Five Ignored Practices That Can Disarm Your Cybersecurity Time Bomb

Paul Kurchina

Year after year, data breaches become messier, bigger, and more dangerous – and no business or person is immune from cybersecurity attacks. In fact, any form of cyber crime can impact over half of the world’s population. That’s roughly 3.8 billion people, up from 2 billion in 2015 – and that attack population will grow to 75% as another 2.2 billion people gain access to the Internet by 2022.

Considering the risk, consumers are always shocked to hear that the companies they love exposed their information by missing much-needed patches, ignoring back-door vulnerabilities in their IT architecture, and choosing weak passwords. Furthermore, a good portion of these incidents are preventable. For example, delaying one patch update by as little as six weeks could lead to data theft that impacts hundreds of millions of people in a matter of minutes.

“News headlines warn companies of all sizes that they are putting themselves at risk literally every day,” observed Virtual Forge CEO Markus Schumacher during the Webcast “Achieving Baseline Security Within the SAP Environment,” hosted by Americas’ SAP Users’ Group (ASUG). “If executives fail to implement good controls and ensure that safeguards are in place and effectively used, they are not doing their jobs.”

Tick, tick, tick: It’s time to take control of cybersecurity

Businesses often overlook system configuration, custom code, and transports even though most CEOs are aware of the guidelines to keep their systems secure. Unfortunately, failure in any of these areas introduces security risks

To address these preventable cybersecurity risks, executives should reconsider five fundamental practices for maintaining the security integrity of IT landscapes.

1. Governance, risk, compliance (GRC) of authorizations

Functional and technical users need to be managed in a manner that ensures proper and secure access to the right information, when and where they need it. GRC considerations include restriction of standard users and profiles, segregation of duties, remote function call (RFC) interfaces, user provisioning and decommissioning, data encryption, and the secure use of cryptography. Businesses can also address their password policies by implementing best practices and single sign-on capabilities.

2. Setup security

The organization and maintenance of the IT landscape – as routine as it may sound – can significantly impact the security of your systems, data, and brand reputation. In this case, the IT organization should prioritize the installation of all security patches, monitor security settings continuously on all systems, secure RFC and all other interfaces, and implement end-to-end encryption.

3. Security of custom code

Since companies are unique in how they operate, serve customers, and approach the industry, every IT landscape will always have one or more applications with custom code. The rule for ensuring a secure software development lifecycle is to scan all custom and third-party code early and often. After identifying an exposure, the IT department should perform risk-based assessments and resolutions immediately.

4. Infrastructure security

When hacking a system, most cybercriminals attack the operational system (OS) and database (DB) first because they are the easiest to infiltrate. For this reason, it is important to patch and update the OS and the DB without undue delay and enforce practices around strong passwords for this layer. Additionally, profile parameters should be continuously monitored and controlled, as well as routers, Web dispatchers, gateways, and Java systems.

5. Change management

During development, testing, and production, companies must securely transport code without the risk of intrusion and corruption. Whether received from an internal or external source, all transported content should be inspected before the next stage in the release process. Otherwise, preventable risks may be introduced to the target system. Additionally, it is critical to remain vigilant by encrypting communication and controlling transport paths to meet business needs.

Attention to the fundamentals of IT integrity defuses preventable exposure

The vulnerability of systems to cyberattacks is nothing more than a ticking time bomb. Missing any aspect of cybersecurity puts everyone at risk. For the good of the business, their employees, their customers, and the economy, executives need to rethink their cybersecurity strategies now to protect the company from preventable breaches and the consequences that will follow an attack.

For more insights into securing your SAP software investments and strategy, watch the replay of the Americas’ SAP Users’ Group (ASUG) Webcast “Achieving Baseline Security Within the SAP Environment,” featuring Virtual Forge CEO Markus Schumacher.


Paul Kurchina

About Paul Kurchina

Paul Kurchina is a community builder and evangelist with the Americas’ SAP Users Group (ASUG), responsible for developing a change management program for ASUG members.

Digital Transformation Drives Convergence Of Platforms And Standards

Stefan Guertzgen

In mid-February, I attended the ARC Forum in Orlando, Fla. There was a strong emphasis on digital transformation as well as platforms and standards supporting it.

