Future Of Work

Multi-Layer Defence in Depth #SecurityArchitecture   #DataSecurity Customer Data Isolation: -A virtualized ABAP Application Server is provisioned for each customer tenant -Application isolation is enabled via “Security Group” -The “Security Group” allows communication between different application instances that belongs to one tenant. -Tenant “Security group” allows system communication between Q and P system of the same customer as shown in Figure 2 – #SAP S/4HANA Landscape #CloudArchitecture -At the network level, security group prevents communication between tenants. The network traffic rules are defined using on source, destination, protocol, and ports -Each SAP S/4HANA cloud tenant has their own tenant-database. It is part of overall SAP HANA Systems.   #DataEncryption: -SAP S/4HANA Cloud encrypts “data-at-rest” and “data-in-transit” -End-to-end encryption is applied for “data-in-transit” -“Data-at-rest” encryption covers database, central and local file systems, and storage backups. -The cryptographic keys are managed securely via Key Management Systems (KMS) by SAP cloud operations teams -“Segregation of Duties” guideline is applied for KMS.   #ApplicationSecurity -Secure Software Development Lifecycle (SSDLC) methodology is followed for the development of SAP S/4HANA application -The product development considers security and data protection & privacy requirements. This is embedded at the start of the development process. -The development team performs extensive risk assessment and threat modelling, design, and test effectiveness of the security controls which includes performing code scans, penetration tests, security tests – SAST & DAST and independent security assessments. More details on SAP SSDLC can be found here. -Customer access SAP S/4HANA Cloud via Internet using HTTPS (port 443). The HTTPS traffic is terminated on the Web Dispatcher cluster. -Customer access is enabled via central load balancer and using shared web dispatcher. There are separate Load Balancer Endpoints for UI end point by business user and an endpoint used for system-to-system communications. -Customer can access Application Security Audit Logs.   #NetworkSecurity -A trust boundary separates network into zones and each zone into segments. -The security control is implemented into each zone based on the exposure of the systems to Internet/Intranet and is based on the classification of data handled by the systems in the zones. -Virtual Private Cloud (VPC) is created for Systems, Admin, Backup. The system VPC is implemented to host the tenants of SAP S/4HANA cloud which spans availability zones. The secure central administration network segment host central cloud lifecycle management tools     Source: SAP Blog   #TransformPartner – Your #DigitalTransformation Consultancy  

My EasyDMARC team encountered multiple cases where Microsoft tenants received spoofing emails from their own domain to their own domain, even with DMARC set to p=reject. Microsoft now enforces DMARC reject in EOP. - Older tenants may still have Anti-Phishing policies that were never updated and must be reviewed: https://lnkd.in/dV7S6hS - Newer tenants have the correct defaults, but a loophole remains if an admin created an allowlist. In testing we confirmed that when a rule or policy forces SCL:-1, the message is marked as trusted and skips filtering. (SCL:-1 means “bypass spam filtering and treat this message as safe.”) This allows spoofed mail to reach the inbox despite a DMARC reject policy. SCL:-1 is NOT added by the attacker. It is stamped by the tenant. Common causes include: - An admin sets a mail flow rule to “always trust” messages from a certain entity, skipping spam checks. - The organization’s own domain is added to the allowed senders/domains list - Someone clicks “Allow” in Microsoft’s Spoof Intelligence panel - An inbound connector is configured to treat all mail as if it came from inside the organization If you see SCL:-1 on a spoof, the problem is NOT DMARC but configuration. Organizations should audit mail flow rules, remove their own domains from allowlists, review Anti-Phishing policies, and correct connector settings. Relying on whitelists for convenience undermines DMARC and gives attackers the exact opening they need. Security controls only work if we let them do their job. ‼️Read the full article: https://lnkd.in/ezCxnT-F #Microsoft #DMARC #EOP

When we talk about Return to Office (RTO), it’s not just about full-time attendance. It includes hybrid policies requiring employees to spend a certain number of days in the office. But whether full-time or hybrid, the question remains: Are these mandates actually working? Research by Mark Ma Associate Professor at the University of Pittsburgh, analyzed 137 companies—nearly a third of the S&P 500—that implemented RTO policies between 2020 and 2023. The results showed no measurable improvement in productivity or financial performance. Instead, these policies often led to higher turnover and lower employee satisfaction. So, what’s the alternative? Companies need to shift from mandates to magnets. Instead of enforcing attendance, they should focus on creating office environments and experiences that employees genuinely want to be part of. What Does This Look Like? • Trust Over Rules: Build a culture where employees feel trusted to decide how and where they work best. • Purposeful Collaboration: Create opportunities for meaningful in-person collaboration that can’t be replicated remotely. • A Great Employee Experience: Offer a workplace that enhances creativity, well-being, and connection—making it a place employees want to visit. The takeaway? Mandates may get employees into the office, but magnets keep them engaged and inspired. Companies that invest in trust, flexibility, and a compelling workplace culture will not only attract top talent but also outperform their competitors. Have in mind that the European Fortune top 10 when it comes to stock performance in October 2024 were 100% Hybrid. Do you think that list willl change over time with maybe more Full Time in Office companies or maybe more Fully Flexible companies?

