Overview

Digitize with security: How to save business processes

Since the late 1970s, companies have been striving to digitize their business processes – to map and process the individual events and tasks within a process using IT systems. SAP has played a key role in shaping this development in Europe with its ERP systems – starting with SAP R/2. After a good two decades in which this type of digitization developed at a rather slow pace, the topic has gained considerable momentum since the mid-2000s. One important reason for this is that fast and inexpensive internet has been available since then. Against this backdrop, numerous intelligent devices have also been developed that can be networked with each other. Together, these two factors have created completely new opportunities to digitize processes.
opportunities that companies are happy to take advantage of. This is because digitalized processes are also always processes that can be automated: Effort and costs are reduced, the number of errors decreases and process quality increases. This is not only noticeable for companies internally. Customers also benefit from digitalization in many cases – for example, because they can order new running shoes at 10 p.m. on a Saturday evening and are then continuously informed about the status of the shipment.

Safeguarding in three dimensions

When everything is running smoothly, digital processes are a huge benefit for everyone. However, to ensure that everything always runs smoothly, companies should secure their processes. And this has various dimensions:

1. it must be ensured that a process really runs from the initial event to the final event – for example, from clicking on the order button to receiving the parcel at the front door. This is particularly challenging because different internal and external IT systems are usually involved. And it is precisely at the transitions from one system to another that data may not be transferred at all, not completely or not correctly.

2. it must be ensured that the data is protected against misuse throughout the entire process. In other words, it must not be possible for unauthorized parties to modify, copy or delete it. Confidential handling of the data must also be guaranteed.

3. it must be ensured that the data is processed efficiently and that the processes run at the desired speed. For example, if a customer has to wait half a minute after clicking the order button to receive a response, this can lead to numerous spontaneous abandonments.

Create security: set up, monitor, optimize

To ensure security in all three dimensions, we propose establishing a cycle consisting of the three phases “setup”, “monitoring” and “optimization”.

Structure

For the digitalization of business processes, it is necessary at the very beginning to know the processes with all their sub-processes and tasks in detail. Business process management (BPM) helps with this. Once the processes have been identified, described and, ideally, graphically represented, they can be linked to the IT solutions. A graphic illustration is also helpful here. This makes it clear which solutions perform which tasks and how the solutions interact. It also shows where data is transferred and where there are risks to the integrity of the data. This has two consequences for the structure: Firstly, the interfaces must be looked at very closely and programmed carefully. Secondly, protective measures must be defined and implemented for all identified risks when handling the data. This ranges from setting up firewalls against external threats to assigning access rights for your own employees.

Monitoring

Once a business process has been established, it must be continuously monitored. Applications that register the progress of each individual process in real time based on defined events are suitable for this – for example, SAP Solution Manager. Particularly prominent events are incidents reported by the respective systems or users, which should then be rectified as quickly as possible. But there are also much finer details. All transactions that are executed by one or more systems can also be understood as events. The monitoring application can monitor these transactions and then handle them in two ways. Firstly, if predefined values are exceeded or not reached, an alert can be triggered. And secondly, commercial and technological key figures can be created from the recorded data.

Optimization

The results of the monitoring – in particular the KPIs generated – should be used at regular intervals to optimize the business processes and the infrastructure that maps them. An example: KPIs indicate that an above-average number of orders are canceled by customers. There can be several reasons for this. For example, the ordering process itself could be too complex, causing the prospective customer to lose interest. In this case, it would be necessary to check how the process can be simplified. However, it is also possible that the response time of the online store to the customer’s request is extremely slow, which would be recognizable by a corresponding key figure. The reason for this could be that the customer’s internet connection is poor. This can also be determined through monitoring. If this is the case for many customers, a leaner webshop should be considered. However, it is also possible that the webshop itself is overloaded due to the volume of requests and is therefore slow to respond. In this case, appropriate hardware would have to be retrofitted. And finally, it could be due to delayed communication between the web store and the connected ERP system. The knowledge gained should then be used to adapt the business process and IT. The cycle starts all over again.
In practice, it is advisable to first introduce this cycle for a single business process that is rather simple and not particularly business-critical. It is true that the potential in these cases is usually manageable. However, if mistakes are made, they do not have a direct negative impact. The experience gained in this way can then be used to digitize other, sometimes very complex, end-to-end processes and to ensure excellent security right from the start.