Within the digital transformation, a variety of platforms are emerging, such as Infrastructure-as-a-Service, IoT edge, cognitive computing, and cloud application platforms. This makes it even more important to integrate these platforms and establish a semantic layer across them to ensure they can be orchestrated towards company strategies and business goals.

To help companies in today’s world digitally transform their business, here are some trends and observations:

  • IT, operations, and engineering departments need to ensure interoperability between and across their domains. Historically, these three entities have all operated in their own silos under different standards set by different organizations with different goals.
  • More and more associations and companies are starting to collaborate and converge on open standards that support end-to-end processes, cycles, and value chains. For example, Namur Open Architecture, ZVEI Modul Type Package, and the Open Process Automation Group have a memorandum of understanding in the works to promote common standards and frameworks. Besides integration and simplification, avoidance of vendor lock-in is another key driver behind this.
  • Cloud platforms are starting to gravitate around functional needs with an underlying common IT technology (enterprise system of record platform, enterprise innovation platform, intelligent supply chain platform, operations and maintenance platform, asset network platform, product design platform, and so on).
  • Seamless, bidirectional data and information flow, supported by rules and workflow engines, are indispensable ingredients for turning data and analytics into action. This goal will be supported by an “intelligent and agile core” enhanced by a peripheral layer of microservices that can be easily consumed via APIs (IT landscape of the future).
  • The importance of the “intelligent edge” is increasing. Initially focusing primarily on reducing-data security risks, now operational issues such as analyzing and controlling devices, improving process speed, and reducing latency issues will prompt end users to get a much broader perspective on edge computing. Overall, this is driven by the ongoing need to maximize asset maintenance and production performance. Innovative models are now run on the edge, leveraging inexpensive cloud space for optimization.
  • People and processes are as important as technology for the adoption of digital transformation. In other words, machine learning, IoT, and blockchain don’t excel by themselves. They need to be embedded into industry and business contexts as well as processes. From a hiring perspective, the data engineer is an emerging species, as special skills are needed around data mining, data analysis, data orchestration, and data governance. Such data engineers need to be paired with business and process-domain experts to ensure innovative technologies unfold their true potential.
  • Change management is more important than ever before. Consistent and clear top-to-bottom communication and measuring transformation program progress by a common set of clearly defined KPIs are pivotal to successfully building relationships and trust across all enterprise entities.

What do you think? Please share your thoughts and observations with us.

For more insight on emerging tech, see Future Of Work 2018: 10 Predictions You Can’t Ignore.


Stefan Guertzgen

About Stefan Guertzgen

Dr. Stefan Guertzgen is the Global Director of Industry Solution Marketing for Chemicals at SAP. He is responsible for driving Industry Thought Leadership, Positioning & Messaging and strategic Portfolio Decisions for Chemicals.

The Importance Of Cybersecurity In Modern E-Commerce

Jake Anderson

Author: Meghan Sheerin

The importance of cybersecurity in modern e-commerce cannot be overstated, especially when a company like Equifax finds itself on the business end of hackers’ intentions. Personal information for some 145.5 million people was exposed due to a simple security oversight. We’re talking birth dates, addresses, driver’s license numbers, 209,000 credit card numbers, and, worst of all, Social Security numbers. This last category means just under 50 percent of the U.S. population may have had their crucial secret identifier exposed.

How are we supposed to trust anything online after that?

Trust is a must

Meanwhile, an aura of trustworthiness is one of the key factors customers look for when they access an e-commerce venue for the first time. To this end, there are several steps you can take to telegraph the security of your site to customers.

For instance, installing an SSL certificate will tell visitors their transactions are encrypted and less likely to be visible while in transit between their device and your servers. The green padlock in the address bar and the accompanying lock-sign tells users they can feel more secure about the private information they share on your website.

Securing your site

One of the most important things you can do to protect your e-commerce platform is to ingrain within your employees a sense of urgency surrounding security. In far too many cases, careless employees have introduced spyware or malware to an organization’s network. Opening suspicious emails and clicking links within them is the most common method of infection. The other area in which your employees need to be trained is maintaining robust passwords.

The best ones are made up of six or more characters using a mix of letters, numbers, and unique symbols. Further, whenever new applications or peripherals are introduced to your network, the manufacturer’s default passwords should be changed immediately. Another key measure is implementing software updates as soon as they become available. Regularly probing your system for weaknesses and shoring them up whenever they are found should be a standard operating procedure as well.

