Scroll Top

Why Organizations Need DevSecOps for SAP Now More Than Ever

TAKE NOTE (Insights and Emerging Technology)

Setting DevSecOps goals are a critical component when aligning mission-critical application functionality with businesses’ needs. In an ideal world, this would allow organizations to increase operational speed, automate manual tasks, provide continuous delivery to the company, and keep what matters most protected.

However, these goals create challenges for IT, operations and information security teams to best support SAP mission-critical applications. With multiple technologies, architectures, and a lack of unified development sets, SAP application developers have to handle changes through a manual coding and change process. Errors in custom code can create quality, security, and compliance issues that impact application integrity, hamper availability, and open the door for additional threats in production SAP systems.

Why SAP Shops Need DevSecOps

A typical SAP environment contains, on average, two million lines of custom code, not to mention a company’s most sensitive customer, financial, sales, intellectual and partner data.

As a very initial stage to DevSecOPs, an analysis to find mistakes in SAP custom code should be mandatory, but that’s not always the case. Secure custom code is seldom taught, and pre-production analysis is a rarity. This type of automated code analysis during development, or at least integration into the development environment, is only used by a small set of SAP customers.

So, just how many vulnerabilities, compliance issues and quality errors are companies missing? Research shows there is more than one critical security and/or compliance issue per 1,000 lines of custom ABAP code, with a typical SAP environment averaging 2,150 issues. Additionally, you will typically find tens of thousands of quality errors that cause downtime and performance issues on production systems.

For decades, security, compliance and quality risks have often been overlooked due to the manual nature of changes, leading to hidden vulnerabilities and errors in the custom code, transports, and systems. The primary resource today to fix this problem is a lengthy and costly investigation, followed by another transport to correct the issue potentially.

Developing a Robust DevSecOps Program for SAP

The DevSecOps process is core to continuous improvement for any mission-critical applications and is something every SAP-based organization needs to consider.

Today, businesses need to move beyond traditional tactics and look toward automated application testing and protection software that can help identify security, compliance and quality errors during the coding process – almost like spell-check.

These solutions insert security in the DevOps process as far left as possible, with capabilities to analyze code development, assist with code build and testing, inspect SAP changes, enforce configurations, assess for vulnerabilities and misconfiguration, and continuously monitor user behavior and threats. They even work on third-party integrations.

Functionality at this level helps businesses ensure application availability, avoid costly repairs, eliminate downtime in production, and establish a security baseline to help measure improvements.

Since many errors can be hidden in SAP custom code and transports and can be costly in the long run, addressing potential issues and ensuring they are not implemented into production can save time and money. In fact, the increased assurance of code quality helps businesses address significant security vulnerabilities and potential compliance issues more efficiently and effectively. It can also help accelerate critical projects, such as S/4HANA transformation and cloud migrations by being better prepared.

Read More

Interested in learning more about RPA? Download our FREE White Paper on “Embracing the Future of Work”

UNDER DEVELOPMENT (Insights for Developers)

SAP RPA and AI Working Better Together


There has been a recent rush to automation as most businesses aim to increase their profit margins. RPA and AI are the buzzwords in the automation sector. Though beneficial, you might not gain as much if you do not understand what the processes entail and how they will impact your bottom line. The information below will boost your understanding of what these two automation processes entail and where they can be best applied in your business.

If your work is connected to the HR, finance, or procurement department, you most probably have worked with SAP software, or in the very least heard of it. The possibilities when using SAP software are almost endless. This explains why currently there are approximately 425,000 customers using the software in over 180 countries, making SAP among the leading enterprise digital ecosystems.

SAP S/4HANA has taken ERP solutions to the next level with two new powerful platforms: conversational artificial intelligence {AI} and robotic process automation {RPA}. These two solutions have garnered considerable hype recently because they can drive productivity that has never been witnessed. They have increased customer satisfaction, and business efficiency.

Despite the conversations surrounding AI and RPA, there is still a lot of confusion about what they are or the things that differentiate them. The following are guidelines that will distinguish the two technologies and help you understand the best time to use them together.

What is RPA?

