Fact is: Many users want freedom of choice in terms of operating systems. And for good reason, because current studies In fact, according to research, employees are more productive when they can work on the devices that suit them best. So it's no wonder that companies are becoming more open and want to enable their staff to work with Macs as well. The problem: IT administrators sometimes simply don't (yet) have the Expertise regarding the management of Mac devices.

Macs conquer the corporate world

It is therefore not uncommon for individual employees to already be working with (private) Mac devices that are not, however, under the management of corporate IT. Often, these employees are then given full administrator rights to install required software themselves. But this not only means enormous effort for the employees, it is also fatal in terms of security. If IT is not involved, it can neither install regular software updates, nor does it have an overview of the device status - or even access to the system in the event of an emergency. All of this can open the door to hackers. If the administration is done manually, the workload for administrators increases with the number of Macs. At this point, at the latest, it becomes clear that in order to continue to hold the reins, IT must proactively offer colleagues different technologies, manage them from the outset, and develop a management strategy for macOS devices as well.

UEM: High productivity, low effort

It is obvious that the high and constantly growing number of end devices to be managed can no longer be handled manually. This is because employees often have several devices at the same time, such as computers, mobile devices, tablets or even rugged devices. This is where automated solutions come in, which allow the individual devices to be managed seamlessly across the board and remotely. For example, UEM systems (Unified Endpoint Management): Such platforms make it possible to connect all end devices with the different operating systems like Windows, Android and macOs, iOS or iPadOS to manage and secure against security vulnerabilities. Since the majority of companies already use a UEM system, a new solution is usually not even required.

Management of Macs with the UEM system

Mac devices can also be managed perfectly using UEM systems. This is because as of OS X 10.7, these devices come with an integrated MDM framework (Mobile Device Management Framework) that enables a connection between Mac and UEM system.

There are basically two different types of UEM systems for Mac management. On the one hand, there are the common UEM systems that allow the management of all operating systems - including Mac devices. The other is those that specialize exclusively in the management of Apple devices. While more general UEMs are well-suited for organizations that have a broader footprint and need to manage a wide variety of technologies, the latter provide early access to new Apple features, for example, and allow for the implementation of more specific scenarios.

In particular, however, it is these functions that a UEM system should (also) have for Mac management:

1. Automated and scheduled patch management: This ensures that all Mac computers in the corporate network are always updated with the latest software versions and security patches for macOS, and that the applications used are also up to date.
2. Modern management of old and new hardware: Modern management makes it possible both to integrate new hardware into the corporate network in compliance with guidelines and to register devices that are already in use by users.
3. Asset Management: This provides a stock and inventory overview of existing hardware and software and allows software licenses and warranty information to be managed.
4. Mac configurations: These are particularly helpful because they make it easier to complete repetitive administrative tasks - such as defining who gets which software package or access to resources and functions. For example, administrators can also define stricter security policies for individual teams or situations.
5. Remote access for macOS: Remote access simplifies IT support for employees who work on the move, such as in a home office.

All of this makes it possible to configure Macs so that users can start using them right away - securely, conveniently, and regardless of where they work.

The small difference

Although the basic structure of Mac and Windows systems is fundamentally different, managing the different devices is basically the same. Nevertheless, there are some tools from Apple itself that simplify device management by extending the functionality of the UEM system used. Especially the following ones should be known by administrators when dealing with Mac management:

• Apple Business Manager: Apple Business Manager is an easy-to-use, web-based portal for IT administrators that works with a third-party UEM solution and serves as an interface between UEM and the Mac machine. Part of the Apple Business Manager is the Apple Device Enrollment Program (DEP for short)which makes it possible to place devices under UEM management and roll them out to users without physical contact with IT. When new devices are turned on, predefined configurations are automatically made and required apps are installed. This simplifies the initial setup of Apple devices for IT, while users are quickly up and running. Also part of the Apple Business Manager is the Volume Purchase Program (VPP), which is used to purchase apps in bulk from the App Store for enterprise use - the easy way.
• Apple Global Service Exchange (GSX): The Apple Global Service Exchange (GSX) allows administrators to retrieve device details such as display model name, purchase date and warranty status directly from the UEM console.

Managed service

So there are many ways to successfully deploy Mac devices in the enterprise. But in view of the complexity involved in using different technologies within a company, it can make sense to enlist the help of external specialists. It is important that these specialists act as partners to customers and actively support them in their projects. Managed service providers, for example, have extensive expertise and can support companies in the introduction of Macs, the selection of the right system or the rollout of new functions - or take over these activities completely and thus relieve the IT department. In doing so, they are in close contact with the manufacturers and can, for example, place individual customer challenges in the right place. Especially for IT departments that have not yet dealt with administration with Apple devices, it is helpful to have someone on hand who has the necessary expertise required for smooth implementation of the system and also knows the usual hurdles. After all, if the initial configuration follows best practices, this will save a lot of time later on in ongoing processes.

Conclusion: Move with the times!

It's hard to argue with the fact that companies need to give their employees a say in technology. A suitable UEM system makes it easier for the IT department to avoid dangerous shadow IT, to keep track of all the devices and tools in the company and to ensure their security. This makes it extremely easy for IT administrators to keep up with the times and provide the workforce with the desired operating resources - without sacrificing the necessary security and ease of use. At the same time, the personal work tool of choice also improves employee loyalty to the company.