Hosting matters too

Your site is only as secure as the server on which it resides. When you’re just starting out, you might be tempted to save some cash by residing your site on a shared server. However, in that instance, your site is only as secure as the least secure site on the server. It’s like being hospitalized in a quarantined ward in the hospital when you’re there for only a minor procedure. If the germ is in the room, it’s probably going to find its way into your body. A private server is always your best option. If you can’t afford a private server, your next best choice is a virtual private server.

Hackers are lazy-ish

Hackers tend to go after low-hanging fruit, so if your e-commerce site is secured with the latest encryption and protected by a robust system of near impossible-to-crack passwords, it will likely send most cybercriminals looking for easier pickings. In other words, the more effort you put into securing your site, the less likely it is to be targeted.

The importance of cybersecurity, one of the key arbiters of e-store success, in modern e-commerce must constantly be underscored. Bearing the above advice in mind as you establish your e-commerce business will benefit both you and the industry at large.

For more on data security, see From Job Loss To Jail Sentences, Data Protection And Privacy Is No Joke.


Jake Anderson

About Jake Anderson

Awestruck by Star trek as a kid, Jake Anderson has been relentless in his pursuit for covering the big technological innovations which will shape the future. A self-proclaimed gadget freak, he loves getting his hands on every piece of gadget he can afford. Contact Jake on Twitter @_ShoutatJake.

The Blockchain Solution

By Gil Perez, Tom Raftery, Hans Thalbauer, Dan Wellers, and Fawn Fitter

In 2013, several UK supermarket chains discovered that products they were selling as beef were actually made at least partly—and in some cases, entirely—from horsemeat. The resulting uproar led to a series of product recalls, prompted stricter food testing, and spurred the European food industry to take a closer look at how unlabeled or mislabeled ingredients were finding their way into the food chain.

By 2020, a scandal like this will be eminently preventable.

The separation between bovine and equine will become immutable with Internet of Things (IoT) sensors, which will track the provenance and identity of every animal from stall to store, adding the data to a blockchain that anyone can check but no one can alter.

Food processing companies will be able to use that blockchain to confirm and label the contents of their products accordingly—down to the specific farms and animals represented in every individual package. That level of detail may be too much information for shoppers, but they will at least be able to trust that their meatballs come from the appropriate species.

The Spine of Digitalization

Keeping food safer and more traceable is just the beginning, however. Improvements in the supply chain, which have been incremental for decades despite billions of dollars of technology investments, are about to go exponential. Emerging technologies are converging to transform the supply chain from tactical to strategic, from an easily replicable commodity to a new source of competitive differentiation.

You may already be thinking about how to take advantage of blockchain technology, which makes data and transactions immutable, transparent, and verifiable (see “What Is Blockchain and How Does It Work?”). That will be a powerful tool to boost supply chain speed and efficiency—always a worthy goal, but hardly a disruptive one.

However, if you think of blockchain as the spine of digitalization and technologies such as AI, the IoT, 3D printing, autonomous vehicles, and drones as the limbs, you have a powerful supply chain body that can leapfrog ahead of its competition.

What Is Blockchain and How Does It Work?

Here’s why blockchain technology is critical to transforming the supply chain.

Blockchain is essentially a sequential, distributed ledger of transactions that is constantly updated on a global network of computers. The ownership and history of a transaction is embedded in the blockchain at the transaction’s earliest stages and verified at every subsequent stage.

A blockchain network uses vast amounts of computing power to encrypt the ledger as it’s being written. This makes it possible for every computer in the network to verify the transactions safely and transparently. The more organizations that participate in the ledger, the more complex and secure the encryption becomes, making it increasingly tamperproof.

Why does blockchain matter for the supply chain?

  • It enables the safe exchange of value without a central verifying partner, which makes transactions faster and less expensive.
  • It dramatically simplifies recordkeeping by establishing a single, authoritative view of the truth across all parties.
  • It builds a secure, immutable history and chain of custody as different parties handle the items being shipped, and it updates the relevant documentation.
  • By doing these things, blockchain allows companies to create smart contracts based on programmable business logic, which can execute themselves autonomously and thereby save time and money by reducing friction and intermediaries.

