Skip to Content
Author's profile photo Former Member

Moving Strategic Procurement from On Premise to the Cloud

Recently I had the opportunity to deploy cloud-based software
from Ariba (an SAP company) at the world’s fourth-largest multinational and
fifteenth-largest mobile-phone service provider (by subscribers). This Germany-based
company had implemented the on-premise SAP Contract Lifecycle Management (SAP CLM)
application a few years back but decided to move to the cloud with Ariba’s
upstream modules for
sourcing, contract
management, supplier information, and performance management


The company’s objectives for its spend management program
were to:

  • Disrupt and streamline the end-to-end procure-to-pay
    process by integrating existing systems and providing greater visibility, driving cost reductions
  • Replace one of its third-party tools

Internal Adoption Assessment

After the customer conducted additional assessments
and made incremental modifications to the internal user adoption-plan
deliverables for subsequent deployment phases, Ariba held several workshops
with representatives from different areas of the customer’s business to assess:

  • The level of adoption needed to achieve the desired business results
  • The effort and strategy needed to achieve that level of adoption
  • The indicators and metrics that could be used to measure the level of adoption

Internal Adoption Planning


Ariba worked closely with the customer to plan the detailed activities needed for
communication and to train the audiences affected by the new cloud solution.


  • The communication plan identified each communication objective, message content, creator,
    sender, receiver, and medium, as well as timeframe and receiver message response options.
  • The training plan identified the specific knowledge and skills needed to perform system
    tasks by each user group. The plan also recommended appropriate training media,
    including quick reference guides (QRG), Web-based training (WBT), classroom training, and

         knowledge transfer (KT) sessions.


Cloud vs. On Premise


It’s also interesting to note what the company saw as the major advantages of transitioning
from an on-premise to a cloud solution from Ariba.

            Company Profile  

              The cloud solution is an affordable solution capable of growing with them – one that offers the

               flexibility of anywhere, anytime access without investment or the need to lock up the capital in IT infrastructure.

Initial Services and Software Investment 

One predictable monthly payment covers everything from infrastructure and software support to daily
back-ups and software upgrades.

             The subscription model converts traditional IT capital expenses into an operational expense, which

               can dramatically improve cash flow.

             Implementation services tend to be less than for on-premise solutions, since installation,
               infrastructure prep, and some configuration tasks are completed by the software-as-a-service
               (SaaS) vendor.

Implementation Time


Although it varies by project size and scope, the implementation time tends to be less than for on-premise
solutions, since installation, infrastructure prep, and some configuration tasks
are completed by the SaaS vendor.

Project Management

             The Ariba team includes project managers in a hybrid role (having the functional lead for on-site deployment)
               and a customer executive manager, who is formally enabled to take over the
               responsibility of supporting the customer after go-live.

Customer Support and Shared Resources

Shared resources provide functional demos, knowledge transfer sessions as well as remote back-up
coverage when needed.

Fifteen hours of Ariba’s Best Practice Center (BPC) support is offered to customers for help/advice with
advanced functionality and best practices.

Documentation / Knowledge Sharing

             Knowledge is available on the Ariba Knowledge, Ariba Connect, and Ariba Exchange platforms; Ariba

               Consulting Council blog; and Ariba Commerce cloud.


Having used a customized on-premise application several
years prior to transitioning to the cloud, the customer experienced less
flexibility with the limited customizations allowed during initial stages of
cloud service deployment.


SAP CLM and the Ariba upstream modules provide the functionality the company needed to achieve the
benefits of a streamlined process. Customers that prioritize ease of use (UI) and supplier collaboration in

the cloud usually opt for Ariba solution, while those that prioritize tight ERP-SRM system integration opt for SAP CLM.

Future releases of SAP and Ariba software intend to deliver better integration capabilities with cross-platform / cross-solution

enhancements and an improved UI to help drive down the total cost of ownership.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Andy Silvey
      Andy Silvey

      Hi Amar,

      this is a very interesting case study.

      One of the biggest challenges to cloud adoption is the question of security and compliance.

      As you said,

           This Germany-based company had implemented the on-premise SAP Contract      Lifecycle Management (SAP CLM) application a few years back but decided to      move to the cloud with Ariba’s upstream modules for sourcing, contract      management, supplier information, and performance management.

      It is very progressive that the company migrated Contracts Lifecycle Management to the Cloud because that is one of the SAP systems which is really containing company secrets which would be of tremendous value to competitors and a trophy for hackers to intercept.

      It would be very useful for members of the community who are curious about the potential for the cloud, but challenged by the business regarding security and compliance if you would share in more detail how the security and compliance risks for migrating Contracts Lifecycle Management to the Cloud were mitigated, as the same mitigations could be valuable for others looking at similar challenges.

      Thanks and best regards,


      Author's profile photo Rachith Srinivas
      Rachith Srinivas

      Hey Andy,

      Check out this white paper for more information on Ariba's Security policies.

      Security Disclosures for Ariba Online Services (English) - 07-07-2006


      Author's profile photo Andy Silvey
      Andy Silvey

      Hi Rachith,

      thank you, I have read the white paper.

      My doubts are fueled by for example, and these are only the recent high profile examples from the last six months:

      . iCloud getting hacked and User's private photo's shared on the Internet

      . SnapChat getting hacked and private photos shared on the Internet

      . Ebay account hacked

      It is my job to doubt and to question and to ensure no stone is left unturned.

      In our Intranet, we have our firewalls, our internal security which is totally under our control.

      In an age of high security, when services like iCloud from such a high profile trusted vendor can get hacked, I find it difficult to have total trust that SAAS and Cloud solutions  will be more secure, consequently, I find it difficult to recommend the company I am working for to go in the cloud direction with total peace of mind.

      I am a strong believer in the investment in third party companies Security Penetration Testing (Pen Testing) company's IT solutions to identify vulnerabilities and make recommendations, and Pen Testing is a valuable tool for supporting a company's security strategy and ensuring that the company's applications and data are being kept secure.

      My trust of SAAS and Cloud solutions would be higher if, for example, the SAAS and Cloud companies/providers transparently hired companies like KPMG to run regular Security Penetration Tests and provided evidence that these tests are being executed let's say, once a month, and that the recommendations are being acted upon.

      In the absence of such a strategy I find it difficult to accept and trust the words written in a white paper. Despite the fact that buried in there is the line that outside agencies are used for security auditing, if I was to consider the services, I would want a detailed white paper explaining only the security auditing by outside agencies, and as I said I would like to see in such a paper:

      Scope of the Security Audit

           What is actually audited ?

           Do they perform security penetration testing ?

                What is the scope of the pen testing ?

                What are the scenarios which are pen tested ?

      Frequency of the Security Audit

           How often do they execute a Security Audit

                Once a year

                Once a month

                What is the scope of each audit

      Actions Resulting From Security Audits

           Within what timeframe do they mitigate vulnerabilities exposed by Security Audits ?


      etc, etc

      Kind regards,


      Author's profile photo Rachith Srinivas
      Rachith Srinivas

      Great blog Amar!