Team SCM has chosen to
implement SAP WMS into Heinz Corporation’s supply chain because the ROI is very
promising. When buying or leasing SAP solutions there are risks that Heinz will
run into. The team struggled with the decision to lease or buy SAP WMS because
there were risks and benefits associated with both actions. The following risks
for leasing and buying were considered in Heinz Corporation’s decision to
implement SAP:
5.1 Leasing risks
- Contract obligations
- Pay more in the long run
- Payments must continue under contract; even if the
system isn’t being used anymore.
- Upgrades to equipment from outside vendors.
If Heinz were to buy SAP solutions, they have all owner rights and
are responsible for the use of equipment and fixing the equipment. It will be
Heinz Corporation’s responsibility to perform upgrades and master flexibility
through system customization, which is a staggering benefit of buying a
software system (Cal Business Solutions, 2012).
5.2 Buying risks
·
Depreciation of SAP software and hardware
·
Incompatibility between different applications
·
Long term reliance on vendor support
·
Specific hardware or software requirements
5.3 Security risk.
Security breaches and
attacks have been affecting companies in all different industries.
Manufacturing companies are increasingly relying on automation software, such
as SAP HANA, to manage supply chains. The leaders of Heinz Corporation need to
be aware of these security risks when deciding to implement SAP HANA. Most
attacks on supply chain companies focus on bringing down intellectual property
(IP). Computer Weekly reported one in five manufacturing firms had a loss
of IP due to a cyber-attack in 2013 (Ashford, 2014). Intellectual Property (IP)
includes any data that gives a company competitive advantage, such as, product
launches, trade secrets, contact lists, marketing strategies, sales strategies,
computer code and business plans (Ashford, 2014). The most common causes of IP
theft include (Ashford,
2014):
- Malware
- Software vulnerabilities
- Network intrusion
- Mobile device data leaks can directly affect the
employees and customers within Heinz.
- Targeted attack
Intellectual property theft can affect customers, employees,
vendors and the future success of the company. Since the IP data is directly
associated with competitive advantage, I believe the biggest stakeholders at
risk are the vendors (i.e. Heinz) and the Heinz employees. If competitive
advantage is gone numerous detrimental events will begin to occur
chronologically, such as loss of profit, shrinkage of variable costs,
downsizing of staff, bankruptcy, etc. It is imperative that Heinz
assesses the security of SAP HANA software before and during implementation.
There are some potential software vulnerabilities to Heinz’s warehouse
implementing SAP systems. Heinz Corporation needs to be aware of the risks to
prevent specific situations from happening in the future. The next chart shows
the most common attacks by type in SAP software:
Image 6 (Polyakov,
A., Tyurin, A., & Eyolov, E. 2014)
· Cross-site Scripting (XSS) is a class of security vulnerabilities that can occur in Web applications. It summarizes all vulnerabilities that allow an attacker to inject HTML Markup or JavaScript into the affected Web applications front-end client.
· Missing authorization check
· Directory Traversal: An intruder manipulates a URL, so that the Web server executes or reeals the contents of a file.
· Code injection takes place when inserting new database commands into the vulnerable code or appending an SQL server to EXECUTE command of malicious code.
· Unauthentication Bypass: this attack consist of a remote attacker bypassing authentication and re-configure SAP routers.
· Hard-code Credentials: An attacker can hack a password or cryptographic key, which is used for its own inbound authentication and outbound communication to external components.
· Remote Code Execution: the ability an attacker has to access someone else's computing device and makes changes.
· Verb Tampering: is an attack that exploits vulnerabilities in HTTP verb authentication and access control mechanisms.
·
Behavioral Factors: The employees are an
underestimated factor and a large risk faced by an organization.
Team SCM has determined the biggest security risks for
Heinz Corporation, include missing authorization check and behavioral factors.
Supply Chain Management is heavily dependent on employees. Missing
authorization and behavioral factors are two security errors that involve
discrepancies committed by employees, so it is imperative that there is
extensive training to eliminate these risks.
Technology is changing every minute, which makes it hard to
be aware of every possible security risk that SAP brings to Heinz Corporation.
Heinz Corporation’s warehouse needs to have a flexible security plan to avoid
and mitigate possible risks from occurring.
4.4 Privacy risk
The largest privacy risk that SAP brings to Heinz
Corporation is information disclosure. Information disclosure reveals
data from the SAP system running in the firm. This
Information disclosure privacy risk creates a dangerous situation. SAP manages
large amounts of data and information disclosure can affect any piece of that
data. Like security risk, the most common risk comes from employees
disclosing information about customers or business models. An Employee’s
information is also at risk for being disclosed as a privacy risk. Another
issue is that affects privacy is if there is holes in the software, which is
used from external bodies to retrieve information about customers. SAP
provides security software to avoid privacy issues in the future for Heinz
Warehouse. Ultimately, Heinz’s Warehouse needs to
train employees on privacy risk and identify the quality of security service
that SAP offers to its customers.
No comments:
Post a Comment