Hints of the Future

In the mid-1990s, when the World Wide Web was in its infancy, we had no idea that the internet would become so large and pervasive, nor that we’d find a way to carry it all in our pockets on small slabs of glass.

But we could tell that it had vast potential.

Today, with the combination of emerging technologies that promise to turbocharge digital transformation, we’re just beginning to see how we might turn the supply chain into a source of competitive advantage (see “What’s the Magic Combination?”).

What’s the Magic Combination?

Those who focus on blockchain in isolation will miss out on a much bigger supply chain opportunity.

Many experts believe emerging technologies will work with blockchain to digitalize the supply chain and create new business models:

  • Blockchain will provide the foundation of automated trust for all parties in the supply chain.
  • The IoT will link objects—from tiny devices to large machines—and generate data about status, locations, and transactions that will be recorded on the blockchain.
  • 3D printing will extend the supply chain to the customer’s doorstep with hyperlocal manufacturing of parts and products with IoT sensors built into the items and/or their packaging. Every manufactured object will be smart, connected, and able to communicate so that it can be tracked and traced as needed.
  • Big Data management tools will process all the information streaming in around the clock from IoT sensors.
  • AI and machine learning will analyze this enormous amount of data to reveal patterns and enable true predictability in every area of the supply chain.

Combining these technologies with powerful analytics tools to predict trends will make lack of visibility into the supply chain a thing of the past. Organizations will be able to examine a single machine across its entire lifecycle and identify areas where they can improve performance and increase return on investment. They’ll be able to follow and monitor every component of a product, from design through delivery and service. They’ll be able to trigger and track automated actions between and among partners and customers to provide customized transactions in real time based on real data.

After decades of talk about markets of one, companies will finally have the power to create them—at scale and profitably.

Amazon, for example, is becoming as much a logistics company as a retailer. Its ordering and delivery systems are so streamlined that its customers can launch and complete a same-day transaction with a push of a single IP-enabled button or a word to its ever-attentive AI device, Alexa. And this level of experimentation and innovation is bubbling up across industries.

Consider manufacturing, where the IoT is transforming automation inside already highly automated factories. Machine-to-machine communication is enabling robots to set up, provision, and unload equipment quickly and accurately with minimal human intervention. Meanwhile, sensors across the factory floor are already capable of gathering such information as how often each machine needs maintenance or how much raw material to order given current production trends.

Once they harvest enough data, businesses will be able to feed it through machine learning algorithms to identify trends that forecast future outcomes. At that point, the supply chain will start to become both automated and predictive. We’ll begin to see business models that include proactively scheduling maintenance, replacing parts just before they’re likely to break, and automatically ordering materials and initiating customer shipments.

Italian train operator Trenitalia, for example, has put IoT sensors on its locomotives and passenger cars and is using analytics and in-memory computing to gauge the health of its trains in real time, according to an article in Computer Weekly. “It is now possible to affordably collect huge amounts of data from hundreds of sensors in a single train, analyse that data in real time and detect problems before they actually happen,” Trenitalia’s CIO Danilo Gismondi told Computer Weekly.

Blockchain allows all the critical steps of the supply chain to go electronic and become irrefutably verifiable by all the critical parties within minutes: the seller and buyer, banks, logistics carriers, and import and export officials.

The project, which is scheduled to be completed in 2018, will change Trenitalia’s business model, allowing it to schedule more trips and make each one more profitable. The railway company will be able to better plan parts inventories and determine which lines are consistently performing poorly and need upgrades. The new system will save €100 million a year, according to ARC Advisory Group.

New business models continue to evolve as 3D printers become more sophisticated and affordable, making it possible to move the end of the supply chain closer to the customer. Companies can design parts and products in materials ranging from carbon fiber to chocolate and then print those items in their warehouse, at a conveniently located third-party vendor, or even on the client’s premises.

In addition to minimizing their shipping expenses and reducing fulfillment time, companies will be able to offer more personalized or customized items affordably in small quantities. For example, clothing retailer Ministry of Supply recently installed a 3D printer at its Boston store that enables it to make an article of clothing to a customer’s specifications in under 90 minutes, according to an article in Forbes.

This kind of highly distributed manufacturing has potential across many industries. It could even create a market for secure manufacturing for highly regulated sectors, allowing a manufacturer to transmit encrypted templates to printers in tightly protected locations, for example.

