may be a sign of more to come from SAP and Microsoft.

Joshua Greenbaum, principal, Enterprise Applications ConsultingJoshua Greenbaum

“We know that Microsoft’s SuccessFactors implementation runs on Azure and they’re moving their ERP to Azure, so we know Microsoft wants as many workloads as it can get on Azure and they’re willing to incent SAP to do it,” Greenbaum said. “But I think there’s more to this. There will be another component of this deal coming, because I’m pretty sure that the numbers don’t add up for just this much exclusivity.”

Although the Microsoft Azure deal is not exclusive, the other two hyperscalers were not pleased at the recent addendum to SAP Embrace, Greenbaum said.

He pointed out that Robert Enslin, Google president of cloud sales and former SAP executive, and Thomas Kurian, Google Cloud CEO, are likely tapping their considerable experience to develop enterprise applications.

“It’s pretty clear that they’re going for an apps play that can compete with SAP,” Greenbaum said.

For AWS, on the other hand, Amazon’s relentless expansion into virtually every business may give potential customers pause before they entrust their systems to AWS.

“On the Amazon side there’s a lot of customers — retail, logistics, you name it — where Amazon the mothership is encroaching into a lot of core business areas, so a lot of folks are getting nervous about putting their enterprise software on the Amazon cloud,” he said. “In a way, Amazon sort of backed itself into this position.”

Other public cloud options still available

SAP customers still have the option to deploy S/4HANA and SAP HANA-based applications in any public cloud provider they want, Robinson said.

AWS recently announced new memory upgrades to the EC2 cloud infrastructure designed to manage S/4HANA sized workloads. 

“If a customer still wants to run it on AWS or Google, they can still do it; the support is the same and we continue to certify these workloads on AWS on GCP,” Robinson said. “The difference now is not the support or the ability to run, certify and upgrade — we will always certify that these infrastructures perform on database workloads as we design. But with Microsoft, we’re adding an additional degree of abstraction on top of that around the harmonization of the cloud platform services.”

Go to Original Article

Amanda Rousseau on becoming a cybersecurity researcher

The relationship between law enforcement and the infosec community can be cordial and cooperative at times. But it can also be confrontational and divisive, as in the debate surrounding backdoors in strong encryption for lawful access or the arrest of cybersecurity researcher Marcus Hutchins on charges of creating and selling malware.

In this Q&A conducted at Black Hat USA 2018, Amanda Rousseau, senior security researcher at Endgame Inc., a cyber operations platform vendor based in Arlington, Va., explained why the term “hacker” is unhelpful and how cybersecurity researchers find their way from being a script kiddie to putting on the white, black or gray hat.

Editor’s note: This interview is part two of a Q&A with Amanda Rousseau, and it has been edited for clarity and length.

What is your take on the apparent tensions between the cybersecurity researcher community and law enforcement or the government? 

Amanda Rousseau: ‘Hackers’ is really a term for people that don’t know the industry. I don’t usually say ‘hacker,’ unless they don’t know what a security researcher is.

If I’m in my running group, and they ask me what I do for a living, I’m like, ‘Oh, I’m just an engineer — a security engineer.’ [And they ask,] ‘What’s that? It sounds boring.’ You know? 

But even people that started out as a black hat or a gray hat hacker when they’re young usually transition to white hat when they get older. Back in the day — like ’80s, ’90s — that was the case. You can probably find someone and ask them, ‘Hey, did you ever download off of Pirate Bay before?’ … And they’ll probably say, ‘Yeah.’

But now, because they have that knowledge, they are the white hats of today helping out law enforcement, because, now that they’re older, they know it’s bad. 

I mean, even with law enforcement, there’s a fine line between legal hacking and illegal hacking, right? 

What is the best way to explain to those outside the community the nuance that comes with being a cybersecurity researcher?

