In part one of this blog series, we looked at the risks associated with ignoring a change in technology and licensing, and how Microsoft is working to monetize the influx of mobile devices within enterprise organizations.
In this concluding part, I’ll explore how SAP are adapting to the world of mobile, and also how the new relationship between SAP and Apple will see SAP make apps tailored for Apple mobile devices.
SAP has always had a user-centric licensing model. A named user can log into SAP and access application functionality based on their user ID and the roles assigned specifically to them.
Over the past five years or so, SAP has started to monitor access to SAP applications and data from third-party and bespoke software such as Salesforce or Workday. Under SAP’s licensing rules, each user that accesses data through SAP must have a named-user license to comply.
Many third-party applications funnel access to SAP data through one or a few named SAP users regardless of who the actual end-user is. When an end-user accesses data without their named user license (i.e. from a mobile third-party application), they are considered an “indirect user”. Any indirect usage or access requires that person behind the application to have provisioned an appropriate SAP Named User license or there is a compliance breach.
INDIRECT MOBILE USAGE?
In the example below, a company is metering Salesforce usage through Snow License Manager. Salesforce access is often done from a web browser on a PC/laptop or through its mobile application downloaded free from the Apple App Store or Google Play Store.
For most organizations that have Salesforce for their CRM solution and SAP as their ERP solution, the Salesforce product will be configured to access SAP data. This means that for full SAP compliance, each Salesforce user requires an SAP Named User license to carry out indirect access to the SAP data. The specific license type required to access SAP is generally negotiated, and in many cases, it is a Limited Professional (53) license type or a Special (71) license type which is much less costly than the powerful Professional (52) license type.
You can see from the example of five Salesforce users below, the first three users access Salesforce from either their mobile phone or their laptop. They all have adequate SAP licenses also assigned to them, consequently, SAP would consider them fully compliant.
The last two users are not compliant and questions would surface during an SAP audit. One user does not have an SAP license provisioned at all and the other has an Employee Self-Service license, which is not adequate for the Salesforce requirements.
Although technically acceptable to SAP, the organization in the example below should be considering if the costly Type 52 SAP licenses are really necessary for the needs of Sally and Andor.
SAP typically monitors log-in and access through an on-premise system in the data center. Microsoft, in the example from the first part of the blog, was monitoring access through a cloud-based login process. In both cases, it will attempt to validate that the person has a current and valid software license.
HOW CAN SAP AUDIT MOBILE INDIRECT ACCESS?
SAP has developed auditing techniques that look for anomalous patterns of behavior with regards to login and access. These patterns are identified and can be made available during an audit process by SAP. Consequently, they can better discover if third-party or bespoke applications are accessing SAP data but not through their dedicated SAP Named User accounts. This auditing technique, while initially built to catch problems from people with PC/laptops, applies equally as well from mobile phones. The last thing an enterprise wants is an indirect usage compliance issue with SAP, particularly through a mobile device.
This can open a large can of worms and require an organization to create an architectural diagram of all third party and bespoke applications that connect to SAP – including mobile applications - and a process review of all processes within the SAP system that involve interaction with non-SAP software. It can take thousands of man-hours to develop this comprehensive inventory and can expose millions of dollars in additional licensing liability.
SAP, like Microsoft, has begun monetizing the licensing potential for mobile devices in several ways. As the companies predominant licensing model is user-based rather than device-based, it has worked to assure that it can track when a user is properly behaving with the SAP systems and when it may well be an indirect access compliance issue.
By assuring that all users have a proper SAP license, they monetize access on the mobile device as they do the PC.
APPLE & SAP RELATIONSHIP
Apple and SAP recently joined together in a mutually beneficial agreement where SAP will build corporate apps that are tailored for Apple’s mobile products (iPhone and iPad). From Apple’s perspective, this is clearly a further push to make their devices the mobile of choice for enterprise organizations – especially those that already have a large investment in SAP products. Not only will SAP provide corporate apps especially for Apple products, they will also create a new development kit that developers can use to build their own ‘in house’ iOS apps.
The development kit will be powered by SAP’s HANA platform. The relationship shows the importance of tailoring applications to mobile technologies, as the mobile environment has matured and grown in importance over the past few years. This has to be seen as the start of a new era of collaboration between mobile vendors and enterprise software publishers. Mobile devices are becoming more powerful – with the likes of Samsung announcing a new 256-gigabyte chip for their mobile devices – so the software installed on mobile devices has the potential to be even more sophisticated and powerful.
THE IMPACT OF THE LICENSING TSUNAMI
As sure as the sun will rise again, more software vendors will shift their licensing model and requirements to capture any economic rent they have been earning from the PC/Laptop and Server environment from mobility and cloud usage. It is already underway as we described earlier. As an IT leader, managing this more complex approach to software licensing and access, including the legions of mobile devices now connected to the enterprise will likely require a more sophisticated next-generation of Software Asset Management tools.
Various models will likely be deployed by differing vendors to begin the mobile software licensing of the enterprise. While we see a small ripple in the water today from the first few companies introducing licensing mechanisms, the chances are high that a tsunami of licensing requirements and models are not too far behind.
The future is mobile - you need to make sure you have the right processes, policies and technologies in place in order to manage new license types and the new IT landscape.
To learn more about an integrated 4th Generation approach to Software Asset Management – from mobile to desktop, datacenter to cloud – speak to a Snow SAM professional today.