Meanwhile, organizations are investigating ways of using blockchain technology to authenticate, track and trace, automate, and otherwise manage transactions and interactions, both internally and within their vendor and customer networks. The ability to collect data, record it on the blockchain for immediate verification, and make that trustworthy data available for any application delivers indisputable value in any business context. The supply chain will be no exception.

Blockchain Is the Change Driver

The supply chain is configured as we know it today because it’s impossible to create a contract that accounts for every possible contingency. Consider cross-border financial transfers, which are so complex and must meet so many regulations that they require a tremendous number of intermediaries to plug the gaps: lawyers, accountants, customer service reps, warehouse operators, bankers, and more. By reducing that complexity, blockchain technology makes intermediaries less necessary—a transformation that is revolutionary even when measured only in cost savings.

“If you’re selling 100 items a minute, 24 hours a day, reducing the cost of the supply chain by just $1 per item saves you more than $52.5 million a year,” notes Dirk Lonser, SAP go-to-market leader at DXC Technology, an IT services company. “By replacing manual processes and multiple peer-to-peer connections through fax or e-mail with a single medium where everyone can exchange verified information instantaneously, blockchain will boost profit margins exponentially without raising prices or even increasing individual productivity.”

But the potential for blockchain extends far beyond cost cutting and streamlining, says Irfan Khan, CEO of supply chain management consulting and systems integration firm Bristlecone, a Mahindra Group company. It will give companies ways to differentiate.

“Blockchain will let enterprises more accurately trace faulty parts or products from end users back to factories for recalls,” Khan says. “It will streamline supplier onboarding, contracting, and management by creating an integrated platform that the company’s entire network can access in real time. It will give vendors secure, transparent visibility into inventory 24×7. And at a time when counterfeiting is a real concern in multiple industries, it will make it easy for both retailers and customers to check product authenticity.”

Blockchain allows all the critical steps of the supply chain to go electronic and become irrefutably verifiable by all the critical parties within minutes: the seller and buyer, banks, logistics carriers, and import and export officials. Although the key parts of the process remain the same as in today’s analog supply chain, performing them electronically with blockchain technology shortens each stage from hours or days to seconds while eliminating reams of wasteful paperwork. With goods moving that quickly, companies have ample room for designing new business models around manufacturing, service, and delivery.

Challenges on the Path to Adoption

For all this to work, however, the data on the blockchain must be correct from the beginning. The pills, produce, or parts on the delivery truck need to be the same as the items listed on the manifest at the loading dock. Every use case assumes that the data is accurate—and that will only happen when everything that’s manufactured is smart, connected, and able to self-verify automatically with the help of machine learning tuned to detect errors and potential fraud.

Companies are already seeing the possibilities of applying this bundle of emerging technologies to the supply chain. IDC projects that by 2021, at least 25% of Forbes Global 2000 (G2000) companies will use blockchain services as a foundation for digital trust at scale; 30% of top global manufacturers and retailers will do so by 2020. IDC also predicts that by 2020, up to 10% of pilot and production blockchain-distributed ledgers will incorporate data from IoT sensors.

Despite IDC’s optimism, though, the biggest barrier to adoption is the early stage level of enterprise use cases, particularly around blockchain. Currently, the sole significant enterprise blockchain production system is the virtual currency Bitcoin, which has unfortunately been tainted by its associations with speculation, dubious financial transactions, and the so-called dark web.

The technology is still in a sufficiently early stage that there’s significant uncertainty about its ability to handle the massive amounts of data a global enterprise supply chain generates daily. Never mind that it’s completely unregulated, with no global standard. There’s also a critical global shortage of experts who can explain emerging technologies like blockchain, the IoT, and machine learning to nontechnology industries and educate organizations in how the technologies can improve their supply chain processes. Finally, there is concern about how blockchain’s complex algorithms gobble computing power—and electricity (see “Blockchain Blackouts”).

Blockchain Blackouts

Blockchain is a power glutton. Can technology mediate the issue?

A major concern today is the enormous carbon footprint of the networks creating and solving the algorithmic problems that keep blockchains secure. Although virtual currency enthusiasts claim the problem is overstated, Michael Reed, head of blockchain technology for Intel, has been widely quoted as saying that the energy demands of blockchains are a significant drain on the world’s electricity resources.

