Wednesday, July 29, 2020

How an SAP ecosystem partnership reduces risk and increases cost-efficiency around taxes management

The next BriefingsDirect data-driven tax optimization discussion focuses on reducing risk and increasing cost efficiency as businesses grapple with complex and often global spend management challenges.

We’ll now explore how end-to-end visibility of almost any business tax, compliance, and audit functions allows for rapid adherence to changing requirements -- thanks to powerful new tools. And we’ll learn directly from businesses how they are pursuing and benefiting from advances in intelligent spend and procurement management.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

To uncover how such solutions work best, we welcome Sean Thompson, Executive Vice-President of Network and Ecosystem at SAP Procurement Solutions; Chris Carlstead, Head of Strategic Accounts and Partnerships and Alliances at Thomson Reuters, and Poornima Sadanandan, P2P IT Business Systems Lead at Stanley Black and Decker. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts: 

Gardner: Sean, what’s driving the need for end-to-end visibility when it comes to the nitty-gritty details around managing taxes? How can businesses reduce risk and increase cost efficiency -- particularly in difficult, unprecedented times like these -- when it comes to taxation?

Thompson: It’s a near-and-dear topic for me because I started off my career in the early ‘90s as a tax auditor, so I was doing tax accounting before I went into installing SAP ERP systems. And now here I am at SAP at the confluence of accounting systems and tax.
We used to talk about managing risk as making sure you’re compliant with the various different regulatory agencies in terms of tax. But now in the age of COVID-19 compliance is also about helping governments. Governments more than ever need companies to be compliant. They need solutions that drive compliancy because taxes these days are not only needed to fund governments in the future, but also to support the dynamic changes now in reacting to COVID-19 and encouraging economic incentives.

There’s also a dynamic nature to changes in tax laws. The cost-efficiency now being driven by data-driven systems helps ensure compliancy across accounting systems to all of the tax authorities. It’s a fascinating time because digitization brings together business processes thanks to the systems and data that feeds the continuing efficiency.

It’s a great time to be talking about tax, not only from a compliance perspective but also from a cost perspective. Now that we are in the cloud era -- driving data and business process efficiency through software and cloud solutions -- we’re able to drive efficiencies unlike ever before because of artificial intelligence (AI) and the advancements we’ve made in open systems and the cloud.

Gardner: Chris, tax requirements have always been with us, but what’s added stress to the equation nowadays?

Carlstead: Sean hit on a really important note with respect to balance. Oftentimes people think of taxation as a burden. It’s often overlooked that the other side of that is governments use that money to fund programs, conduct social welfare, and help economies run. You need both sides to operate effectively. In moments like COVID-19 -- and Dana used the word “unprecedented,” I might say that’s an understatement.

I don’t know in the history of our time if we have ever had an event that affected the world so quickly, so instantly, and uniformly like we have had in the past few months. When you have impacts like that, they generally drive government reaction, whether it was 9/11, the dot-com bubble, or the 2008 financial crisis. And, of course, there are also other instances all over the globe when governments need to react.

But, again, this latest crisis is unprecedented because almost every government in the world is acting at the same time and has moved to change the way we interact in our economies to help support the economy itself. And so while pace of change has been increasing, we have never seen such a moment like we have in the last few months.

Think of all the folks working at home, and the empathy we have for them dealing with this crisis. And while the cause was uniform, the impact from country to country -- or region to region -- is not equal. To that end, anything we can do to help make things easier in the transition, we’re looking to do.

While taxes may not be the most important thing in people’s lives, it’s one last thing they have to worry about when they are able to take advantage of a system such as SAP Ariba and Thomson Reuters have to help them deal with that part of their businesses.

Gardner: Poornima, what was driving the need for Stanley Black and Decker to gain better visibility into their tax issues even before the pandemic?

Visibility improves taxation compliance

Sadanandan: At Stanley Black and Decker, SAP Ariba procurement applications are primarily used for all indirect purchases. The user base spans across buyers who do procurement activities based on organizational requirements and on up to the C-level executives who look into the applications to validate and approve transactions based on specific thresholds.

So providing them with accurate data is of utmost importance for us. We were already facing a lot of challenges concerning our legacy applications due to numerous challenges like purchasing categories, federated process-controlled versions of the application integrated with multiple SAP instances, and a combination of solutions including tax rate files, invoice parking, and manual processing of invoices.

There were a lot of points where manual touch was necessary before an invoice could even get posted to the backend ERP application due to these situations, including all the payback on return, tax penalties, and supplier frustrations, and so on.

So we needed to have end-to-end visibility with accuracy and precision to the granular accounting and tax details for these indirect procurement transactions without causing any delay due to the manual involvement in this whole procurement transaction process.

Gardner: Poornima, when you do this right, when you get that visibility and you can be detail-oriented, what does that get for you? How does that improve your situation?

Sadanandan: There are many benefits out of these automated transactions and due to the visibility of data, but I’d like to highlight a few.

Basically, it helps us ensure we can validate the suppliers’ charge tax, that suppliers are adhering to their local tax jurisdiction rules, and that any tax exemptions are, in fact, applicable for tax policies at Stanley Black and Decker.