RPA is a solution that is meant to automate the repetitive tasks in your business. This rule-based software has evolved from workflow automation and screen scraping to allow the aggregation of data, initiation of new actions, and triggering of responses. Now renowned as the digital worker, RPA will mimic human behavior so that it boosts productivity by automating consistent routine workflows. In other words, it is the version of a perfect employee that will accurately handle repetitive tasks.
RPA is process-driven as it automates the rule-based routine processes that often require a simultaneous interaction of several IT systems. The successful implementation of RPA thus requires a meticulous choice of the processes you wish to automate. When deciding the tasks to automate under S/4HANA with RPA, the following are some aspects you should consider:

If the work is routine.
Whether the task consumes a lot of time.
If the job needs minimal input.
If your process’s transaction volume is high enough to substantiate the costs of RPA implementation.
Whether the automated task can be executed as you have documented it.

In SAP, RPA comprises ‘’bots’’ that are designed or created by an ‘’expert user’’ or an ‘’SAP consultant’’. These bots handle specific repetitive tasks in your chosen process. They can work as digital assistants for their users wherein they are classified under ‘’attended bots’’. Alternatively, the bots can work while unattended in much the same way as a digital worker that performs repetitive tasks in the background. Both unattended and attended bots are monitored and orchestrated from a supervisor console. Here is a graphic representation of this process.


RPA in SAP software will comprise three components. These include:

  • Desktop agent
  • Cloud factory
  • Desktop studio

A cloud administrator installs the desktop agent on an end user’s computer. When installed, the end user does not need the administrator’s privileges to adopt his/her device’s Windows profiles and user profiles. The desktop agent is based on a JavaScript framework. It has several drivers that interact with different applications, connect with intelligent services like SAP’s Leonardo machine learning, and manipulate data on a user’s screen, among other tasks.

The cloud factory is a dedicated central component that orchestrates the automation of your processes. It controls and monitors the agents as well as tasks in your digital landscape then presents them in a dashboard. Bots are developed in the desktop studio.

What is AI?

Artificial intelligence {AI} handles enormous data volumes that it converts to actionable insights. It does this by detecting the underlying connections and patterns of your data. Simply put, AI replicates human decision making while RPA replicates actions. In general, AI is the broader term for all applications in which machines will handle human intelligence processes. This explains the common alternative name for AI, ‘machine learning.’ The intelligence processes included in AI are:

  • Learning: This is acquiring the necessary information and the contextual rules for using this information.
  • Reasoning: This entails using the rules and context of the acquired information to reach conclusions.
  • Self-correction: This includes learning from the failures and successes of past actions.

Some of the leading applications of AI include speech recognition, natural language generation, sentiment analysis, machine vision, chatbots, and image recognition. In natural language recognition, for instance, natural human speech and texts are converted into actionable machine data. The most popular example of this is Alexa, Amazon’s voice service.

Machine learning in AI can happen through supervised or unsupervised learning. In supervised learning, training happens through datasets with already known desired outputs. Unsupervised learning involves the use of algorithms that recognize data patterns. The data, in this case, can be structured or unstructured. Structured data includes tables, while unstructured data can be images, languages, or texts in social media posts and emails, among other communication forms. In general, AI processes all forms of data, a huge advantage for businesses

Read More

– Dig Deeper –
RPA Made Smart With AI

Q&A (Post your questions and get the answers you need)

Q. What is OData in SAP?

A. I will assume you are a developer, so my goal is to get you started exploring OData. OK, first – OData is an OASIS Standard that defines the best practice for creating and using RESTful APIs. So in short, it is a web-based protocol for querying and updating data.

OData (Open Data Protocol) was initiated by Microsoft in 2007, but is also used to get information in and out of a SAP via the gateway. The front-end developers use SAPUI5 that is based on OpenUI5. SAP made OData the standard for all solutions being developed using SAPUI5.

As more and more APIs are developed, the different ways how companies implement REST or SOAP services for consuming data grow as well. Some companies even created their own query language; for example SOQL from Salesforce. This makes it hard for development teams to connect and code against them.

OData provides a standard way of implementing RESTful APIs that allow SQL-like querying to interact with them. It basically can be seen as SQL for the web, built on top of the standard protocols (HTTP, JSON). Now these days it’s widely adopted by a lot of companies, like Salesforce, MySQL, Microsoft, Oracle, IBM, Intel, Citrix, SAP…​ The list goes on.

If you want to play around: there is a full working demo service available on Here is just one example query to get you started. Want some practice? visit the online query tool to help you get started creating OData queries.

Pin It on Pinterest

Share This

If you enjoyed this post, why not share it with your friends!