Amanda Rousseau, senior security researcher at Endgame Inc.Amanda Rousseau

Rousseau: I think that they’re marketing it wrong. They use Hollywood really heavily to show this cool hacker lifestyle. But there’s a whole other side to that. I see it in the military sense; I see it as my mission. It’s more like cyberwarfare to me — that it’s my duty to protect whoever I’m protecting from the digital threat. If you see it in a sense of being a protector or a blue-teamer, it’s much more approachable than the negative context of being a hacker, right? 

And ‘hacker,’ in the dictionary, it was considered as a negative term. But in reality, it’s someone who thinks outside the box, finds the bad thing and then tells people how to fix that. And it’s hard to explain that to people who are not in it. But I think if you explain it in military terms, it’s much more easy to consume.

If you’re going after someone’s assets, you want to protect those assets as the guard. But you have to actively monitor what’s going on and then fix it as you go. And that’s pretty much what we’re doing, [asking], ‘How can we think outside the box to protect ourselves?’ And, ‘Can we probe ourselves to make sure that we’re protected from ourselves, too?’ — which we call pen testing

With the military analogy, the defensive part is pretty easy to explain. But could you expand on the offensive pen-testing angle?

Rousseau: There [are] two sides of that spectrum of people doing the offensive work so that the bad guys don’t actually do it. And [there are] the people who are defending, [who] build those infrastructures to protect it. 

Somebody has to play the other side, but they can’t know anything about the other team. They have to figure it out during the exercise. And that’s where you evaluate whether or not your assets are protected, which we call ‘red versus blue.’

The analogy I like to use is my car analogy. You have a purse in your car or a bag, backpack, right? It’s out in the open; [the] bad guy sees it [and thinks], ‘I want that bag.’ He could just bust the window in and get it. And you’ll figure it out early, because the car alarm will go off, the window’s busted and your bag is stolen. So, you can immediately rectify the situation. 

But because the bad guys are learning and getting smarter, they’re finding stealthier ways to get the bag out of the car without you knowing about it. Say, they figured out how to open the door through the rearview mirror by messing with the switches and unlocking the door. And instead of just taking up the whole bag, what they do is they put in a decoy bag so that you think that nothing is wrong until you look inside and there’s nothing in there.

It’s similar to protecting your assets. How do you know someone’s in your network if they’re being sneaky about it? You have to bubble up all of these alerts and logs in order to respond to it. And respond to an alert that makes sense. 

In the Target breach, they didn’t know how to respond to the alert, because the alert was so vague that they didn’t do anything about it until it was too late. A lot of it comes in usability and scalability. Can I put it on 1,000 desktops? And can I manage it with one to two people? 

If you think about it, there are more people trying to attack you than you can defend. So, the whole science around all of these vendor tools and everything is trying to make those two guys’ — that are doing blue team — lives much easier in protecting a huge company.

What do you think when you see stories about something like the recently discovered Yale breach, where they didn’t realize that it happened for 10 years? 

Rousseau: That’s common. I’ve been in breaches where they didn’t know it was in there for six months. [The attackers] kept coming back in and stealing more, coming back in and stealing more. And they found out they came in from a previous breach, so there were multiple people in the same network stealing.

They thought that they were covered. Their internal team, they had these certain [security] tools, but they weren’t actively looking. When they did log analysis, they were manually printing them out and analyzing the logs one by one, thinking that they would catch something. But scaling-wise, you really can’t do that.

Even people that started out as a black hat or a gray hat hacker when they’re young usually transition to white hat when they get older.
Amanda Rousseausenior security researcher, Endgame

It comes down to data science to bubble up the things that are anomalies and are important. With all of these cloud servers and data all over the place, there’s so much information on the internet that you’ve got to be able to scale to that level. 

Even now, I’m having trouble going over just 1,000 samples an hour. I can’t make copies of myself. But I can make code that can do my job. 