Secondly, there comes a lot of reduction of manual processes. That happened because of automation, the web services, and as part of the integration framework we adopted. So tax calculation and determination became automated, and the backend ERP application, which is SAP at our company, receives accurate posting information. That then helps the accounting team to capture accounting details in real-time. They gain good visibility on financial reconciliations as well.
Tax calculations became automated, and the backend ERP, which is SAP, receives accurate posting information. That helps the accounting team capture details in real-time. They gain good visibility on financial reconciliations as well.

We also achieved better exception handling. Basically any exceptions that happen due to tax mismatches are now handled promptly based on thresholds set up in the system. Exception reports are also available to provide better visibility, not just to the end users but even to the technical team who are validating any issues that helps them in the whole analysis process.

Finally, the tax calls happen twice in the application, whereas earlier in our legacy application that only happened at the invoicing stage. Now this happens during the requisition phase in the whole procurement transaction process so it provides more visibility to the requisitioners. They don’t have to wait until the invoice phase to gain visibility on what’s being passed from the source system. Essentially, requesters as well as the accounts payable team are getting good visibility into the accuracy and precision of the data.

Gardner: Sean, as Poornima pointed out, there are many visibility benefits to using the latest tools. But around the world, are there other incentives or benefits?!overview

Thompson: One of the things the pandemic has shown is that whether you are a small, medium-size, or large company, your supply chains are global. That’s the way we went into the pandemic, with the complexity of having to manage all of that compliance and drive efficiency so you can make accounting easy and remain compliant.

The regional nature of it is both a cost statement and a statement regarding regional incentives.  Being able to manage that complexity is what software and data make possible.

Gardner: And does managing that complexity scale down as well up based on the size of the companies?

Thompson: Absolutely. Small- to medium-sized businesses (SMBs) need to save money. And oftentimes SMBs don’t have dedicated departments that can handle all the complexity.

And so from a people perspective, where there’s less people you have to think about the end-to-end nature of compliance, accounting, and efficiency. When you think about SMBs, if you make it easy there, you can make it easy all the way up to the largest enterprises. So the benefits are really size-agnostic, if you will.

Gardner: Chris, as we unpack the tax visibility solution, what are the global challenges for tax calculation and compliance? What biggest pain points are people grappling with?

Challenges span globe, businesses

Carlstead: If I may just take a second and compliment Poornima. I always love it when I hear customers speak about our applications better than we can speak about them ourselves; so, Poornima, thank you for that.

And to your question, because the impact is the same for SMBs and large companies, the pain centers around the volume of change and the pace of that change. This affects domestic companies, large and small, as well as multinationals. And so I thought I’d share a couple of data points we pulled together at Thomson Reuters.

There are more than 15,000 jurisdictions that impact just this area of tax alone. Within those 15,000 jurisdictions, in 2019 we had more than 50,000 changes to the tax rules needed to comply within those jurisdictions. Now extrapolate that internationally to about 190 countries. Within the 190 countries that we cover, we had more than two million changes to tax laws and regulations.

At that scale, it’s just impossible to maintain manual processes and many companies look to do that either decentralized or otherwise -- and it’s just impossible to keep pace with that.
With the COVID-19 pandemic impact, we expect that supply chains are going to be reevaluated. You're changing processes, moving to new jurisdictions, and into new supply routes. And that has huge tax implications.

And now you introduce the COVID-19 pandemic, for which we haven’t yet seen the full impact. But the impact, along the lines where Sean was heading, is that we also expect that supply chains are going to get reevaluated. And when you start to reevaluate your supply chains you don’t need government regulation to change, you are changing. You’re moving into new jurisdictions. You are moving into new supply routes. And that has huge tax implications.

And not just in the area of indirect tax, which is what we’re talking about here today on the purchase and sale of goods. But when you start moving those goods across borders in a different route than you have historically done, you bring in global trade, imports, duties, and tariffs. The problem just magnifies and extrapolates around the globe.

Gardner: How does the Thomson Reuters and SAP Ariba relationship come together to help people tackle this?

Thompson: Well, it’s been a team sport all along. One of the things we believe in is the power of the ecosystem and the power of partnerships. When it comes down to it, we at SAP are not tax data-centric in the way we operate. We need that data to power our software. We’re about procurement, and in those procurement, procure-to-pay, and sales processes we need tax data to help our customers manage the complexity. It’s like Chris said, an amazing 50,000 changes in that dynamic within just one country.
And so, at SAP Ariba, we have the largest business network of suppliers driving about $3 trillion of commerce on a global basis, and that is a statement regarding just the complexity that you can imagine in terms of a global company operating on a global basis in that trade footprint.

Now, when the power of the ecosystem and Thomson Reuters come together we can become the tax-centric authorities. We do tax solutions and help companies manage their tax data complexity. When you can combine that with our software, that’s a beautiful interaction because it’s the best of both worlds.

It’s a win, win, win. It’s not only a win for our two companies, Thomson Reuters and SAP, but also for the end customer because they get the power of the ecosystem. We like to think you choose SAP Ariba for its ecosystem, and Thomson Reuters is one of our -- if not the most -- successful extensions that we have.

Gardner: Chris, if we have two plus two equaling five, tell us about your two. What does Thomson Reuters bring in terms of open APIs, for example? Why is this tag team so powerful?