More information about device management

Apple's 34th Worldwide Developers Conference (WWDC) was held on June 5, 2023. In the English-language report "WWDC 2023 - new device management options for enterprises", interested parties will learn what changes, opportunities and challenges arise in device management for companies as a result of the new features presented, such as hardware. The report is available for free download here: https://ebf.com/resources/wwdc-2023-neue-management-optionen-und-funktionen-fur-unternehmen/

Author:
Surendiran Velauthapillai is an IT expert with 20 years of experience in the IT industry. As Head of IT Services at EBF-EDV Beratung Föllmer GmbH (ebf.com), he is responsible for the areas of internal IT, hosting, consulting and support and is at home in many technologies of the digital working world. 

A Swiss company was recently affected by a cyber attack. Specialists have since evaluated the infected computer. The analyzed information reveals a complex new attack tactic that combines credible phone and email communications to take control of corporate networks and siphon off data. The malware itself was delivered in an extremely unusual way: a caller convinced the attack target to open an email message that contained no text, but was designed as a graphic to resemble an Outlook email message. This triggered the download of a linked malicious Electron app.

"I would like to make a delivery to your location."

The caller told the employee he was a delivery driver with an urgent package for one of the company's locations, but no one was there to receive the package. He asked for a new delivery address at the employee's location. In order to redeliver the package, the employee would have to read him a code that the shipping company would send via email. While the caller was still talking to the employee on the phone, the employee received the announced email message. The e-mail message said that a PDF file attached to the message contained the required code.

This email, written in perfect French, triggered the subsequent chain of attacks. In fact, the entire message was a fake that only looked like an email with a PDF attachment. Both the "attachment" and the text message were actually just static images embedded in the message body. Guided by the scammer on the phone, the employee clicked on the image, which led to the download of the malware.

You knew: Man(n) speaks German

Although the email message was written in French, as mentioned, technical evidence suggests that the attackers already knew that the Swiss target might be German-speaking. Sophos analysts were also able to understand that the attackers may have personally targeted the call recipient and created an elaborate social engineering attack chain. This resulted in the cybercriminals briefly taking control of the employee's computer before he literally pulled the (Ethernet) plug from the compromised computer. The alert man sensed that something was wrong and disconnected the infected computer from the network. Unfortunately, however, not in time before the malicious payload was active.

"This attack was extremely targeted. There was only one person in the office that Friday, and the attackers probably knew that person's identity. The use of an image masquerading as an email is also something we haven't seen before. However, it is clever. Attaching an actual PDF often sets off alarms on systems because they are often used to spread malware, and emails containing PDFs often end up in spam filters," said Andrew Brandt, principal researcher at Sophos.

After infiltrating the network, the criminals used malware to search for a variety of information, including accounting software data, cookies, browsing history, as well as passwords and cryptocurrency wallets. To hide their data exfiltration, the attackers connected the system to Tor (the dark web). The employee who finally smelled a rat and pulled the plug prevented worse consequences for his company.

Skillfully "scammed" and it already goes on

"This type of highly sophisticated attack shows the lengths cybercriminals will go to circumvent defensive tools and gain people's trust. Phishing attacks are extremely effective, and we've seen attackers evolve their social engineering tactics with new technology. Although attackers are more likely to use email these days, that doesn't mean phone calls are outdated. We train employees a lot on email security, but we don't necessarily teach them how to handle unusual phone calls. In this case, the employee reacted quickly and had the presence of mind," Brandt said.

Following the attack on the Swiss company, Sophos X-Ops discovered another attack with the same approach against a company in Australia. Whatever group is behind these attacks is likely still active, and Sophos will monitor the situation.

Source and further information: Sophos

With practical tips and from unusual perspectives, the ConSense EXPO 2023 to the increasing demands on quality and compliance officers. In addition to suggestions for action and tools for efficient and flexible management systems, the focus will be on current AI trends and efficient QM methods. Special impulses will be provided by motivational trainer, entrepreneur and success author Dr. Stefan Frädrich in his keynote. He will humorously give tips on how to "Günter", our inner pig dogand trained to become a "quality partner. And Stefan Heinloth, entrepreneur, trainer and coach, shows how management can be integrated into an "Integrated Top Management System" in a targeted manner. With "What we WEIRD People can learn from hunters and gatherers," cultural and social anthropologist Khaled Hakami delivers a very inspiring contribution that provides lasting encouragement to look far beyond one's own horizons and routines.

The exhibition program and the possibility to register for the virtual expo are now available on www.consense-gmbh.de/expo available. Online registrations for the individual conferences are also already available at www.consense-gmbh.de/expo-konferenzen possible. Participation is free of charge.

AI and communication: What does the future hold for quality management?

Efficient work and successful communication remain the keys to quality management of the future. In "Inspire your management with well-planned management reviews" and "Processes are internal communication", ConSense management consultant Michael Weubel addresses this in particular. The "Acceptance check" for one's own QM system and tips for internal company "QM marketing" complete the toolbox for successful quality management.

With the panel discussion "AI power for your management system" and the QM workshop "Current opportunities and challenges for quality management", ConSense EXPO invites participants to actively exchange ideas among their professional colleagues. Perspectives, opinions and experience reports are welcome and can also be discussed in the digital networking area.

QMS and IMS: From setup to professional user

ConSense's virtual expo has numerous offerings in its program for both QM newcomers and long-time users: from "Introducing a Management System" to measures, workflow, training and qualification management to power user sessions and exclusive consulting hours.

The virtual booths will be open from 9 a.m. to 5 p.m. throughout the show, Tuesday, Sept. 26, through Friday, Sept. 29, and can still be visited the following week. Here, in addition to free downloads, live demos of ConSense software solutions will be offered.

Thinking outside the box: Quality thrives on inspiration

"Change and continuous improvement thrive on openness to new things and the courage to break new ground. That is why we have deliberately chosen formats and presentations for this ConSense EXPO that encourage a change of perspective, exchange and fresh ideas. These impulses, combined with many practical tips, accompanied by top-class and experienced speakers, make this QM event so special," explains Dr. Iris Bruns from the management of ConSense GmbH.

