Indirect Access (or Usage) can be a costly affair, but what is it and what can be done?
With SAP recently winning a court case against its customer Diageo over £54 million in unpaid fees for Indirect Access of SAP systems by third-party applications, organisations need to take a closer look at how their systems interact with SAP. So, what do you need to know about it and what can be done to prevent it becoming a pricey problem?
What is Indirect Access?
Until now, SAP licensing has been focused on the direct usage in an organisation’s SAP environment. This means an individual user accessing SAP data directly through the SAP interface. But Indirect Access (commonly known as Indirect Usage) is when a SAP system is queried or access via a third-party application.
However, the associated licensing fees can change from customer to customer, depending on the contract and terms and conditions agreed at the point of purchase. The need for any additional licenses depend on if the environment is accessed by a user and whether data is changed or controlled inside SAP. There is a lot of bewilderment over this.
What organisations are in danger from Indirect Access?
Any organisation that has set up indirect access to a SAP environment is at risk of action by SAP in theory. Particularly those in the consumer packaged goods industry or any other organisation that has complex supply chains and partner networks. These typically feature greater amounts of indirect usage and hence are more likely to be targeted
What are common Indirect Access scenarios?
The financial implications of Indirect Usage are particularly high in such situations as a web-based storefront where a browser is used to track the movement of goods updated in SAP in real time.
Mobile devices, and even devices such as Amazon Echo or Google Home can be used to automate the updating of data into SAP. These devices can track the movement of goods and can be used by sales reps to place orders for customers.
Third party CRM and SRM applications which access SAP to provide information to users can be a form of indirect usage. For example, suppliers may use such applications to check stock levels and automatically send shipments to replenish these.
Can anything be done about Indirect Access?
The ruling means that SAP customers need to be extra cautious with Indirect Access. This is especially true when you consider in-house applications or applications SAP perceives to being running on another system, such as Salesforce. The fine levied on Diageo was in part due to applications running on mobile devices which served as a user interface, so organisations should also be aware of this too.
A lesson to be learned from this is to start a conversation with SAP and get an agreement with it over the principles used to determine liabilities for Indirect Usage. Taking the initiative could work to one’s advantage.
Will the situation get worse in the future?
Organisations will be extra aware of the issues of Indirect Usage / Access from now on. With greater adoption of the cloud, the situation is very likely to get worse as many apps move to the cloud and require their base data from SAP indirectly. Organisations will need to find extra budget to cover this.
SAP contracts are likely to come under much more financial and legal scrutiny as customers move to defend themselves from legal action in the future for usage that seems harmless at present.
Can Software Asset Management (SAM) help?
Software asset management processes and solutions can help in identifying communications between an SAP environment and third-party systems. This will highlight which users are querying SAP indirectly and what third party systems are being used for that indirect access. By doing this, your organisation can cut down its financial exposure to SAP Indirect Usage.
Concerned about your business exposure when it comes to SAP licensing? Register for our free webinar: 4 Steps to Reduce SAP Indirect Access Risk