Partner to prioritize the customer

Carlstead: A partnership doesn’t always work. It requires two different parties that complement each other. It only works when they have similar goals, such as the way they look at the world, and the way they look at their customers. I can, without a doubt, say that when Thomson Reuters and SAP Ariba came together, the first and most important focus was the customer. That relentless focus on the customer really helped keep things focused and drive forward to where we are today.
When you bring two large organizations together to help solve a large problem it's a complex relationship and takes a lot of hard work. I'm really proud of the work we have done.

And that doesn’t mean that we are perfect by any means. I’m sure we have made mistakes along the way, but it’s that focus that allowed us to keep the patience and drive to ultimately bring forth a solution that helps solve a customer’s challenges. That seems simple in its concept, but when you bring two large organizations together to help try to solve a large organization’s problems, it’s a very complex relationship and takes a lot of hard work.

And I’m really proud of the work that the two organizations have done. SAP Ariba has been amazing along the way to help us solve problems for customers like Stanley Black and Decker.

Gardner: Poornima, you are the beneficiary here, the client. What’s been powerful and effective for you in this combination of elements that both SAP Ariba and Thomson Reuters bring to the table?

Sadanandan: With our history of around 175 years, Stanley Black and Decker has always been moving along with pioneering projects, with a strong vision of adopting the intelligent solutions for society. As part of this, adopting advanced technologies that help us fulfill all of the company’s objectives has always been in the forefront.
As part of that tradition, we have been leveraging the integration framework consisting of the SAP Ariba tax API communicating with the Thomson Reuters ONESOURCE tax solution in real-time using web services. The SAP Ariba tax API is designed to make a web service call to the external tax service provider for tax calculations, and in turn it receives a response to update the transactional documents.

During the procurement transactions, the API makes an external tax calculation. Once the tax gets determined, the response is converted back per the SAP Ariba message format and XML format and it gets passed on by the ONESOURCE integration and sends that over to the SAP application.

The SAP Ariba tax API receives the response and updates the transactional documents in real time and that provides a seamless integration between the SAP Ariba procurement solution and the global tax. That’s exactly what helps us in automating our procurement transactions.

Gardner: Sean, this is such a great use case of what you can do when you have cloud services and the right data available through open APIs to do real-time calculations. It takes such a burden off of the end user and the consumer. How is technology a fundamental underpinning of what ONESOURCE is capable of?

Cloud power boosts business outcomes

Thompson: It's wonderful to hear Poornima as a customer. It’s music to my ears to hear the real-life use case of what we have been able to do in the cloud. And when you look at the architecture and how we are able to drive, not only a software solution in the cloud, but power that with real-time data to drive efficiencies, it’s what we used to dream of back in the days of on-premises systems and even, God bless us, paper reconciliations and calculations.

It’s an amazing time to be alive because of where we are and the efficiencies that we can drive on a global basis, to handle the kind of complexity that a global company like Stanley Black and Decker has to deal with. It’s an amazing time.

And it’s still the early days of what we will doing in the future around predictive analytics, of helping companies understand where there is more risk or where there are compliance issues ahead.

That’s what’s really cool. We are going into an era now of data-driven intelligence, machine learning (ML), applying those to business processes that combine data and software in the cloud and automate the things that we used to have to do manually in the past.

And so it’s a really amazing time for us.

Gardner: Chris, anything more to offer on the making invisible the technology but giving advanced business outcomes a boost?

Carlstead: What’s amazing about where we are right now is a term I often use, I certainly don’t believe I coined it, but best-of-breed suite. In the past, you used to have to choose. You had to go best-of-breed or you could go with the suite, and there were pros and cons to both approaches.

Now, with the proliferation of APIs, cloud, and the adoption of API technology across software vendors, there’s more free flow of information between systems, applications, and platforms. You have the ability as a customer to be greedy -- and I think that’s a great thing.
Stanley Black and Decker can go with the number-one spend management system in the world and they can go with the number -one tax content player in the world. And they can expect these two applications to work seamlessly together.

As a consumer, you are used to downloading an app and it just works. And we are a little bit behind on the business side of the house, but we are moving there very quickly so that now customers like Stanley Black and Decker can go with the number-one spend management system in the world. And they can also go with the number-one tax content player in the world. And they can have the expectation that those two applications will work seamlessly together without spending a lot of time and effort on their end to force those companies together, which is what we would have done in an on-premise environment over the last several decades.

From an outcome standpoint, and as I think about customers like Stanley Black and Decker, getting tax right, in and of itself is not a value-add. But getting it wrong can be very material to the bottom line of your business. So for us and with the partnership with SAP Ariba, our goal is to make sure that customers like Stanley Black and Decker get it right the first time so that they can focus on what they do best.

Gardner: Poornima, back to you for the proof. Do you have any anecdotes, qualitative or quantitative measurements, of how you have achieved more of what you have wanted to do around tax processing, accounts payable, and procurement?

Accuracy spells no delayed payments

Sadanandan: Yes, all the challenges we had with our earlier processes with respect to our legacy applications got diminished with respect to incorrect VAT returns, wrong payments, and delayed payments. It also strengthened the relationship between our business and our suppliers. Above all, troubleshooting any issues became so much easier for us because of the profound transparency of what’s being passed from the source system.

And, as I mentioned, this improves the supplier relationship in that payments are not getting delayed and there is improvement in the tax calculation. If there are any mismatches, we are able to understand easily how that happened, as the integration layer provides us with the logs for accurate analysis. And the businesses themselves can answer supplier queries on a timely manner as they have profound visibility to the data as well.

