My most recent SCN blog shared highlights of my week at SAP TechEd, which I encourage you to read if you have not already done so, just to keep my observations here in perspective. It really was a great week. But…
This post has been on my mind since May, as it got its genesis during an ASUG Community Meeting at the SAPPHIRE+ASUG conferences.
An SAP employee, who shall remain nameless, responded to a question during that meeting that there would be no educational content on GRC 10.0 at SAP TechEd this year. I was among the people quite disappointed to hear it, as upgrading to GRC 10.0 seems to be one of the hottest topics among security administrators this year. After that conference, I filed that comment in the back of my mind for future reference.
When I planned my personal agenda for TechEd, I did a search on GRC in the session catalog, just in case something had changed.
Let’s face it: that list is pretty slim pickings, considering that the only lecture session listed was my own presentation on the work done by our Security Influence Council.
Fast forward to last week at TechEd in Las Vegas. At the first of the two Expert Networking Sessions I facilitated, I invited all present to introduce themselves and briefly mention the biggest issues on their plates today. Nearly every customer there mentioned GRC: planning for their upgrade, in the midst of their upgrade project, or dealing with the aftermath of going live with one or more upgraded GRC modules. Therefore, I invited them to return the next day for my second Expert Networking Session, which I would devote entirely to GRC and the educational content we wish had been available at TechEd.
I should have taken a photo: the lounge was packed with people eager to share ideas and build a wish list of education sessions they would have liked to attend at TechEd. Those topics included:
* GRC as a technology stack – Basis viewpoint on standing up the technology and architecture options
* Integration between GRC 10.0 and all other SAP technologies, including SAP Portal
* Installation tips and tricks
* GRC and SAP HANA
* GRC and SAP Identity Management – recommendations for getting them to play nicely together
* Structuring security for best practices in GRC
* Configuration of GRC reporting
* Roadmap for GRC
* Job-based provisioning and integration between HCM and GRC
* Customer success stories with Business Role Manager (BRM) and User Access Management (UAM)
* GRC 10.0 and CUA integration – inside/ outside Solution Manager
* Mobile GRC – technology requirements ( GRC Access Approver mobile app, anyone?)
Obviously this wish list contains some topics suited to customer success stories, and I encouraged those customers present who had already gone live with their upgrade to consider presenting at SAPPHIRENOW and ASUG 2013. However, it is my fervent wish that SAP’s GRC consultants and solution management will consider offering lectures on at least some of the more technical topics from this wish list at TechEd 2013. As for hands- on sessions, I offer the suggestion of the MSMP workflows used in GRC 10.0 which are new to just about every SAP security administrator. They may be “old hat” to a lot of customers, but they are new to us.
It has been suggested to me that I just give up and attend a third-party conference dedicated to GRC. The thing is, GRC is just one part of my job, as it is for many of us in security administration, and TechEd is *the* SAP conference dedicated to technical learning. Yes, GRC 10.0 sits on ABAP and is not a wholly unique technology, but there are certainly technical aspects that customers are eager to understand more fully. I hope that those who plan SAP’s education content for TechEd take these customer wishes into consideration for next year, and I also hope that those who have first-hand GRC 10.0 knowledge consider putting in an abstract when ASUG’s Calls for Speakers go out.