There [are] not enough people in the industry that do these technical jobs. That’s why I try to give back to the reverse-engineering community as much as I can — doing workshops and talks like this and different code — because I know how hard it is. It took me forever to get to where I am. I didn’t have those types of resources growing up; I just had to sit there and figure it out. 

Even the trainings that people come out of the military with, or the DOD [Department of Defense], or law enforcement, they’re forced to get some trainings, but some of them are not up to par of today. I think Black Hat is probably the closest you’re going to get to training that people actually use. 

How do we scale training and education to create the next generation of cybersecurity researchers?

Rousseau: That’s a big question that I might not be able to solve.

Slowly, but surely. You look at how big this conference is now and how big DEFCON is and all the other conferences, how big RSA is. There [are] all these little tiny conferences spinning up, and we’re all sharing information, but we have to compete with all the other careers out there, like medicine and finance.

There are so many BSides out there that try to cater to people local in the area, like Minnesota, Chicago, the Midwest, pretty much. So, they’re trying, but the content has to be there, too. Everyone can do technical work, but not everyone can teach. That’s another thing.

If they don’t know their audience, it’s going to be intimidating to people, and they’re going to lose them through teaching it. That’s why you have to provide more opportunities for different learning styles. I’m a visual learner; if you don’t have slides up, I’m not going to absorb anything. Or, [some] people just like to listen; [some] people like to read.

It’s kind of a balance of who can actually learn the material, and who’s passionate about it. When I was young, I was going for art. And I didn’t know I would be really good in this field until I took a class. So, you never know what you’re good at until you actually try it. 

SAP cloud applications go Azure with Microsoft partnership

SAP and Microsoft are taking their relationship to the next level in the cloud.

The two computing titans, who have been longtime partners, recently announced a number of initiatives that deepen the relationship, including enabling SAP cloud applications to run on Microsoft Azure.

The companies will also deploy each other’s cloud applications internally and will co-engineer and go to market together with cloud applications and managed cloud services, according to a joint press release.   

Specifically, SAP’s private managed cloud service SAP HANA Enterprise Cloud (HEC) is available on Microsoft Azure, which allows customers to run SAP S/4HANA on Azure’s managed cloud.

Both Microsoft and SAP will run SAP S/4HANA on Azure for internal operations. Microsoft is transforming its legacy SAP financial systems and will implement S/4HANA Finance on Azure. Microsoft also plans to connect S/4HANA to Azure AI and analytics services.

We’re extending a partnership that has a long history and taking it to the next level with an eye towards those joint customers as they move those mission-critical SAP systems to the cloud.
Julia WhiteMicrosoft corporate vice president, Azure

SAP is migrating more than a dozen “business-critical systems” to Azure, according to the press release. That includes S/4HANA, which supports Concur, the SAP travel and expense cloud application. SAP Ariba is also currently running on Azure.

The partnership is important now because joint SAP and Microsoft customers are moving mission-critical systems to the cloud, according to Julia White, Microsoft corporate vice president at Azure.

“We’re extending a partnership that has a long history and taking it to the next level with an eye towards those joint customers as they move those mission-critical SAP systems to the cloud,” White said. “They need to have the confidence and a trusted approach, so it’s about us coming together with a partnership that’s all about both co-engineering and making sure that we have incredible integrated solutions, as well as going to market together and engaging with our customers together for deploying all the way down to having joint support for those SAP cloud applications.”

SAP HANA timeline
A history of SAP HANA

The customers should benefit

The partnership makes sense to Holger Mueller, principal analyst and vice president of Constellation Research, who said in a blog post that the main question may be what took the parties so long, with Azure capable of running HEC since at least 2016, but customers should be happy to see the companies “drinking their own champagne.”

SAP can now expend fewer capital resources on HEC as Azure can now relieve that load, and perhaps put more money into R&D for S/4HANA, Mueller said.

“If all goes well it means customers will have to pay less for running S/4HANA, while it is being operated by a vendor who does infrastructure management (IaaS) for a living, compared to SAP who is certainly in the SaaS and PaaS [space], but less and less (if at all) in the IaaS space,” Mueller said.