Indeed, Wired magazine has estimated that by July 2019, the Bitcoin network alone will require more energy than the entire United States currently uses and that by February 2020 it will use as much electricity as the entire world does today.

Still, computing power is becoming more energy efficient by the day and sticking with paperwork will become too slow, so experts—Intel’s Reed among them—consider this a solvable problem.

“We don’t know yet what the market will adopt. In a decade, it might be status quo or best practice, or it could be the next Betamax, a great technology for which there was no demand,” Lonser says. “Even highly regulated industries that need greater transparency in the entire supply chain are moving fairly slowly.”

Blockchain will require acceptance by a critical mass of companies, governments, and other organizations before it displaces paper documentation. It’s a chicken-and-egg issue: multiple companies need to adopt these technologies at the same time so they can build a blockchain to exchange information, yet getting multiple companies to do anything simultaneously is a challenge. Some early initiatives are already underway, though:

  • A London-based startup called Everledger is using blockchain and IoT technology to track the provenance, ownership, and lifecycles of valuable assets. The company began by tracking diamonds from mine to jewelry using roughly 200 different characteristics, with a goal of stopping both the demand for and the supply of “conflict diamonds”—diamonds mined in war zones and sold to finance insurgencies. It has since expanded to cover wine, artwork, and other high-value items to prevent fraud and verify authenticity.
  • In September 2017, SAP announced the creation of its SAP Leonardo Blockchain Co-Innovation program, a group of 27 enterprise customers interested in co-innovating around blockchain and creating business buy-in. The diverse group of participants includes management and technology services companies Capgemini and Deloitte, cosmetics company Natura Cosméticos S.A., and Moog Inc., a manufacturer of precision motion control systems.
  • Two of Europe’s largest shipping ports—Rotterdam and Antwerp—are working on blockchain projects to streamline interaction with port customers. The Antwerp terminal authority says eliminating paperwork could cut the costs of container transport by as much as 50%.
  • The Chinese online shopping behemoth Alibaba is experimenting with blockchain to verify the authenticity of food products and catch counterfeits before they endanger people’s health and lives.
  • Technology and transportation executives have teamed up to create the Blockchain in Transport Alliance (BiTA), a forum for developing blockchain standards and education for the freight industry.

It’s likely that the first blockchain-based enterprise supply chain use case will emerge in the next year among companies that see it as an opportunity to bolster their legal compliance and improve business processes. Once that happens, expect others to follow.

Customers Will Expect Change

It’s only a matter of time before the supply chain becomes a competitive driver. The question for today’s enterprises is how to prepare for the shift. Customers are going to expect constant, granular visibility into their transactions and faster, more customized service every step of the way. Organizations will need to be ready to meet those expectations.

If organizations have manual business processes that could never be automated before, now is the time to see if it’s possible. Organizations that have made initial investments in emerging technologies are looking at how their pilot projects are paying off and where they might extend to the supply chain. They are starting to think creatively about how to combine technologies to offer a product, service, or business model not possible before.

A manufacturer will load a self-driving truck with a 3D printer capable of creating a customer’s ordered item en route to delivering it. A vendor will capture the market for a socially responsible product by allowing its customers to track the product’s production and verify that none of its subcontractors use slave labor. And a supermarket chain will win over customers by persuading them that their choice of supermarket is also a choice between being certain of what’s in their food and simply hoping that what’s on the label matches what’s inside.

At that point, a smart supply chain won’t just be a competitive edge. It will become a competitive necessity. D!

About the Authors

Gil Perez is Senior Vice President, Internet of Things and Digital Supply Chain, at SAP.

Tom Raftery is Global Vice President, Futurist, and Internet of Things Evangelist, at SAP.

Hans Thalbauer is Senior Vice President, Internet of Things and Digital Supply Chain, at SAP.

Dan Wellers is Global Lead, Digital Futures, at SAP.

Fawn Fitter is a freelance writer specializing in business and technology.

Read more thought provoking articles in the latest issue of the Digitalist Magazine, Executive Quarterly.



Why Blockchain Is Crucial For FP&A: Part 1

Brian Kalish

Part 17 in the Dynamic Planning Series

In these times of almost continuous technological change, there is a natural tendency to be suspect of whatever is being heralded as the “flavor of the month” or the “next best bet.” In early 2017, I was graciously given the opportunity to speak on what I believed to be the technologies that were transforming finance and specifically, the FP&A function. The talk I ended up giving covered five areas:

  • Advanced analytics and forecasting
  • Robotic process automation
  • Cloud and Software-as-a-Service
  • Artificial intelligence
  • Blockchain

While all these topics deserve further investigation, for this article, I want to focus on blockchain. Part of the reason for diving deeper into blockchain is the lack of understanding of what it actually is and the great amount of time people in the finance function are currently spending talking about it. This has greatly changed in the past nine months.

Last March, while hosting an FP&A Roundtable in Boston, I ask a group of 25 senior FP&A professionals how familiar they were with the concept of blockchain. Out of this august group, there was only one participant who felt truly comfortable with the concept. I still get asked on a regular basis, all over the world, “Blockchain. What is it?”

Blockchain: What is it?

By allowing digital information to be distributed but not copied, blockchain technology has created the spine of a new type of Internet. Picture a spreadsheet that is duplicated thousands of times across a network of computers. Now imagine that this network is designed to regularly update this spreadsheet, and you have a basic understanding of blockchain.

Information held on a blockchain exists as a shared and continually reconciled database. This is a way of using the network that has obvious benefits. The blockchain database isn’t stored in any single location, meaning the records it keeps are truly transparent and easily verifiable. No centralized version of this information exists for someone to corrupt. Hosted by many computers simultaneously, its data is accessible to any authorized user.

Blockchain technology is like the Internet in that it has a built-in robustness. By storing blocks of information that are identical across its network, the blockchain 1) cannot be controlled by any single entity and 2) has no single point of failure. The Internet itself has proven to be durable for almost 30 years. It’s a track record that bodes well for blockchain technology as it continues to be developed.

A self-auditing ecosystem

The blockchain network lives in a state of consensus, one that automatically checks in with itself on a regular basis. A kind of self-auditing ecosystem of a digital value, the network reconciles every transaction that happens at regular intervals. Each group of these transactions is referred to as a “block.” Two important properties result from this:

Transparency. Data is embedded within the network as a whole, and by definition, is available to all authorized users.

Incorruptibility. Altering any unit of information on the blockchain would mean using a huge amount of computing power to override the entire network. In theory, it is possible; however, in practice, it’s unlikely to happen.

A decentralized technology

By design, the blockchain is a decentralized technology, so anything that happens on it is a function of the network as a whole. Some important implications stem from this. By creating a new way to verify transactions, aspects of traditional commerce may become unnecessary.

Today’s Internet has security problems that are familiar to everyone. However, by storing data across its network, the blockchain eliminates the risks that come with data held centrally. There are no centralized points of vulnerability that can be exploited. In addition, while we all currently rely on the “username/password” system to protect our identity and assets online, blockchain security methods use encryption technology.

I hope this little tutorial helps describe what blockchain is. In my next article, I’ll discuss the value of blockchain to the FP&A profession.

For more on this topic, read the two-part “Blockchain and the CFO” series and “When Blockchain Fulfills CFOs’ Paperless Vision.”

2018 will be a busy year with FP&A Roundtables in St. Louis, Charlotte, Atlanta, San Diego, Las Vegas, London, Boston, Minneapolis, DFW, San Francisco, Hong Kong, Jeddah, and many other locations around the world to support the global FP&A community.

Follow SAP Finance online: @SAPFinance (Twitter)  | LinkedIn | FacebookYouTube


Brian Kalish

About Brian Kalish

Brian Kalish is founder and principal at Kalish Consulting. As a public speaker and writer addressing many of the most topical issues facing treasury and FP&A professionals today, he is passionately committed to building and connecting the global FP&A community. He hosts FP&A Roundtable meetings in North America, Europe, Asia, and South America. Brian is former executive director of the global FP&A Practice at AFP. He has over 20 years experience in finance, FP&A, treasury, and investor relations. Before joining AFP, he held a number of treasury and finance positions with the FHLB, Washington Mutual/JP Morgan, NRUCFC, Fifth Third Bank, and Fannie Mae. Brian attended Georgia Tech in Atlanta, GA for his undergraduate studies and the Pamplin College of Business at Virginia Tech for his graduate work. In 2014, Brian was awarded the Global Certified Corporate FP&A Professional designation.