From a project perspective, we believe that the objective is fulfilled. Since we started and completed the initial project in 2018, Stanley Black and Decker has been moving ahead with transforming the source-to-pay process by establishing a core model, leveraging the leading practices in the new SAP Ariba realm, and integrated to the central finance core model utilizing SAP S/4HANA.

So the source-to-pay core model includes leading practices of the tax solution by leveraging ONESOURCE Determination by integrating to the SAP Ariba source-to-pay cloud application. So with a completion of the project, we were able to achieve that core model and now the future roadmaps are also getting laid out to have this model adopted for the rest of our Stanley Black and Decker entities.

Gardner: Poornima, has the capability to do integrated tax functionality had a higher-level benefit? Have you been able to see automation in your business processes or more strategic flexibility and agility?

Sadanandan: It has particularly helped us in these uncertain times. Just having an automated tax solution was the primary objective with the project, but in these uncertain times this automated solution is also helping us ensure business continuity.
Having real-time calls that facilitate the tax calculation with accuracy and precision without manual intervention helped the year-end accounts payable transactions to occur without any interruptions.

Having real-time calls that facilitate the tax calculation with accuracy and precision without manual intervention helped the year-end accounts payable transactions to occur without any interruptions.

And above all, as I was mentioning, even in this pandemic time, we are able to go ahead with any future projects already in the roadmap because they are not on a standstill, we are able to leverage the standard functionalities provided by ONESOURCE and that’s easier to adopt in our environment.

Gardner: Chris, when you hear how Stanley Black and Decker has been able to get these higher-order risk-reduction benefits, do you see that more generally? What are some of the higher-order business benefits you see across your clientele?

Risk-reduction for both humans and IT

Carlstead: There are two broad categories. I will touch on the one that Poornima just referenced, which is more the human capital, and then also the IT side of the house.

The experience that Stanley Black and Decker is having is fairly uniform across our customer base. We are in a situation where in almost every single tax department, procurement department, and all the associated departments, nobody has extra capacity walking around. We are all constrained. So, when you can bring in applications that work together like SAP Ariba and Thomson Reuters, it helps to free up capacities. You can then shift those resources into higher-value-add activities such as the ones Poornima referenced. We see it across the board.

We also see that we are able to help consolidate resourcing from a hardware and a technology standpoint, so that’s a benefit.

And the third benefit on the resource side is that as you are better able to track your taxation, not only do you get it right the first time, when it comes to areas of taxation like VAT recovery, you have to show very stringent documentation in order to receive your money back from governments, so there is a cash benefit as well.

And then on the other side, more on the business side of the relationship, there is a benefit we have just started to better understand in the last couple of years. Historically folks either chose not to move forward with an application like because they felt they could handle it manually, or even worse, they would say, “We will just have it audited, and we will pay the fine because the cost to fix the problem is greater than the penalties or fines I might pay.”

But they didn’t take into consideration the impact on the business relationship that you have with your vendors and your suppliers. If you think about every time you have had a tax issue between them, and then in the case in many European countries and around the world, where VAT recovery would not allow that supplier to recover their taxation because of a challenge they might have had with their buyer, that hurts your relationship. That ultimately hurts your ability to do commerce with that partner and in general with any partner around the world.

So, the top-line impact is something we have really started to focus on as a value and it’s something that really drives business for companies.

Gardner: Poornima, what would you like to see next? Is there a level of more intelligence, more automation?

Post-pandemic possibilities and progress

Sadanandan: Stanley Black and Decker is a global company spanning across more than 60 countries. We have a wide range of products, including tools, hardware, security, and so on. Irrespective of these challenging times, all our priorities regard the safety of the employees and the families and keeping the momentum of business continuity responding to the needs of the community … these all remain as the top consideration.

We feel that we are already equipped technology-wise to keep the business up and running. What we are looking forward to is, as the world tries to come back to the earlier normal life, continuing to provide pioneering products with intelligent solutions.

Gardner: Chris, where do you see technology and the use of data going next in helping people reach a new normal or create entirely new markets?

Carlstead: From a Thomson Reuters standpoint, we largely focus on helping businesses work with governments at the intersection of regulation and commerce. As a result, we have, for decades, amassed an extensive amount of content in categories around risk, legal, tax, and several other functional areas as well. We are relentlessly focused on how to best open up that content and free it, if you will, from even our own applications.
When we can leverage ecosystems such as SAP Ariba, we can leverage APIs and provide a more free-flowing path for our content to reach our customers. The number of use cases and possibilities is infinite.

What we are finding is that when we can leverage ecosystems such as SAP Ariba, we can leverage APIs and provide a more free-flowing path for our content to reach our customers; and when they are able to use it in the way they would like, the number of use cases and possibilities is infinite.

We see now all the time our content being used in ways we would have never imagined. Our customers are benefiting from that, and that’s a direct result of the corporations coming together and suppliers and software companies freeing up their platforms and making things more open. The customer is benefiting, and I think it’s great.

Gardner: Sean, when you hear your partner and your customer describing what they want to come next, how can we project a new vision of differentiation when you combine network and ecosystem and data?

