Category: Technical Corner

Please note: The screens and functionality previewed here might be subject to change. http://bit.ly/2ylzZoh #SAP #SAPCloud #AI

Recently I was asked to participate in a podcast regarding recruiting technology and how small businesses can filter through the clutter of information and solutions out there. Feel free to listen to the whole podcast series as well as topics on effectively evaluating candidates, challenges of SMB recruiting, and building talent pipelines.

It is my belief that regardless of company size there is a commonality of issues recruiters face, it is just a matter of the intensity of those issues that varies based on size, industry, location, etc. There is one thing that needs to ring true across all business sizes, and even more so for smaller businesses – pragmatism.

I am a firm believer of looking at what you are trying to do and boiling it down to doing a few things really well before you start thinking beyond those core things. For example, a great starting point is to ask yourself one basic question: Do I have too few or too many applicants?

By answering this question you can begin your quest to finding the right technology.

You can answer this question, regardless of your size, by first looking at where you are sourcing. If you are limiting yourself to Craigslist, your social channels and maybe Indeed, you are not reaching enough candidates, and hence your low applicant flow. What is your SEO strategy for your jobs? What other ways can you post simply and effectively? If you have too many candidates, look at more niche, specialized job boards rather than the big guys. Focus on how you word your job descriptions to zero in on target candidates. And finally, spend a bit of time looking at where you have found quality candidates in the past and try to mirror those successes.

There is a lot more that we covered in the podcast, but hopefully this is a teaser to get you thinking about what matters to your business.

Get more information on choosing the right recruiting technology. http://bit.ly/2gHwZbq #SAP #SAPCloud #AI

SAP Cloud Platform is an essential ingredient of SAP’s digital strategy. It is the platform for our customers’ and partners’ transformation journey towards digital business models and thus is of utmost importance for SAP.

And so is security in SAP Cloud Platform!

New Year’s Eve 2011.

11:59 PM.

Robin Seggelmann, a Germany-based developer, didn’t know at that point that he
was about to become famous a few years later in 2014. At least in some sense…

It was the moment when Seggelmann submitted coding in OpenSSL which,
by mistake, introduced a vulnerability that has later been described as a
“catastrophic” flaw in “Transport Layer Security” (TLS).

OpenSSL is an Open Source project.

“But, hey, isn’t Open Source software more secure per se? The more people review the code, the more secure it will be!”

“It’s unfortunate that it’s used by millions of people, but only very few actually contribute to it,” Seggelmann said in an interview.

Small funding, missing resources. And a bug which went unnoticed for more than two years. A bug which led to “Heartbleed”, impacting business users and private users on the Internet around the globe…

That’s why we at SAP go far beyond merely consuming Open Source Software.

Within our SAP Cloud Platform, we know the benefits of using Open Source very well as we rely significantly on Cloud Foundry. This strategic approach allows developers out there to create new and innovative Cloud Foundry-based applications that run on SAP Cloud Platform. With SAP’s engagement in the Cloud Foundry open source project, the ecosystem, and community around it, it was clear that we also actively contribute to the security of Cloud Foundry.

We do this in different ways:

* Reuse knowledge: Increase the level of security of the components in use
* Share Knowledge: Contribute back into the Open Source community

As the “Heartbleed” example showed: Open Source components can contain vulnerabilities just like any other piece of software could. Reuse knowledge aims on minimizing that risk. At SAP, we follow a professional tool-supported approach for this. It comprises а vulnerability assessment tool and notification service which provides the list of publicly known security vulnerabilities. It is complemented by a program analysis tool that helps developers identify, assess, and mitigate vulnerabilities in the open-source dependencies of Java applications.

With all the expertise we have in-house, contributing back into the Open Source community is another key pillar of increasing the overall security level of Cloud Foundry. Share knowledge bundles a variety of activities in that sense, based on the experience that the team developing on Cloud Foundry gathered. They are the ones who enhanced the central Cloud Foundry identity management service UAA – User Account and Authentication – for enterprise readiness. Their contribution consists of

* contributing code changes for strategic parts, e.g. additional authentication flows, performance improvements, and fixes to security vulnerabilities
* reporting identified vulnerabilities & threats and
* publishing threat models together with the community.

There is one more aspect of Open Source usage with Cloud Foundry for SAP, though. It allows us to Differentiate, as we develop enterprise-grade security features within UAA which remain SAP’s assets. Moreover, we work on implementing a next level of security with self-defending applications. During run-time, the system is able to identify pieces of information which are fed as input and can be compared to accepted structures – dynamic information flow tracking. For this purpose we implement parsers that refuse code execution once they encounter unexpected code tokens.

In a nutshell, we see the combination of enterprise software and Open Source as a brilliant opportunity. Or, as Bernd Leukert, member of the SAP Executive Board responsible for Products & Innovation, put it: “I … see big potential in combining the good of both worlds as well as overcoming the challenges both worlds are facing. Open Source does not equal free software; it is rather focused on community building and participation in communities by contributions.”

“Gems in Cloud Platform Security” is a new series of blogs. It takes you on a tour to discover how security is seamlessly woven into the success of SAP Cloud Platform.

More information:

Bernd Leukert’s blog “Open Source – Not a one-way street”

Press release on SAP and Cloud Foundry (2014)

Read other blogs in the “Gems in SAP Cloud Platform Security” series:

Gems in SAP Cloud Platform Security – “FIPS – Encryption is Key”

Gems in SAP Cloud Platform Security – “How to seamlessly integrate with Microsoft and Google”

  http://bit.ly/2gGmoxr #SAP #SAPCloud #AI