Lakshmi Hanspal, chief security officer at SAP Ariba, has been working in the high technology industry managing security management for more than 20 years.
The way Hanspal sees it, the SAP Ariba ecommerce platform sells trust, which has become the digital currency of confidence in the cloud. Managing worldwide teams that drive security, privacy and governance, Hanspal is focused on earning and maintaining trust across SAP Ariba solutions, partners, and the company’s business network.
I sat down with Hanspal at the recent SAP Ariba Live 2017 event where she talked about the company’s mission to build secure products, run secure and be secure.
What is the role of security in a networked world?
In a hyperconnected business environment, security threats are persistent, lucrative and non-discriminating. Technologies like IoT and connected communities are changing the nature of trust, and making security the business enabler by providing risk transparency. Decision-makers in every business must be aware of how much risk they are taking. When everything is connected, you must know and address your weakest link.
What are the top three things decision-makers absolutely have to get right about security now?
First, security must be business enabling and not about policing. To have a seat at the table and influence decisions you must enable the business. Second, security must provide risk transparency ─ how much risk is being taken to do business, and what measures will keep it at an acceptable level. Third, it’s important to understand that security risks are not siloed; everything is interconnected. We translate, influence and help manage security involving our partners and stakeholders within and outside the company.
The fear factor dominated the early days of cloud-based computing – what’s changed now?
Businesses are motivated and invested in understanding the value of cloud and its alignment to company objectives. Organizational leaders and their teams company-wide have a voracious appetite for innovation, increasing their tolerance for risk. They will take more educated, calculated risks than before. At the same time, cloud providers have stepped up to extend the boundaries of maintaining trust, providing data encryption, access transparency and role-based approvals with business semantics.
These changes are reflected in the amazing growth of SAP Ariba. B2B buyers and sellers from 2.7 million companies transacted over one trillion dollars of goods and services on the SAP Ariba ecommerce network last year. This makes our platform larger than eBay, Alibaba and Amazon combined. Already in Europe, North America, Russia and China, we’re expanding this year to the Middle East, bringing exciting opportunities to more businesses worldwide.
What are you hearing from SAP Ariba customers about their biggest security-related concerns?
Customers are more security savvy than ever, and not only in IT. More people in line-of-business such as finance and procurement are talking about security because they realize it’s their data and intellectual property that must be protected. Everyone wants transparency to the residual risks of coming to the cloud, based on their ecosystem and industry. They expect resiliency in managing direct and indirect spend across the supply chain while protecting their intellectual property.
How is SAP Ariba responding to customer concerns?
We’re engaged in the secure development life cycle, embedding security not only in our solutions, but also in the DNA of how we operate. We are cultivating security champions across the company including customer support, product development, and data teams. For solution security, we focus on privacy by design. This is about embedded, continuous threat intelligence monitoring that’s both reactive and predictive. Regarding specific measures, we encrypt and segregate our customer’s data for control, working cohesively for a more versatile approach to data protection. Data access across the life cycle covers provisioning, revoking and reviewing access. We manage transparency risk across six different categories of risk. It’s a continuous assessment process, looking at what we do or don’t do that moves the needle on risk.
What can the market expect around security from SAP Ariba in the future?
We take security and privacy very seriously. It’s integral to our success as a cloud company. Security in a networked world goes far beyond preventing attacks. For example, we’re looking at collaborative security management across the product life cycle using innovations like IoT. Suppose a component fails in an oil rig in the ocean. SAP HANA can predict that rate of failure. SAP Ariba comes in to source a replacement component long before disaster strikes. And SAP Fieldglass provides the labor to install the new part. IoT technoloy provides verification of the fix and the data connects back to SAP HANA with ongoing predictions that anticipate maintenance and prevent future failures. As a security team, we are committed to understanding where all of SAP is headed, and we’re collaborating across our portfolio to consistently meet and exceed customer expectations around security.
Follow me @smgaler
Top image via Shutterstock