Thompson: Well, let me pick up where Chris said, “free and open.” Now that we are in the cloud and able to digitize on a global basis, the power for us is that we know that we can’t do it all ourselves.
We also know that we have an amazing opportunity because we have grown our network across the globe, to 192 countries and four million registered buyers or suppliers, all conducting a tremendous amount of commerce and data flow. Being able to open up and be an ecosystem, a platform way of thinking, that is the power.

Like Chris said, it’s amazing the number of things that you never realized were possible. But once you open up and once you unleash a great developer experience, to be able to extend our solutions, to provide more data -- the use cases are immense. It’s an incredible thing to see.

That’s what it’s really about -- unleashing the power of the ecosystem, not only to help drive innovation but ultimately to help drive growth, and for the end customer a better end-to-end process and end-to-end solution. So, it’s an amazing time.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy. Sponsor: SAP Ariba.

You may also be interested in:

Thursday, July 16, 2020

AWS and Unisys join forces to accelerate and secure the burgeoning move to cloud

A powerful and unique set of circumstances are combining in mid-2020 to make safe and rapid cloud adoption more urgent and easier than ever.

Dealing with the novel coronavirus pandemic has pushed businesses to not only seek flexible IT hosting models, but to accommodate flexible work, hasten applications’ transformation, and improve overall security while doing so.

This next BriefingsDirect cloud adoption best practices discussion examines how businesses plan to further use cloud models to cut costs, manage operations remotely, and gain added capability to scale their operations up and down.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy. 

To learn more about the latest on-ramps to secure an agile cloud adoption, please welcome  Anupam Sahai, Vice President and Cloud Chief Technology Officer at Unisys, and Ryan Vanderwerf, Partner Solutions Architect at Amazon Web Services (AWS). The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: Anupam, why is going to the public cloud an attractive option more now than ever?

Sahai: There are multiple driving factors leading to these tectonic shifts. One is that the whole IT infrastructure is moving to the cloud for a variety of business and technology reasons. And then, as a result, the entire application infrastructure -- along with the underlying application services infrastructure -- is also moving to the cloud.

The reason is very simple because of what cloud brings to the table. It brings a lot of capabilities, such as providing scalability in a cost-effective manner. It makes IT and applications behave as a utility and obviates the need for every company to host local infrastructure, which otherwise becomes a huge operations and management challenge.

So, a number of business and technological factors, along with the COVID-19 pandemic situation, which essentially makes us work remotely, and having cloud-based services and applications available as a utility makes them easy to consume and use.

Public cloud on everyone’s horizon 

Gardner: Ryan, have you seen in your practice over the past several months more willingness to bring more apps into the public cloud? Are we seeing more migration to the cloud?

Vanderwerf: We’ve definitely had a huge uptick in migration. As people can’t be in an office, things like workspaces and doing remote desktops, have also seen a huge increase. People are trying to find ways to be elastic, cost-efficient, and make sure they’re not spending too much money.

Following up on what Anupam said, the reasons people are moving in the cloud haven’t changed. They have just been accelerated because they need agility and to speed-up access to the resources they need. They need cost savings by not having to maintain data centers by themselves.

By being more elastic, they can provision only for what they’re using and not have stuff running and costing money when you don’t need to. They can also deploy globally in minutes, which is a big deal across many regions, and allows people to innovate faster.

And right now, there’s a need to innovate faster, get more revenue, and cut costs – especially in times where fluctuation in demand goes up and down. You have to be ready for it.

Gardner: Yes, I recently spoke with a CIO who said that when the pandemic hit, they had to adjust workloads and move many from a certain set of apps that they weren’t going to be using as much to a whole other set that they were going to be using a lot more. And if it weren’t for the cloud, they just never would have been able to do that. So agility saved them a tremendous amount of hurt.

Anupam, why when we seek such cloud agility do we also have to think about lower risk and better security?

Sahai: Risk and security are critical because you’re talking about commercial, mission-critical workloads that have potentially sensitive data. As we move to the cloud, you should think three different trajectories. And some of this, of course, is being accelerated because of the COVID-19 pandemic.
Learn More About 
Unisys CloudForte
One of the cloud-migration trajectories, as Ryan said earlier, is the need for elastic computing, cost savings, performance, and efficiencies when building, deploying, and managing applications. But as we move applications and infrastructure to the cloud, there is a need to ensure that the infrastructure falls under what is called the shared responsibility model, where the cloud service provider protects and secures infrastructure up to a certain level and then the customers have their responsibility, a shared responsibility, to ensure that they’re protecting their workloads, applications, and critical data. They also have to comply with the regulations that those customers need to adhere to. 

In such a shared responsibility model, customers need to work very closely with the service providers, such as AWS, to ensure they are taking care of all security and compliance-related issues.
You know, security breaches in the cloud -- while less than compared to on-premises-related deployments -- are still pretty rampant. That’s because some of the cloud security hygiene-related issues are still not being taking care of. That’s why solutions have to manage security and compliance for both the infrastructure and the apps as they move from on-premises to the cloud.

Gardner: Ryan, shared responsibility in practice can be complex when it’s hard to know where one party’s responsibility begins and ends. It cuts across people, process, and even culture.

When doing cloud migrations, how should we make sure there are no cracks for things to fall through? How do we make sure that we segue from on-premises to cloud in a way that the security issues are maintained throughout?

