Spend Management Blogs by Members
Check out community member blog posts about spend management and SAP Ariba, SAP Fieldglass, and SAP Concur solutions. Post or comment about your experiences.
Showing results for 
Search instead for 
Did you mean: 
0 Kudos

Ariba Shield

It's common knowledge that SAP Ariba Network is the world's largest B2B marketplace which connects buyers and suppliers. On the technical front, SAP Ariba runs on the SAP HANA database with servers across the globe. While this provides faster access and the ability to have multiple data backups, this also makes it almost impossible for SAP Ariba to be used by regulated industries and government agencies due to compliance issues.

As an example, the US Federal Contractors are mandated by the government to employ tools that do not send data outside the United States region. This means that there are essentially two ways to stay compliant, first, by hosting the software on the premises (on-premise), or second, to host the software on a FedRAMP High Cloud the servers of which reside only on the US soil. Since the world is rapidly adopting the cloud-first ideology because of the obvious benefits, the second option deserves considerable attention. The most prominent hyper-scalers (AWS, Microsoft Azure, GCP) provide the dedicated infrastructure for a FedRAMP compliant environment, viz. AWS GovCloud, Azure GCC (Government Community Cloud), and Google Cloud for Government.

In addition, it is pertinent to mention that even SAP NS2 (National Security Services) which is an independent U.S.-based arm of SAP provides enterprise technology solutions to support national security.

Leveraging these secure options, we at Cognitus, have developed a product known as Gallop Defense Contract Lifecycle Management (DCLM) Ariba Shield, which solves the above problems by creating compliant containers on top of the Ariba platform. The following steps describe the crux of this methodology:

  1. The master data is pseudonymized (converted to corresponding meaningful terms) using a dynamically generated mapping table in the core ERP for example, SAP ECC or S/4HANA.

  2. This pseudonymized data is transmitted to SAP Ariba Network using standard connectors.

  3. The mapping table is sent to the secure environment (using BTP in case of SAP).

  4. A link to a secure portal (hosted on FedRAMP compliant cloud) is added as a custom field to the Ariba portal.

  5. Clicking on the link takes one to the secure portal that shows the original data (de-pseudonymized data) which has been processed using the mapping data fetched from the core ERP.

Take, for example, a PO that has to be confirmed by the supplier. When the supplier logs on to the Ariba network and looks at the data, he sees the pseudonymized fields, along with a link to the secure portal. The secure portal shows the meaningful PO data with the same options of confirming/rejecting the order etc.

The below architecture shows how Azure GCC High can be used as the secure medium but the process is Cloud-agnostic. It can be deployed on AWS GovCloud, Google Government Cloud, or SAP BTP on SAP NS2.

Ariba Shield Architecture


Here is one of the screenshots of the portal where suppliers can access secure data.

FedRAMP compliant Portal


In a nutshell, Gallop Defense Contract Lifecycle Management (DCLM) Ariba Shield finally makes it possible to leverage the powerful capabilities of SAP Ariba in the federal space, especially for the Aerospace & Defense (A&D) industry. Please leave a comment below if you have any questions.