Mother-tongue childbirth preparation course, app-based early detection of cancer symptoms, electronic monitoring of adverse drug reactions, etc. - just a few examples. previous winning projects of Innovation Qualité show: Pioneering works that improve patient care exist in all specialties of the healthcare system. To publicize such quality projects and encourage their imitation and further development, the Swiss Academy for Quality in Medicine SAQM of the FMH awards its Quality Prize every two years. Tried and tested quality projects can be submitted for evaluation by independent experts until December 4.

Digital innovation, patient safety and physician quality initiatives.

In order to always reflect and promote current quality efforts, a new thematic focus is chosen for each issue of Innovation Qualité. In 2024, it will be dedicated to digital innovation and thus to quality projects that contribute to the well-being of patients with the help of new digital technologies. This first prize category is endowed with 15,000 Swiss francs. The same prize money is also awarded in the second prize category on the topic of "Patient safety and prevention of avoidable adverse events". And if a quality project worthy of an award fits neither the first nor the second prize category, those responsible should apply for the jury's special prize of 10,000 Swiss francs. This third prize category is reserved for physicians, while the other two categories are open to professionals from all healthcare professions and disciplines.

Broad support and awareness

31 organizations from across the healthcare sector support Innovation Qualité 2024. The winning projects will be presented to the media as well as in the Swiss Medical Journal and on the award website. In addition, the winners will be able to present their quality projects to an interested professional audience at the award ceremony. The Innovation Qualité will be awarded at the SAQM Symposium on May 24, 2024 in Bern.

Further information: www.innovationqualite.ch

In 2015, with the product launch of SAP S/4HANA, the successor product to Business Suite, SAP announced a solution with which customers can drive digital transformation with the simplicity of the cloud. Here, the "S" in the name stands for "Simple" and the "4" for the fourth product generation. "HANA" indicates that the solution runs entirely on the SAP HANA in-memory database. According to SAP, just 8 months after the official product launch, more than 30 customers were live with SAP S/4HANA and more than 417 active projects were communicated (Source: https://it-onlinemagazin.de/wp-content/uploads/2016/01/S4HANA_SAP_HANA_S4_Grundlagen_2016.pdfpage 3). Many customers who were using the Business Suite productively at the time did not really take the announcement seriously at the time, since according to the roadmap they still had a commitment from SAP to maintain and further develop their solution until the end of 2025.

Although SAP launched a series of campaigns in the years that followed, which promoted a timely migration to SAP S/4HANA, those responsible in many user companies did not initially decide to make the switch, or rather saw it in the distant future. We can only speculate about the reasons for these decisions. The cost/benefit aspect certainly played a significant role in the considerations.

Sluggish readiness to migrate

ERP implementation projects usually cost more than planned, take longer and do not achieve the expected results in the end. The strategy of initially deciding against a migration "of the first hour" is also perfectly understandable for factual reasons. Software products are never error-free, and this is especially true for complex applications such as ERP solutions. Companies that decide to use a standard application with a small number of productive users should therefore factor in a higher cost for support, both external and internal.

Another relevant aspect of deciding against an early SAP S/4HANA migration was certainly the lack of availability of implementation consultants with relevant practical experience. The established system houses and implementation partners had only a few SAP S/4HANA projects of their own at the time. The opportunity to deploy their consultants in corresponding projects was therefore limited. In addition, training implementation consultants in new software versions is usually difficult anyway, as their availability is usually limited due to their high workload.

What is the current market situation today, almost 8 years after the product announcement by SAP with regard to S/4HANA? This was one of the topics addressed by the DSAG (German-speaking SAP^® Anwendergruppe e.V.), which is why it surveyed its member companies for its annual investment report. For the 2022 report, the question "How far along is your company or organization in terms of implementing S/4HANA?" was answered as follows (see Figure 1). 12 % of respondents had not yet decided and 6 % did not want to switch to S/4HANA. Those who did not want to switch cited "uncertainty about functionality" and "lack of business case" as reasons, among others. 47 % of respondents said they were planning to migrate but had not yet started. 23 % of the companies were in the process of implementing the solution and only 12 % already had S/4HANA in use.

In the 2019 investment report, four years after product announcement, only 3 % of DSAG members had already migrated to S/4HANA and 30 % were planning to migrate in three years at the earliest. Because of this sluggish migration readiness, DSAG lobbied SAP for resilient release and maintenance planning beyond 2025 for its members. In response, SAP extended Business Suite maintenance and development by two years in February 2020. The so-called "mainstream maintenance" now runs until the end of 2027 without additional fees. Those who need even more time for the changeover to S/4HANA can take advantage of the additional chargeable maintenance offer "Extended Maintenance" for the Business Suite until the end of 2030. This is associated with a surcharge of two percentage points on the existing maintenance base, i.e. an increase from 22 to 24 %. In a statement on the maintenance extension by SAP, DSAG board member Andreas Oczko recommended in February 2020 that the time gained be used immediately: "The maintenance commitments for Business Suite 7 until the end of 2030 are not a carte blanche to continue waiting. On the contrary, it must be the starting signal for companies to put aside their last restraint and begin the digital transformation."

Ways for a successful transformation

SAP customers who have not yet started the transformation project (approx. 60 %) have various technical and conceptual options for migration at their disposal. With regard to the migration approach, a distinction is made between brownfield, greenfield and a middle way, so-called selective migration.