Stay safe with best-practices

Vanderwerf: Anupam is exactly right about the shared responsibility model. AWS manages and controls the components from the host operating system and virtualization layer down to physically securing the facilities. But it is up to AWS customers to build secure applications and manage their hygiene.

We have programs to help customers make sure they’re using those best practices. We have a well-architected program. It’s available on the AWS Management Console, and we have several lenses if you’re doing specific things like serverless, Internet of things (IoT), or analytics, for example.
Solutions architects can help the customer review all of their best practices and do a deep-dive examination with their teams to raise any flags that people might not be aware of and help find solutions.

Things like that have to be focused toward the business, but solutions architects can help the customer review all of their best practices and do a deep-dive examination with their teams to raise any flags that people might not be aware of and help them find solutions to remedy them.

We also have an AWS Technical Baseline Review that we do for partners. In it we make sure that partners are also following best practices around security and make sure that the correct things are in place for a good experience for their customers as well.

Gardner: Anupam, how do we ensure security-as-a-culture from the beginning and throughout the lifecycle of an application, regardless of where it’s hosted or resides? DevSecOps has become part of what people are grappling with. Does the security posture need to be continuous?

Sahai: That’s a very critical point. But first I want to double-click on what Ryan mentioned about the shared responsibility model. If you look at the overall challenges that customers face in migrating or moving to the cloud, there is certainly the security and compliance part of it that we mentioned.

There is also the cost governance issue and making sure it’s a well-architected framework architecture. The AWS Well-Architected Framework (WAF), for example, is supported by Unisys.

Additionally, there are a number of ongoing issues around optimization, cost governance, security, compliance governance, and optimization of workloads that are critical for our customers. Unisys does a Cloud Success Barometer study every year and, and what we find is very interesting.

One thing is clear, about 90 percent of organizations are transitioned to the cloud. So no surprise there. But in the journey to the cloud what we also found is that 60 percent of the organizations are unable to move to the cloud, or hold on to their cloud migrations, because of some of these unexpected roadblocks. And so that’s where partners like Unisys and AWS are coming together to offer visibility and solutions to address them. Those challenges remain, and, of course, we are able to help address them.

Coming back to the DevSecOps question, let’s take a step back and understand why DevOps came into being. It was basically because of the migration to the cloud that we had the need to break down the silos between development and operations to deploy infrastructure-as-code. That’s why DevOps essentially brings about faster, shorter development cycles; faster deployment, faster innovation.

Studies have shown that DevOps leads to at least 60 percent faster innovation and turnaround time compared to traditional approaches, not to mention the cost savings and the IT headcount savings when you merge the dev and ops organizations.
As DevOps goes mainstream, and as cloud-centric applications are becoming mainstream, there is a need to inject security into the DevOps cycle. Having DevSecOps is key.

But as DevOps goes mainstream, and as cloud-centric applications are becoming mainstream, there is a need to inject security into the DevOps cycle. So, having DevSecOps is key. You want to enable developers, operations, and security professionals to work together on yet another silo, to break them down and merge with the DevOps team.

But we also need to provide tools that are amenable to the DevOps processes, continuous integration/continuous delivery (CI/CD) tools that enable the speed and agility needed for DevOps, but also injecting security -- without slowing them down. It is a challenge, and that’s why the all-new field of DevSecOps enables security and compliance injection into the DevOps cycle. It is very, very critical.

Gardner: Right, you want to have security but without giving up agility and speed. How have Unisys and AWS come together to ease and reduce the risk of cloud adoption while greasing the skids to the on-ramps to cloud adoption?

Smart support on the cloud journey

Sahai: Unisys in December 2019 announced CloudForte capabilities with the AWS cloud. A number of capabilities were announced that help customers adopt cloud without worrying about security and compliance.

CloudForte today provides a comprehensive solution to help customers manage their customer cloud journeys, whether it’s greenfield or brownfield; and there is hybrid cloud support, of course, for the AWS cloud along with multi-cloud support from a deployment perspective.

The solution combines production services that enable three primary use cases: Cloud migration, as we talked about, and apps migration using DevSecOps. We’ve codified that in terms of best practices, reference architecture, and well-architected principles, and we have wrapped that in advisory services and deployment services as well.
Learn More About 
Unisys CloudForte
The third use case is around cloud posture management, which is understanding and optimizing existing deployments, including hybrid cloud deployments, to ensure you’re managing costs, managing security and compliance, and also taking care of any other IT-related issues around governance of resources to make sure that you migrate to the cloud in a smart and secure manner.

Gardner: Ryan, why did AWS get on-board with CloudForte? What was it about it that was attractive to you in helping your customers?

Vanderwerf: We are all about finding solutions that help our customers and enabling our partners to help their customers. With the shared responsibility model, that’s on the customer, and CloudForte has really good risk management and a portfolio of applications and services to help people get ahold of that responsibility themselves.

Instead of customers trying to go on their own -- or just following general best practices – Unisys also has the tooling in place to help customers. That’s pretty important because with DevSecOps, people suffer from a lack of business agility, security agility, and face the risks around change to their businesses. People fear that.
With the shared responsibility model, that's on the customer, and CloudForte has really good risk management and a portfolio of apps and services to help people get ahold of that responsibility themselves.

These tools have really helped customers manage that journey. We have a good feeling about being secure and being compliant, and the dashboards they have inside of it are very informative, as a matter of fact.