Companies that have instituted a mandatory return to the office policy are introducing a much greater hardship on the women in their organizations than they realized. While this sounds like an equitable move to make everyone come back to the office, it is anything but, according to a Deloitte Workplace Intelligence survey. “Women are 30% more likely to exit if their remote work options are rescinded.” There are many factors at play relative to this finding. Women tend to be the caregivers in a family and those responsibilities require more flexibility. Women also experience more microaggressions in the office environment which they are partially shielded from when they limit their time in the office. While I do understand why many managers would like to bring everyone back in the office, I would hate to see the many gains in workplace equity and increased representation disappear as organizations try and “get back to normal”. There were so many great lessons learned during the lockdown relative to better ways to communicate, to build teams remotely, to connect people and increase productivity. I would like to see that managers don’t take the easy way out, which is to just require everyone to return to the office. I would like to see managers and organizations consider which roles and which elements of the job require in person interaction and which can benefit from remote working. Two decades ago, I started working from home 2 days/week. It made such a difference to my mental health and my family as my kids were toddlers then. I definitely could not have kept up working full time without that level of flexibility and I didn’t even have the benefit of so many new developments that we experienced during COVID that has made remote work even more sustainable and productive. What do you think? What are the benefits of remote work that you have realized? Has your employer instituted a full time return to the office policy or a hybrid work policy? #returntooffice #equity #diversity #allies https://lnkd.in/gKcpnnNq

⏰ If you don’t trust your employees to work from home, you won’t trust them even when they’re sitting right in front of you. Trust isn’t about proximity. Yesterday, I spoke with a mother who’s been struggling since her company imposed mandatory office presence. Between managing school pickups, childcare, and a demanding workload, her days are a constant race. She’s not alone. For many women, flexible work isn’t just a preference - it’s a necessity. And it’s about more than convenience. 👇 Here’s a reminder for all employers why flexible work matters: ➡️ Trust has no boundaries - online or in-person. Distrust in remote teams often mirrors distrust when teams are in the office. ➡️ Treat adults like adults. Your team members are professionals, not children. Autonomy shows respect. ➡️ Give the power of choice. Employees know where they are most productive - whether at home or in the office. Trust them to decide. ➡️ Hybrid work = Harmony. The flexibility of hybrid models supports the elusive work-life balance everyone craves. ➡️ Presence ≠ Productivity. Physical presence doesn't necessarily correlate with productivity. Employee satisfaction, on the other hand, certainly does. 👊 Here's to a workplace that's defined by Accomplishments and not just Appearances!

Return-to-Office Mandates Will Hurt Women—and Productivity Companies pushing for a return to the office see unintended consequences, especially for women. Research from Upwork and Fortune highlights this critical issue: 🔴 Nearly two-thirds of C-suite leaders admit office mandates are causing more women to quit than men. 🔴 Over 50% of executives say the loss of female talent has reduced productivity, counteracting the very reason for enforcing in-office policies. 🔴 A staggering 75% of women would start job-hunting immediately if hybrid work options were revoked. 🔴 88% of women believe flexible work levels the playing field, reduces bias and accommodates life’s "pinch points"—particularly for working mothers. I discuss RTO mandates and ways of working regularly with my clients. When they seek my advice, here is what I tell them: 1. One size doesn't fit all. RTO mandates are blunt instruments. 2. How does this decision support your organisation's gender equity goals? 3. How are you helping managers become better leaders of people who have varying preferences and needs regarding work? Feel free to ask these questions in your workplace and, let me know how you go. We really need to think much more sensibly about asking people to return to the office, be very clear on the "why," and provide managers with the tools to communicate that "why" effectively. #RTOMandates #WorkplaceGenderEquity #AdvancingWomen

WHY WOMEN FAVOUR HYBRID WORK Hybrid work arrangements are reshaping more than just our schedules—they're revolutionizing career opportunities, especially for women, particularly mothers. Take Melbourne for example. The average cost of 50 hours of centre-based day-care in Victoria now stands at a staggering $626 per week, the highest in the country. For many mothers, this presents a daunting barrier to remaining in the workforce. With the rise of remote work, the game has changed. Hybrid work models offer a lifeline, allowing mothers to balance their careers with family responsibilities like never before. As remote work expands, so do the chances for mothers to continue their employment journey. By breaking free from the constraints of traditional office settings, hybrid work empowers women to thrive in both their careers and personal lives. Flexibility doesn't just facilitate balance, it broadens opportunity - Particularly for women.

Data privacy isn’t optional anymore. Especially in complex SAP environments. Hackers don’t care if it’s prod, test, or training data. They look for cracks, and there are many. Old mindset: “It’s internal, we trust the team.” New mindset: Trust no one. Mask everything. Here’s why data masking and anonymization are now essential 1/ Regulations are tightening ↳ GDPR, CCPA, HIPAA, fines are real ↳ Compliance isn’t optional anymore 2/ Access is everywhere ↳ Users, roles, systems, layers ↳ Too many entry points to rely on luck 3/ Dev/Test are still vulnerable ↳ Real data in staging = real risk ↳ Masking removes the hacker’s prize 4/ Insider threats are rising ↳ One wrong click can expose millions ↳ Masking limits damage before it happens 5/ SAP is going hybrid ↳ Cloud + integrations = more exposure ↳ Masked data stays protected across environments 6/ Business still runs ↳ Teams need data for training, QA, and reports ↳ You can secure and stay productive 7/ Brand trust is fragile ↳ One leak? Years of trust gone ↳ Prevention is cheaper than public apologies 8/ It’s a mindset shift ↳ Security by design, not by patch ↳ Privacy-first architecture builds resilience Modern SAP security starts with data privacy. Anonymize. Mask. Repeat. Because hope is not a strategy What’s one step your team is taking today? #SAPSecurity #SAPDataProtection #SAPS4HANA #SAPLandscape #SAPCompliance #GDPR #CCPA

The festive season brings joy, connectivity, time to rejuvenate and spending quality time with our loved ones. Yet it can also usher in increased cyber threats while you are away from your work. Protecting our digital assets in today’s cyber age is paramount to ensure you have a good holiday and a smooth ‘back-to-work’. Consider the following: - Are we keeping our data backed up at all times to ensure easy recovery in case of cyber incidents? - Are we limiting social media sharing of travel plans or holiday activities to avoid targeted attacks or physical break-ins? - Are we vigilant against phishing attacks and being selective about downloading material? Avoid clicking on any suspicious email, SMS, WhatsApp, or flyers. - Do we have two-factor authentication (2FA) enabled wherever possible to enable extra layer of security? - Are we exercising enough caution while using public Wi-Fi networks? Are we using VPNs for secure browsing? - Are we regularly updating software, applications and antivirus/security patches to shield against vulnerabilities? - Are we regularly revisiting our passwords and ensuring they are strong and unique? - Do we know who to contact in case of any cyber-attack? - Are we locking our digital devices and not leaving them unattended when not in use? - Are we logging out from our digital accounts when they are not in use? The holiday season should be a time of joy, not worry. Stay Vigilant. Stay Secure. Above all, enjoy the holidays. #Cybersecurity #DigitalTransformation #CorporateGovernance #BoardroomExcellence #Boardofdirectors #Boardmembers  #AtulGupta

iVirtual decided to restrict communication with customers and partners exclusively to email and live Google Meet sessions due to security concerns and operational efficiency. Here’s a breakdown of the reasons behind this decision: 1️⃣ Identity Verification and Security Risks in Messaging Apps • WhatsApp and Telegram Lack Strong Identity Verification: While convenient, these platforms offer limited identity verification mechanisms, which could lead to impersonation or phishing attempts. For instance, account takeovers are increasingly familiar with SIM-swapping attacks, where attackers can access a person’s phone number and impersonate them. • End-to-end Encryption Is Not Foolproof: Although WhatsApp and Telegram offer end-to-end encryption, this protection is only active during message transit. The message storage remains vulnerable to malware or physical access attacks, posing a risk if partners and customers do not implement strict device security. 2️⃣ Insecure Data Handling • WhatsApp and Telegram Backup Vulnerabilities: These platforms often rely on cloud backups that do not maintain end-to-end encryption. If customers back up conversations to Google Drive, iCloud, or similar services, sensitive information could become accessible through those accounts. iVirtual, which values confidentiality, avoids using these platforms to minimize these risks. 3️⃣ Operational Integrity and Privacy with Google Meet and Email • Secure, Traceable Channels: Google Meet provides controlled, live, and secure meetings that can be verified in real-time, while email creates a digital paper trail for essential exchanges. Email can be used with digital signatures or secure attachments to ensure authenticity, making it harder for unauthorized parties to alter or spoof communications. • Enhanced Data Protection and Compliance: Email communication can be managed on platforms with strict compliance standards (like GDPR) and monitored for potential breaches. Both Google Meet and professional email services offer more granular administrative controls, which allow iVirtual to secure communications with clients in sensitive sectors, ensuring confidentiality and data integrity.