The brownfield approach follows the concept of a step-by-step conversion and changeover of the existing system in the direction of S/4HANA. The implemented solution remains almost unchanged, but receives a kind of upgrade. Individual customizations are largely retained and existing data is essentially continued to be used. For technical support of the migration, SAP provides solutions such as the Software Update Manager (SUM) or the Database Migration Option (DMO), among others. The advantages of the brownfield approach are the possible retention of individual processes and integration into the existing system landscape with simultaneous modernization, standardization and consolidation of the overall system.

In the style of "building something on a greenfield site" without taking existing or evolved constraints into account, the greenfield approach corresponds to a fundamental new implementation of the SAP S/4HANA solution. The greenfield approach is similar to switching from another ERP product to SAP S/4HANA. In both cases, a completely new instance of SAP S/4HANA is set up by analyzing and redesigning current business processes to map them as closely as possible to the standard within the new software. The existing master data of the existing SAP or non-SAP solutions is migrated step-by-step into the new system by means of appropriate adjustments and conversions. As a rule, transactional or historical data is not migrated in its entirety, as the effort required for the transformation may be considerable. The greenfield approach offers companies the advantage that ERP systems that have been individualized over the years are replaced by a new standard version of SAP S/4HANA and that business processes are optimized in parallel with the SAP implementation. However, a prerequisite for this is the willingness to implement comprehensive process and, if necessary, structural organizational changes as part of the implementation. Methodologically, the implementation of the necessary organizational measures should be underpinned by appropriate change management.

Selective migration or landscape transformation represents a middle ground between greenfield and brownfield. Experts also refer to this as the color field approach or a hybrid strategy. Selective migration is an approach based on brownfield. If companies take such a path, the current productive system is first copied, then all existing transaction-based data is deleted. The system is then migrated to SAP S/4HANA. If necessary, required adjustments and configurations are made. Subsequently, data is selectively mi-grated from the current productive system. As part of this approach, it is necessary to control the data transfer individually, for example, by transferring or recoding only a defined section of data. This increases the complexity of the already complicated data migration. A version of this approach was developed by SNP Schneider-Neureither and IBM Services and is marketed under the name Bluefield. With the CrystalBridge platform, SNP provides a corresponding tool for data transfer as part of an SAP S/4HANA migration. Various SAP system houses are qualified as partners with SNP and use SNP's platform as part of their projects.

Which type of migration, brownfield, greenfield or bluefield, makes the most sense for a company depends on various criteria. In addition to the strategic objective of the project, the objective of the migration project (e.g., process optimization, process harmonization, "back to standard," improvement of data/information quality), the following aspects play a role, among others:

• Readiness of the company for organizational change
• Degree of automation of business processes
• Available project budget
• Restriction regarding the project duration
• Configuration of the current productive system
• Number and scope of individual adjustments
• Requirements regarding the availability of historical data
• Operating model (public cloud, private cloud or on-premise)
• Number and scope of interfaces to other applications
• Know-how of the project managers in the company
• Methodological competence of the implementation service provider

Operating models: Examine various options

Companies also have several options in terms of operating model, licensing and deployment (see Figure 2). In general, there is the option of licensing the solution on-premise (classic purchase model) or as SaaS (subscription or rental model). SAP bundles the latter in RISE. "RISE with SAP" is an offering package designed to help companies switch to SAP S/4HANA in order to develop and optimize business processes in the cloud. As a contractual partner, SAP takes care of all the necessary steps, such as analysis, operation, support, and the selection of and negotiations with suitable hyperscalers. In order to advise customers on the selection of the operating model, the required scope of services and the associated costs, SAP offers corresponding analyses in the form of questionnaire-based workshops (e.g. the so-called "Readiness Check" or "Process Discovery"). As a rule, these are free of charge and a prerequisite for the provision of a corresponding offer for SAP S/4HANA use.

As already mentioned, there are many examples that prove that ERP projects always turn out to be more expensive than calculated and take longer than planned. However, it is worth taking a closer look. There is a well-known quote that every project manager should know: "Tell me how your project starts and I'll tell you how it ends". In many cases, one main cost driver for inadequate project implementation is ignored at the very beginning: Choosing the right sourcing strategy! Especially in the case of SAP S4/HANA migrations, people often reflexively consider only the current SAP system house and negligently omit a systematic selection of the optimal SAP service provider. Yet the market for potential implementation partners is large and heterogeneous. A sufficient number of system houses have a great deal of experience, often decades of cooperation with SAP, various partner roles and different partner statuses or certification levels according to the SAP PartnerEdge program.

The PartnerEdge program distinguishes between four levels. With the SAP PartnerEdge Open Ecosystem partner level, SAP aims to reduce the barrier to entry into the organized partner landscape. No fees are charged for the program and, apart from a few product-specific training courses, no proof is required. The next two levels, Silver and Gold Partners, are designated as "Committed Partners". Here, both program fees are due and the verification requirements are significantly increased. The partners must have comprehensively trained personnel, coordinate a business plan with SAP and, if necessary, have their solutions certified. Advancement from silver to gold partner is governed by a points system. The partner receives the so-called value points for certain activities (e.g. sale of a solution, additional training of personnel, new references, certification of a solution or services, etc.). In addition, partners at these levels can participate in the "SAP Recognized Expertise Program". The program is used to mark a partner's special expertise in one of 21 industries or one of 30 solutions. For certification, partners must prove their competencies through appropriate references, projects, and specific training of their employees. In addition, SAP requires partners to submit a specific business plan for the industry or solution, the implementation of which is reviewed by SAP. The highest level, Platinum Partner, is reserved for long-term strategic partnerships. These partners currently include large technology groups such as IBM and Deutsche Telekom, as well as internationally positioned sales partners such as NTT DATA and large system integrators such as ATOS and Capgemini.