Gardner: Of course, Unisys has been around for quite a while. They have had a very large and consistent installed base over the years. Are the tooling, services, and value in CloudForte bringing in a different class of organization, or different parts of organizations, into AWS?

Vanderwerf: I think so, especially in the enterprise area where they have a lot of things to wrangle on the journey to the cloud -- and it’s not easy. When you’re migrating as much as you can to a cloud setting – seeking to keep control over assets and making sure there are no rogue things running -- it’s a lot for an enterprise IT manager to handle. And so, the more tools they have in their tool-belt to manage that is way better than them trying to cook up their own stuff.

Gardner: Anupam, did you have a certain type of organization, or part of an organization, in mind when you crafted CloudForte for AWS?

Sahai: Let’s take a step back and understand the kind of services we offer. Our services are tailored and applicable for both enterprises and the public sector. We offer advisory services to begin with, which essentially allows us to pass-through products. You have the CloudForte Navigator product, which allows us to assess the current posture of the customer and understand the application capabilities the customer has, whether it needs a transformation, and, of course, this is all driven by business outcomes that the customers desires.

Second, through CloudForte we bring best practices, reference architectures, and blueprints for the various customer journeys that I mentioned earlier. Greenfield or brownfield opportunities, whatever the stage of adoption, we have created a template to help with the specific migration and customer journey.

Once customers are able and ready to get on-boarded, we enable DevSecOps using CI/CD tools, best practices, and tools to ensure the customers use a well-architected framework. We also have a set of accelerators provided by Unisys that enable customers to get on-boarded with guardrails provided. So, in short, the security policies, compliance policies, organizational framework, and the organizational architectures are all reflected in the deployment.

Then, once it's up and running, we manage and operate the hybrid cloud security and compliance posture to ensure that any deviations, any drifts, are monitored and remediated to ensure they are continuously having an acceptable posture.
Finally, we also have AIOps capabilities, which include AI-enabled outcomes that the customer is looking for. We use artificial intelligence and machine learning (AI/ML) technologies to optimize the resources. We drive cost savings through resource optimization. We also have an instant management capability to bring down costs dramatically using some those analytics and AIOps capabilities.

So our objective is to drive digital transformation for customers using a combination of products and services that CloudForte has, and working in close conjunction with what AWS offers, so that we create a compelling offering that’s complementary to each other, but very compelling from a business outcomes perspective.

Gardner: The way you describe them, it sounds like these services would be applicable to almost any organization, regardless of where they are on their journey to the cloud. Tell us about some of the secret sauce under the hood. The Unisys Stealth technology, in particular, is unique in how it maintains cloud security.

Stealth solutions for hybrid security 

Sahai: The Unisys Stealth technology is very compelling, especially in the hybrid cloud security sense. As we discussed earlier, the shared responsibility model requires customers to take care of and share the responsibility to make sure that workloads in the cloud infrastructure are compliant and secure.

And we have a number of tools in that regard. One is the CloudForte Cloud Compliance Director solution, which allows you to assess and manage your security and compliance posture for the cloud infrastructure. So it’s a cloud security posture management solution.

Then we also have the Stealth solution, essentially a zero trust, micro-segmentation capability that leverages the identity, or the user roles, in an organization to establish a community that’s trusted and is capable of doing certain actions. It creates communities of interest that allow and secure through a combination of micro-segmentation and identity management.

Think of that as a policy management and enforcement solution that essentially manipulates the OS native stacks to enforce policies and rules that otherwise are very hard to manage.

If you take Stealth and marry that with CloudForte compliance, some of the accelerators, and Navigator, you have a comprehensive Unisys solution for hybrid cloud security, both on-premises and in the AWS cloud infrastructure and workloads environment.

Gardner: Ryan, it sounds like zero trust and micro-segmentation augment the many services that AWS already provides around identity and policy management. Do you agree that the zero trust and micro-segmentation aspects of something like Stealth dovetail very well with AWS services?

Vanderwerf: Oh, yes, absolutely. And in addition to that, we have a lot of other security tools like AWS WAF, AWS Shield, Security Hub, Macie, IAM Access Analyzer and Inspector. And I am sure under the hood they are using some of these services directly.

The more power you have the better. And it’s tough to manage. Some people are just getting into cloud and they have challenges. It’s not always technical, sometimes it's just communications issues at a company or lack of sponsorship or resource allocation or undefined key performance indicators (KPI). So all these things, or even just timing, those are all important for a security situation.

Gardner: All those spinning parts, those services, that’s where the professional services come in so that organizations don’t have to feel like they are doing it alone. How does the professional services and technical support fit into helping organizations go about these cloud journeys?

Sahai: Unisys is trusted by our customers to get things right. So we say that we do cloud correctly, and we do cloud right, and that includes a combination of trusted advisory services. That means everything from identifying legacy assets, to billing, and to governance, and then using a combination of products and services to help customers transform as they move to the cloud.
Our cloud-trained people and expertise speeds up the migrations, gives visibility, and provides operational improvements. Thereby we are able to do cloud right and in a secure fashion by establishing security practices, trust through security and compliance, and AIOps.