However, Mueller noted that the partnership needs to “pick up steam, show customer traction, value and customer success.”

But SAP needs to help them make choices

Jon Reed, co-founder of Diginomica.com, also believes that the partnership could be good for SAP customers, but does not see the announcement as “earthshaking news.”

“It’s more of a logical extension of SAP’s multi-cloud strategy and their ongoing partnership with Microsoft,” Reed said. “It’s good news for SAP customers in that it’s one more sign post on the road to multi-cloud and deployment choice. For Microsoft it’s obviously another validation that Azure has enterprise clout and you can’t really do enterprise multi-cloud without offering Azure deployments.”

It’s ultimately up to the customer to determine whether Microsoft Azure, AWS or Google is the right hosting option for the S/4HANA private cloud or other SAP cloud applications, Reed said.

SAP needs to figure out how much responsibility it has in helping customers make these choices, for example, determining which cloud providers have more strength in machine learning or optimizing data center locations.

“I think that’s an ongoing question and SAP has been thinking about it also,” Reed said. “What customers need here is somewhat uncharted territory, and I think that SAP needs to provide more documentation and cross-checks for customers on multi-cloud features and options.”

Customer trust and confidence are the keys

Running SAP cloud applications on Azure and Microsoft S/4HANA internally is one thing that will help customers choose to deploy on the Azure cloud, according to White, and these experiences will help customers understand how to run the systems.

“Our joint partnership with the co-engineering, the go-to-market, the support is a big differentiator in terms of customer support and trust, but to also know that we are running it first party they know that there’s real engineering experience on both sides is about confidence, about trust, about ensuring that it’s a secure system,” White said. “It also has the halo effect of helping our combined engineering efforts as well, as we are doing it ourselves both on the SAP and Microsoft side, that we learn and see and are able to improve the products because of that.”

To highlight this issue of customer trust, the companies identified The Coca-Cola Company, Columbia Sportswear Company and Coats and Costco Wholesale Corp. as customers that have deployed SAP cloud applications on Azure.

“It really was those types of clients — and ourselves — that really were a motivator to bring this partnership together in a greater way,” White said. “It was that level of company and mission-critical systems that was a catalyst for us to do something different here.”

Docker MTA program helps enterprises target IBM Cloud

With digital transformation in mind, IBM recently beefed up its relationship with Docker to not only containerize and bring existing applications to the cloud but to make them smarter.

Both Docker and IBM have been lining up partnerships to gain an advantage in the lucrative application modernization market.

The goal of the expanded relationship is to make it easier for enterprises to modernize their existing applications. To accomplish this, Big Blue is combining IBM Cloud with Docker Enterprise Edition and other IBM software and services, said Jason McGee, vice president and CTO of IBM Cloud Platform, in a blog post recently.

“As we continue to build on our partnership with Docker, IBM’s ultimate goal is to help our clients modernize and extend their existing applications by moving them to the cloud as easily as possible,” McGee  told TechTarget. “That’s why this work is focused on helping developers quickly convert existing workloads into containers, giving them portability across different systems and cloud platforms. This also enables them to take advantage of the most valuable services the cloud has to offer, such as Watson, machine learning and blockchain, to enhance their applications with new capabilities and experiences.”

Three main points

McGee said the expanded IBM-Docker partnership is focused on three main points: using Docker Enterprise Edition (EE) to containerize workloads and run them on IBM Cloud; bringing IBM into the Docker Modernize Traditional Applications (MTA) program; and making certified IBM software available in the Docker Store.

IBM’s alliance with Docker is the latest in this surge in activities among cloud, platform and infrastructure providers to establish well-formed container-orchestration strategies as part of their hybrid cloud offerings.
Charlotte Dunlapanalyst, GlobalData

“All the major ISVs are putting emphasis on the cloud and with IBM Cloud, one of their differentiators is not just that they have business-critical cloud, but this idea that there’s a way to make traditional applications smarter without having to change the core application itself,” said David Messina, chief marketing officer at Docker. “It’s very compelling to IBM enterprises that are looking at digital transformation and wondering where to start and thinking they have to throw the baby out with the bath water.”

Instead, the model that Docker and IBM are presenting offers a clear, deterministic path where enterprises can make “stepwise improvements” without having to radically change their legacy applications, he said.

IBM Cloud services

With Docker EE for IBM Cloud, developers can migrate applications to the IBM Cloud and integrate them with IBM services such as the Watson artificial intelligence services.

In addition to the Watson AI capabilities, IBM offers services such as blockchain, internet of things support, analytics offerings, serverless computing and quantum computing, among others.

“Cloud providers are preparing for battle in their quest to become the cloud of choice,” said Charlotte Dunlap, an analyst at GlobalData. “They’ll accomplish this through key alliances and adoption of leading OSS [open source] technologies such as Docker and Kubernetes. IBM’s alliance with Docker is the latest in this surge in activities among cloud, platform and infrastructure providers to establish well-formed container-orchestration strategies as part of their hybrid cloud offerings.”

Charles King, principal analyst at Pund-IT, said he believes that working with Docker is a good example of how IBM actively avoids disruption by embracing disruptive technologies. Indeed, “the company has done just that for the past two decades, beginning with its backing of Linux and continuing through a litany of support for other open source projects and relationships with sometimes counterintuitive partners.”

King noted that there is irony in that IBM is working with Docker to “modernize existing applications,” because that phrase is used by IBM competitors to ding Big Blue.

“You often see it applied to services and solutions designed to migrate enterprises away from IBM legacy platforms,” he said. “In this case, IBM is actively embracing self-disruption by underscoring the value customers can realize from implementing containers and working with Docker to minimize the pain and maximize the value of that process.”

The Docker MTA program

Docker and IBM announced their expanded relationship at the DockerCon EU in Copenhagen on Oct. 18. At DockerCon 2017 in Austin, Texas, last April, Docker launched its MTA program to help enterprises modernize legacy applications and move them to the cloud.

“Legacy applications, anchored to on-premises data centers, represent more than 90% of enterprise applications deployed today and on average account for 80% of IT budgets,” said Scott Johnston, COO of Docker, in a statement in April.

At the launch of the Docker MTA program, Docker announced partnerships with Avanade, Cisco, HPE and Microsoft. Accenture and Booz Allen Hamilton are also partners. Now Docker has added IBM as an MTA partner.

The Docker MTA program has helped customers like Northern Trust speed up application deployment velocity. Indeed, under the Docker MTA program, Northern Trust’s Enterprise Technology team was able to provision applications up to four times faster than before using the program.

“This speed of deployment will directly benefit traditional applications and support our overall adoption of enterprise Agile, allowing us to roll out services to our clients more rapidly,” said Scott Murray, CTO of Northern Trust, in a statement.

Meanwhile, McGee said IBM is publishing IBM software in the Docker store, including WebSphere Application Server, WebSphere MQ and the IBM DB2 database.

“This will enable customers to quickly access the software images needed for containerization, and gain confidence in those images through the promises of container certification,” he said in his blog post.

Docker support for Kubernetes

In other Docker news, Docker announced it is integrating the Kubernetes container orchestration system into the Docker platform. This means Kubernetes will be an option right alongside Docker’s own Swarm container orchestration system. Users will have the choice of using Kubernetes or Swarm.

“Support for Kubernetes in addition to the Docker Enterprise Edition capabilities, including security, flexibility and enterprise-grade capabilities across a variety of clouds, Linux distributions and Windows, should appeal to enterprises seeking to centrally manage container applications and speed ROI,” said Jay Lyman, principal analyst at 451 Research, in a statement.