An initial orientation of the SAP partner market is provided by the "Partner Finder" on the SAP homepage (https://www.sap.com/germany/partners/find.html). Filter options can be used to select the companies listed in the SAP Partner Program. A search for partners offering "Project Services" for the solutions "ERP and SAP S/4HANA" yields a hit list of more than 1,550 companies worldwide. For the German market, there are still just over 230 system integrators. An additional filter can be used to further narrow down the list of partners to a so-called "focus industry". For example, for "industrial manufacturing" the list of providers can be reduced to around 160, for the "retail" sector there are just over 130 and for "life sciences" around 100.

As part of a well-founded and competitive sourcing strategy for an SAP S/4HANA migration, the client should evaluate the potentially best service provider before the actual start of the project, develop a secure contractual agreement and, last but not least, build a good starting point for the upcoming commercial negotiations. In Trovarit's view, a professional SAP system house selection and project award should successively reduce the bidder environment and provide well-founded, easily comparable information from the potential SAP partners. In this context, questions such as:

• Which SAP S/4HANA certifications does the partner have? How many comparable migrations has the service provider already performed in the S/4HANA environment?
• Which project approach (greenfield, brownfield, or color field) does the migration partner recommend?
• How is the project-specific implementation methodology characterized and with which tools and templates (so-called tool chain) does the service provider usually work?
• Which operating model (public cloud, private cloud or on-premise) is recommended by the service provider?

Cooperation with partners: What it can look like in practice

Figure 3 shows Trovarit's standard procedure. In the first module "Start-up", the project is first defined together with the client. For example, the objectives, the project schedule, the project documentation and the project controlling are agreed upon. In the subsequent "Project Request" module, a so-called project profile is compiled with all the relevant information for an RFI (Request for Information) and the distribution list and contents of the request are defined. The project request is sent online to the potential system houses via IT-Matchmaker. By means of the so-called project chat, the participants in the inquiry have the opportunity to ask the client further qualifying questions. This digital, context-related dialog can be used to efficiently clarify ambiguities in the documents sent. If necessary, the corresponding contents of the chat history can be made available to all requested providers at the push of a button. Based on the responses of the requested system houses, the favored companies (TOP 3) are determined for the subsequent tender.

Parallel to the project inquiry, the project scope is roughly agreed or defined within the scope of a "fit gap" analysis. For sourcing in the SAP environment, it has proven useful to use the list of scope items provided by SAP. The specification of whether or not these approximately 700 items are required in the scope of services for the S/4HANA migration provides a good initial indicator of the project complexity. When evaluating the scope items, it is also advisable to include so-called focus topics in parallel to selected processes/tasks and to specify them in bullet points. In preparation for the subsequent pre-selection, it is necessary to create a tender and award document. Among other things, this document outlines the entire award process, describes what is expected of the service provider, sets out the requirements for the project methodology, and specifies the form of contract desired by the client. As part of the RFQ (Request for Quotation), the favored implementation partners are also provided with the previously recorded project scope (evaluated scope items) as well as the task definitions with regard to the recorded focus topics.

In parallel with the RFP, vendors will be invited to participate in two to three day workshops. In preparation for the workshop, they will receive a script that includes the agenda, expectations for the process, and task/question statements for that date. Based on the previous preparatory work, solutions to the focus topics are expected, the presentation of the project methodology is covered, a recommendation for the project approach (Bownfield, Greenfield and Bluefield) and the operating model are requested. Interviews with the designated project manager and solution architect are conducted to get to know the key people involved in the project, and selected reference customers are interviewed by phone, if applicable. The result of the tender and final selection is a final overall evaluation. Thanks to the structured approach, all the available information can be compared very well and condensed into an overall value for each provider and system. As part of the overall evaluation, all relevant evaluation aspects should be taken into account and compared with the cost information provided by the suppliers.

The final step is the contract negotiation/formulation with the "TOP provider". In addition to the legal and commercial aspects, it is essential for the contractual agreement to define the responsibilities for all relevant project tasks in a so-called RACI matrix. For this, Trovarit uses its own template stored in IT-Matchmaker with approx. 400 project activities. A module contract has proven to be the best form of contract for SAP S/4HANA migrations. All cross-phase topics are defined via a framework contract. With the completion of a project phase, the scope of services and the results to be delivered for the next project phases are defined and bindingly agreed in a corresponding individual contract.

Author:
Peter Treutlein is a member of the Executive Board of the consulting firm Trovarit AG in Aachen. www.trovarit.com

Thermal imaging cameras can be used to reconstruct and read traces of fingerprints on surfaces such as smartphone screens, computer keyboards or ATM touchscreens - in other words, anywhere users are prompted to enter a PIN code or other personal data. According to the study, hackers can use the relative intensity of heat traces on recently touched surfaces to reconstruct passwords, for example. A team of computer security experts from the University of Glasgow has now developed a set of recommendations for defending against such "heat attacks" that can be used to steal personal data.

Cracking passwords with handy thermal imaging cameras and AI

This was preceded by research by Dr. Mohamed Khamis, a professor at the University of Glasgow's School of Computing Science, and his colleagues. They showed how easily thermal images can be used to crack passwords. The team developed ThermoSecure, a system that uses artificial intelligence (AI) to scan thermal images and correctly guess passwords in seconds, alerting many to the threat of thermal attacks. Based on this, Dr. Khamis' research team conducted a comprehensive survey of existing computer security strategies and asked users for their preferences on how to prevent thermal attacks on public payment devices such as ATMs and ticket machines.

Measures against thermal attacks

The authors presented their research findings on August 11, 2023, at the USENIX Security Symposium conference in Anaheim, California. The work presented also included advice for manufacturers on how to make their devices more secure. The team identified 15 different approaches described in previous computer security research that could reduce the risk of thermal attacks. These included ways to reduce heat transfer from users' hands by wearing gloves or rubber finger hats, or changing the temperature of hands by touching something cold before typing. The literature also suggested pressing the hands against surfaces or breathing on them to hide the heat from fingerprints after typing.

Other suggestions for more security involved hardware and software. A heating element behind surfaces could erase traces of finger heat, or surfaces could be made of materials that dissipate heat more quickly. Security on publicly accessible surfaces could be enhanced by introducing a physical shield that covers the keys until the heat is dissipated. Alternatively, eye-tracking inputs or biometric security could reduce the risk of successful thermal attacks.

Users want two-factor authentication

After studying existing security measures, the team conducted an online survey with 306 participants. The goal of the survey was to determine users' preferences among the strategies identified by the team and to ask them for their own thoughts on security measures they might apply when using public devices such as ATMs or ticket machines. Dr. Mohamed Khamis, who led this study, can be quoted as saying, "This is the first comprehensive literature review on security measures against thermal attacks, and our survey revealed some interesting results. Intuitively, users suggested some strategies not found in the literature, such as waiting to use an ATM until the environment seems safest. They also advocated for strategies that were already known, such as two-factor authentication, because they were aware of its effectiveness. We also saw that they considered issues around hygiene, which made the strategy of breathing on devices to mask heat trails very unpopular, and privacy, which some users considered when thinking about additional security measures such as facial or fingerprint recognition."

The paper concludes with recommendations for users on how to protect themselves against heat attacks in public and for device manufacturers on how security measures could be built into future generations of hardware and software. Co-author Prof. Karola Marky, now working as a professor at Ruhr University in Bochum, Germany, but still a postdoctoral researcher on Mohamed Khamis' team at the time of the study, advises users to pay close attention to their surroundings when entering sensitive data in public to ensure no one is watching, or to use a secure facility such as a bank. "Where this is not possible, we recommend placing the palms of the hands on the devices to cover heat traces, or wearing gloves or finger guards if possible," Prof. Marky said. "We also advise using multi-factor authentication whenever possible, as it protects against a number of different attacks, including thermal attacks, and protecting all authentication factors as much as possible."

Manufacturers of vending machines and thermal imaging cameras also under obligation

Manufacturers of ATMs or ticket vending machines are advised to consider the possibility of attacks via handheld thermal imaging cameras at the design stage. Devices should be equipped with physical screens to block surfaces for a short period of time, or keyboards that improve privacy by rearranging the arrangement of keys after use. For devices already in circulation, software updates could help remind users to be aware of their surroundings and take measures to prevent observation by thermal cameras. "Our final recommendation is for thermal camera manufacturers to prevent attacks by incorporating new software locks that prevent thermal cameras from taking images of surfaces such as PIN pads on ATMs," adds Mohamed Khamis. "We continue to explore potential approaches to mitigate the risk of thermal imaging attacks. While we don't yet know how widespread these attacks on personal data currently are, it's important that computer security researchers keep up with the risks thermal imaging cameras could pose to users' personal data, especially since they're now so cheap and widely available."

Source: Techexplore.com / University of Glasgow

Street festivals, open-air cinemas, festivals: partying outdoors is part of a successful summer for many people. But if your smartphone is suddenly missing when you reach into your pants pocket or handbag, it can quickly dampen your spirits. Summer is the peak season for pickpockets, as AXA's loss statistics over the last ten years show. Almost a quarter of all cell phone thefts reported to the insurance company occur in July and August. The fewest occur in April, with only one in 15 cell phone thefts happening then. "In the summer, people are outside more often. That gives thieves more opportunities to strike - especially in large gatherings of people," explains Stefan Müller, head of property insurance at AXA. So it's hardly surprising that most thefts occur at the weekend, when numerous festivities are taking place. Over 40 percent of all cell phone thefts occur on Saturdays and Sundays. The risk is lowest on Wednesdays, when only one in ten cell phone thefts occurs.

Increase in thefts by 40 percent

The fact that people are more mobile again and more events are taking place is one reason why the number of stolen cell phones has increased since the end of the pandemic. In 2022, 40 percent more cell phones were stolen than in 2021 and as much as 50 percent more than in 2020. "Cross-border crime, which is now more feasible again, is probably also playing its part in the fact that the theft rate has increased," says Stefan Müller. In the first half of 2023, Axa's figures show a further increase of around 20 percent compared with the same period last year, so that the pre-pandemic level is likely to be reached again.

Caution in Geneva, Basel and Bern

AXA's evaluations show large differences not only between years, months and days of the week, but also between the cantons in which the insured persons reside. People from the canton of Geneva reported stolen cell phones to AXA around 5 times more frequently than the Swiss average and as much as 11 times more frequently than people from Ticino, who seem to be exposed to the lowest risk. Insured persons from the cantons of Basel-Stadt and Bern are also affected more often than average - but rarely from the cantons of Graubünden and Uri. These two cantons and Ticino record less than half as many stolen cell phones per insured person as the Swiss average.

Smartphone gone - what to do?

If the cell phone has been stolen, this must be reported to the local police station and the insurance company. Cell phone theft away from home is covered by the household insurance, provided that coverage for simple theft away from home or all-round coverage for smartphones, tablets and consumer electronics has been taken out.

Source and further information: AXA

Michael Widmer is the new Head of the Legal & Data Privacy Consulting Competence Center at Swiss Infosec AG and also a new member of the Executive Board. After studying law in Zurich, Michael Widmer gained a great deal of experience in various functions, particularly in the telecommunications industry. Most recently, he was a member of the Executive Board at SwissSign, where his responsibilities included legal, compliance, finance and HR. "Reto Zbinden, CEO of the company, is convinced that "Michael Widmer brings with him all the prerequisites to further develop the Data Privacy and Legal Competence Center in a high-quality and successful manner. 

Michael Widmer will lead a team that has grown steadily in recent years and enjoys an excellent reputation. Swiss Infosec AG's data protection competence center now employs more than 10 lawyers, several of whom are admitted to the bar. This makes it probably the largest data protection team in Switzerland in terms of the number of people working outside of law firm structures.

At Swiss Infosec AG, Michael Widmer joins the management team as head of the Legal & Data Privacy Consulting team. In addition to his management duties, he will advise companies, public institutions and non-profit organizations in the areas of data protection and ICT law and act as an external data protection consultant for companies and organizations. Michael Widmer will also pass on his extensive best practice knowledge in training courses as part of the company's training and development offering.

Source and further information

For the eighth time, the 3DMC is organized by the WZL of RWTH Aachen University in cooperation with the National Physical Laboratory (NPL), University College London (UCL), the Physikalisch-Technische Bundesanstalt (PTB) and this year for the first time by the two Spanish partners Tekniker and IDEKO. After successful editions in Aachen, Hamburg and London, the conference now travels to the high-tech region of the Basque Country.

Metrology as a driver of innovation

At 3DMC, up to 200 industrial users and academically renowned experts exchange ideas and shape the innovative and open character of the event. This is also reflected in the program design: a top-class lecture program paired with an open industry exhibition, special interest sessions and dedicated networking formats. Prof. Ben Hughes and Prof. Robert Schmitt will moderate and shape the event as Chairman and Host.

The conference will focus on measurement technology as an innovation driver in automation and quality assurance. Industrial end users will provide insights into successful use cases from various sectors, such as automotive, aerospace and energy. In addition, leading international scientists will present advances and associated new application possibilities in measurement technology itself. 3D data and machine vision form the DNA of the conference and are complemented by other technologies, e.g. from the fields of digitalization and artificial intelligence.

Accompanying industrial exhibition

With two strong partners on site, the 3DMC offers the unique opportunity to get to know leading technology drivers and their forward-looking research facilities up close: For the first time, the industry exhibition will be spread over two presentation venues during the two conference days, giving participants and exhibitors the opportunity to enter into a creative dialog with each other in various unusual settings, to present innovative use cases live and to cultivate their own network within the community. The 3DMC thus combines the advantages of a trade fair, a production technology laboratory and an expert forum in a single event.

Selected papers can additionally be published as an associated peer-reviewed article in the Open Access Journal Metrology will be published, further reinforcing the sustained scientific excellence of the conference. The conference language is English.

Participation is still possible as a visitor (Delegate), speaker (Presenter) or exhibiting company (Exhibitor). Further information: https://www.3dmc.events

Why are there still fewer women on boards than men? Several factors come together here, as the founder of the management consultancy The Boardroom had to realize. It's not just the boards that are to blame, but it's not just the women either. The question of blame is a vexed issue anyway, because only with synergetic cooperation do the two groups converge!

Boardroom women on the way up - when the board becomes the goal

On a rainy May day in Zurich, nearly 20 women gather for a meeting to listen to successful businesswoman Mirjam Staub-Bisang (Blackrock Switzerland). She gives a talk on investments, leadership challenges and diversity in business. All the listeners have one thing in common: they are professionally successful! Whether CEOs or HR managers, they have already found their way.

But that's not the end of the story, because the dedicated businesswomen want the space on the board of directors, for more diversity. Career women have one more thing in common: They belong to The Boardroom, the club that wants to revolutionize the quota of women on Swiss boards of directors.

Currently, only 30 percent of board seats are held by women, the rest by men. Diana Markaki, founder of The Boardroom, received her very first mandate at 36 and had only one female fellow member. She felt odd, alone, the great exception. Things didn't get any better after she moved to a Swiss company.

All of this led Markaki to feel a strong pressure to perform, which also brought insecurities. From the perspective of numerous other women, these feelings were a blessing. They eventually moved Markaki to create The Boardroom. The bootcamp where women (and men, too) can learn, to hold their own on the Board of Directors or get there at all.

With The Boardroom, an exclusive club, Markaki wants to change that and prepare women for leadership positions. The club's excellent network plays a major role in this and leads to advancing and living diversity within the framework of various event formats and trainings.

The right personalities are more important than gender

Although Diana Markaki thinks highly of women in leadership positions, gender is not the most important factor for her. It takes the right people for the position. Everywhere discussed about shortage of skilled workersMany of these positions are often filled incorrectly.

The more diverse people's experiences, the more the board benefits. Complex decisions often have to be made, which can be completely re-evaluated through different perspectives. The Boardroom is therefore not specifically aimed at female careerists, but also at those who have not yet thought outside the box. The goal is to tease out strengths and prepare women to assert themselves on boards. This works through networking, trial and error, and assertiveness, even with men!

The system for backflow prevention called STOPR was developed by vonRoll hydro. The "godfather" for this development was the function of the human heart valve: best flow values and reliable closure are decisive for the efficiency of the heart. The situation is similar with hydrants: they must be able to draw water quickly in large quantities, and at the same time they must protect the water network against contamination through backflow. The spring-loaded check valve of the STOPR is mounted in the so-called Storz and reliably closes the hydrant from a pressure of 0.003 bar, which corresponds to the force of a water column of only 3 cm. In order to ensure that water can be drawn without interference, the STOPR has been flow-optimized by vonRoll hydro engineers. Where previous systems cause flow losses of up to 40%, the system results in no significant impairment of hydrant performance.