Our cloud-trained people and expertise speeds up the migrations, gives visibility, and provides operational improvements. Thereby we are able to do the cloud right and in a secure fashion by establishing security practices, establishing trust through a combination of micro-segmentation, security, and compliance ops, AIOps, and that certainly is the combination of products and services that we offer today.

And our customers tell us we are rated very highly, 95 percent-plus in terms of customer satisfaction. It’s a testament to the fact that our professional services -- along with our products – complements the AWS services and products that customers need to deliver their business outcomes.

Gardner: Anupam, do you have any examples of organizations that leveraged both AWS and Unisys CloudForte? What have they been doing and what did they get from it?

Student success supported 

Sahai: I have a number of examples where a combination of CloudForte and AWS deployments are happening. One is right here where I live in the San Francisco Bay Area. The business challenge they faced was to enhance the student learning experience and deliver technology services critical to student success and graduation initiatives. And given the COVID-19 scenario, you can understand why cloud becomes an important factor in that.

Unisys cloud and infrastructure services, using CloudForte, helped them deploy a hybrid cloud model with AWS. We had Ansible for automation, ServiceNow for IT service management (ITSM), AIOps, and we deployed a logarithm and a portfolio of tools and services.

They were then able to accelerate their capability to offer critical administrative services, such as student scheduling and registration, to about half-a-million students and 52,000 faculty and staff members across 23 campuses. It delivered 30 percent better performance while realizing about 33 percent cost savings and 40 percent growth in usage of these services. So, great outcomes, great cost savings, and you are talking about reduction of about $4.5 million in computed storage costs and about $3 million in cost avoidance.
Learn More About 
Unisys CloudForte
So this is an example of a customer who leveraged the power of the AWS Cloud and the CloudForte products and services to deliver these business outcomes, which is a win-win situation for us. So that’s one example.

Gardner: Ryan, what do you expect for the next level of cloud adoption benefits? Is the AIOps something that we are going to be doubling-down on? Or are there other services? How do you see the future of cloud adoption improving?

The future is integrated 

Vanderwerf: It’s making sure everything is able to integrate. Like, for example, with a hybrid cloud situation we now have AWS Outposts. Now people can run a rack of servers in their data center and be connected directly to the cloud.

Some things don’t make sense always to go to cloud. Perhaps machinery running analytics, for example, has very low latency requirements. You could still write native applications to work with the cloud in AWS and run those apps locally.

Also, AIOps is huge because so many people are doing AI/ML in their workloads, from deciding security posture threats, to finding whether machines are breaking down. There are so many options in data analytics and then wrangling all these things together with data lakes. Definitely, the future is about better integrating all of these things.

AI/MLOps is really popular now because there are so many data scientists and people integrating ML into things. They need some sort of organizational structure to keep that organized, just like CI/CD did for DevOps. And all of those areas continue to grow. At AWS, we have 175-plus services, and they are always coming up with new ones every day. I don’t see that slowing down anytime soon.

Gardner: Anupam, for your future outlook, to this point that Ryan raised about integration, how do you see organizations like Unisys helping to manage the still growing complexity around the adoption and operations in the cloud and hybrid cloud environments?

Sahai: Yes, that is a huge challenge. As Ryan mentioned, hybrid cloud is here to stay. Not everything will move to the cloud. And while cloud migration trends will continue, there will be some core set of apps that will be staying on-premises. So leveraging AWS Outposts, as he said, to help with the hybrid cloud journeys will be important. And Unisys offers hybrid cloud and multi-cloud offerings that we are certainly committed to.
Security and compliance issues are not going away, unfortunately. Cloud breaches are out there. And so there is a need to actively manage and be proactive about managing your security and compliance posture. Customers are going to work with AWS and Unisys to fortify both their defense and offense proactively.

The other thing is that security and compliance issues are not going away, unfortunately. Cloud breaches are out there. And so there is a need to actively manage and be proactive about managing your security and compliance posture. And so that’s another area that I think our customers are going to be working together with AWS and Unisys to help them fortify not just their defenses, but also the offense -- to be proactive in dealing with these threats and breaches and preventing them.

The third area is around AIOps, and this whole notion of AI-enabled CloudForte, and we see AI and ML to be prorating every path of the customer journey. Not just in AIOps, which is the operations and management piece, which is a critical part of what we do, but AI in enabling the customer journeys in terms of predicting.

So let’s say a customer is trying to move to the cloud, we want to be able to use predictions to predict what their customer journey would look like if they move to the cloud and to be proactive about predicting and remediating issues that might come up.

And, of course, AI is fueled by the data revolution -- the data lakes, the data buses -- that we have today to transport data seamlessly across applications, across hybrid cloud infrastructures, and to tie all of this together. You have the app migration, the CI/CD, and the DevSecOps capabilities that are part of the CloudForte advisory and product services.

We are enabling customers to move to the cloud without compromising speed, agility, and security and compliance, whether they are moving infrastructure to the cloud, using infrastructure as code, or moving applications to the cloud using applications as code by leveraging the micro-services infrastructure, the cloud native infrastructure that AWS provides -- and Kubernetes included.

We have support for a lot of these capabilities today, and we will continue to evolve them to make sure no matter where the customer is in their customer journey to the cloud -- whatever the stage of evolution -- we have a compelling set of production services that customers can use to get to the cloud and stay there with the help of Unisys and AWS.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy. Sponsor: Unisys and Amazon Web Services.

You may also be interested in: