tag:blogger.com,1999:blog-129857922559830319.post9016581692258948052..comments2024-02-28T20:53:34.228-08:00Comments on SAP: loathe it or ignore it, you can't like it: Security - we don't need no steenkin' securityUnknownnoreply@blogger.comBlogger3125tag:blogger.com,1999:blog-129857922559830319.post-46270011867286637992009-02-17T09:50:00.000-08:002009-02-17T09:50:00.000-08:00As the security man in my company this story makes...As the security man in my company this story makes me feel like you, but a bit luckier. <BR/><BR/>We achieved to not allow user's managment to anyone except a two of our own IT admin staff. <BR/><BR/>No VPN access except an emergency or implementation follow-up short term.<BR/><BR/>During the project (13 months, full company migration to SAP) we knew different consultants, with very different level of security approach, from total ignorance of what security is to knowing enough and feeling comfortable with our company's policy and restrictions. <BR/><BR/>A professional consultant understand and adapt himself to the restricted permissions enviroment. Others, noviece or not professionals, blames security restrictions because their own lack of experience into those ordered enviroments.<BR/><BR/>It is clear that the shortage of enough good consultants offers possibilities to many no professional consultants.- Raúl -https://www.blogger.com/profile/10264074768574532715noreply@blogger.comtag:blogger.com,1999:blog-129857922559830319.post-71684998795396602212009-02-09T11:33:00.000-08:002009-02-09T11:33:00.000-08:00PM Hut, The project is pretty much what was agreed...PM Hut, The project is pretty much what was agreed at the beginning (although see a new post I'll be doing for more on that) None of what we asked for was "new". I do know about scope creep tho' and I have seen what it can do from both sides, so I understand your question.<BR/><BR/>As for security, well I am not accredited, but I try to work to ITIL standards. I don't think they would be classified as very high - I've never worked for the DoD.Sapmesidwayshttps://www.blogger.com/profile/17781470095925090298noreply@blogger.comtag:blogger.com,1999:blog-129857922559830319.post-46492586515538617022009-02-07T09:43:00.000-08:002009-02-07T09:43:00.000-08:00When I read such posts I always wonder what's the ...When I read such posts I always wonder what's the point of view on the other hand.<BR/><BR/>Your security standards are high, maybe too high for some companies to deal with you.<BR/><BR/>Now about the number of days this project is taking, did the project deviate from its original plan and/or have you asked for features/changes that weren't in the initial scope (this can obviously lead to <A HREF="http://www.pmhut.com/?s=%22Scope+Creep+Part%22" REL="nofollow">scope creep</A>, which I've published a 9 article series about).PM Huthttps://www.blogger.com/profile/12498639399469490970noreply@blogger.com