Easy mounting and permanent protection

Today, the safety of drinking water supplies is more important than ever. Accordingly, vonRoll hydro relies on permanent solutions for water safety technologies. The STOPR is permanently installed, which can be done in the simplest way on hydrants from all manufacturers, even retrofitted. Thanks to a patented venting system in the system itself, no modification of hydrants is required. By simply changing the Storz, any water supply can inexpensively implement a new standard of drinking water safety.

Pioneering role of the water supply Würenlos

Felix Zürcher, well master of Würenlos (AG), emphasizes the importance of reliable protection of drinking water: "The municipality of Würenlos is proud to have realized the first reference project with the new technology in Switzerland. This reliable and permanent protection of drinking water will set an example at home and abroad," he is convinced. Jürg Brand, Chairman of the Board of Directors of the vonRoll hydro Group, comments: "Water has become the fundamental strategic issue par excellence. With the mission statement ZEROWATERLOSS, we are directing our commitment towards the Water and water supply safety. The new STOPR performs an important function in this regard and, after Switzerland, will also be delivered in Europe and worldwide."

Source and further information: FromRoll hydro / Community Würenlos

In a market environment characterized by constant change, agility turns out to be an important tool for many: regular feedback, short iterations, early detection and correction of errors, and autonomy lead to top results. What sounds tempting in theory, more and more companies are putting into practice - and failing miserably. With the following key factors, agility can be better mastered:

1. understanding as foundation

First understand, then act. Those who take it upon themselves to integrate agile methods must first and foremost recognize that they are not one-size-fits-all: They depend on the industry, the corporate culture, the employees and individual Challenges. What works for competitors is not automatically groundbreaking for one's own success. Edgar Ehlers, founder of the ee factor agile consulting GmbH, knows what it's all about: "Agility means adaptability, flexibility and direct response to change - above all, implementation is not a short-lived trend, but a continuous process." Companies use agile methods as a tool and learn to continue them in the long term as well as independently in order to cope with today's fast pace.

2. analyze situation and set goals

Verbalize strengths, identify weaknesses and formulate goals - anyone who wants to lead a company to agility cannot avoid a rigorous analysis of the current situation. A thorough examination of corporate cultures, hierarchies, communication structures and work processes strengthens the foundation for restructuring. "Whether it's increasing efficiency, boosting innovation, or increasing employee engagement, companies need to pre-define the goals they're pursuing with agile methods and consider what needs or challenges they'll face along the way," says Ehlers.

3. communication and transparency

Why does a company decide to restructure towards agility? The answer to this question must be communicated openly and transparently, especially internally. "All teams learn about the reasons and benefits at the outset, as well as about decision-making processes and project progress on an ongoing basis - this strengthens employees' trust and commitment with regard to implementation," explains the managing director of the agile strategy consultancy ee factor. The introduction of more efficient communication channels and tools supports fast and collaborative exchange within the working community. Regular stand-up meetings as well as check-ins promote collaboration. The introduction of agile methods also affects customers, business partners, and the public - so communication of upcoming or occurring turnarounds must also take place externally.

4. corporate culture and value change

Prevailing norms and attitudes set the tone and significantly shape the working and corporate culture. CEOs often wonder why change is slow or has not yet taken root. The reason: In a company, there are often several Change curves and each employee is at an individual point on his or her own curve. While management is already acting in line with the new corporate culture, some employees are only at the beginning of the curve. This results in differences that are the result of non-transparent communication. In order to loosen up behaviors and processes, it is advisable to introduce trial phases. These periods serve as a test run for new methods or processes before companies finally implement them. In this way, management gently weans employees off old patterns. Pilot projects help to gain initial experience and achieve success through innovative methods.

5. involvement of the management

Agile processes make a good impression on the outside. It often happens that the company management adorns itself with agility, but puts little energy into the implementation itself. Pure hubris and a lack of commitment often stand in the way of moving away from long-outdated hierarchical models and organizational structures. The management level sets the pace in transformation processes - only then does the entire company follow suit. In order to break through hierarchies and distribute responsibility equally among all, managers move from the passive to the active role: In addition to participating in training courses, they lead agile projects themselves and hand over decision-making power to employees.

6. empowerment of employees

Comfortable routines characterize everyday working life in German offices. Forced to abandon this rhythm is met with rejection by many employees - but they have a lot of responsibility, especially in agile companies. Leaving one's own comfort zone triggers insecurities, especially if there is no solid feedback or error culture in the company. Edgar Ehlers speaks from experience: "The fear of doing something wrong inhibits the potential of employees. Only the promotion of a Culture of continuous improvement releases rigidity: employees learn here that mistakes are part of the learning process and change their working attitude without fear. From Errorculture develops Learnculture and failures give rise to new learnings and motivation, which in turn increases engagement."

7. regular further training

Stagnation and lack of know-how are the biggest factors for agile methods to fail. On average, a manager receives 1-3 days of training per year. This is by far not enough. Employees and management should therefore participate in preparatory and accompanying training courses and workshops in order to build up the necessary knowledge and understanding. For objective expertise and interdisciplinary experience, it is advisable to involve external consultants or trainers who take on a supporting role until the company is in a position to do so autonomously. For this purpose, the management level appoints so-called change agents who act internally as ambassadors for the agile transformation. They provide advice and support to other employees in order to continuously expand the knowledge and skills of all.

8. patience and realistic time planning

Faster, higher, further - those who strive for change would ideally like to achieve results as soon as possible. "To establish agility as part of the organizational structure and culture, companies need to be patient and have realistic expectations," knows Edgar Ehlers. "Introducing agile methods takes time for them to have their full effect - only then will companies really succeed in implementing and benefiting from ways of working in the long term." To measure progress, it is important to regularly reflect on and review agile methods. This allows potential gaps in the tailored strategy to be identified and possible adjustments or further developments to be made.

 Source: ee factor