A few months ago I blogged about “The importance of being trained…” after attending an ABAP training course with SAP’s Education Department which left me regretting not having done it earlier. Different opinions about the cost : benefit ratios of training approaches were voiced in the resulting discussions, and I would like to follow-up with another positive experience of a similar nature which is also not for free – but in my books well worth it if you have made serious investments in your business and SAP technologies to support it.
I have since attended three specialized customer security workshops as part of the MaxAttention contract option – two of them together with the customer to meet with experts from SAP on an annual basis for information exchange and one representing SAP with a customer wanting specific release dependent upgrade information not included in the standard ADM education scopes.
From the feedback, the SAP experts benefitted from the information gained from these focused workshops as much as the customer did. I can also vouch for the same: discussing customer specific implementation aspects “in the wild”, doing demos of new and improved standard functionality, finding solutions during the sessions which were previously not known and even producing a few SAP note corrections to the standard system. All with a lot of support from the SAP “backbone” behind MaxAttention services.
There were three aspects to these MaxAttention workshops which I would like to mention in a bit more detail, as they were key ingredients for me:
The audience: Including security folks (authorization & user administrators as well as infrastructure security) together with development members, system administrators, solution architects and compliance officers makes a good workshop. Not everyone can go into the same level of detail and others need to be moderated a bit, but certain common denominators start forming for the security aspects of implementing and running good software solutions. For example the “basis folks” were at times impressed with what is possible (or even what should be a baseline policy for them to have) which they were not aware of or did not know the background of and therefore did not pay sufficient attention to. Likewise “compliance folks” gained a better understanding of some constraints and the reasons for them.
Sustainable implementations: MaxAttention is not about project Go-Live on time and within budget. It is about doing it consistently in running SAP system landscapes. Although one can use user and role provisioning with an IdM to bring down operational security costs, there is still some tricky security work to be done and important decisions to be made on a day-to-day basis. SAP’s Security Product Management is also focusing on being a part of the “RunSAP methodology” for post Go-Live system support after Elvis has left the building… 🙂 An example of this is the new transaction RSECNOTE (see SAP Note 888889) which automatically scans the systems for important security corrections not included in your patch levels and is integrated into the EarlyWatch service and SolMan. There are many more.
- Close interaction with SAP: Existing implementations using functionality which is in “maintenance mode” or even custom developments which are encountering previously unthought-of constraints are always tricky. You might need to adjust your concept and possibly even change the code more often than you hoped for. Or it simply does not work and there is no other visible option. You can try the SAP Note 11 route, but that takes time and effort and involves other people’s problems as well (I think this is an intended feature of the note :-). In selected cases where the “spanner in the works” was well thought out and presented by the customer, the direct access to experts from SAP who can be accessed via the MaxAttention contract option can make that little difference you need. As one SAP developer said during a (working) lunch session: “Okay… it has just gone “click” for me now.” Actually, the existing customer modification was requested as a basis for a standard SAP development.
I left these workshops with a similar feeling as I had at the time after attending my first (and regrettably late) formal ABAP training: Do yourself and your important systems a favour by recognizing the importance of being supported appropriately.
Disclaimer: This blog is in no way a criticism of SAP’s standard support offered via the SMP global support or even the platform enabled by SCN communities, both of which I have very positive knowledge sharing experiences as well. If you know me, then you will know that there is no doubt about that. But for very focused and specialized security support condensed into a three day workshop, you get what you pay for with the MaxAttention contract option.
Disclosure: SAP is a customer.