Fraud and Compliance
Finding Security in Data Intelligence and the Cloud
There’s immense excitement today about how artificial intelligence (AI), the cloud, and advanced data analytics will transform the way that organisations manage and optimise their travel and expense (T&E) operations.
Yet, that enthusiasm is also tempered by some apprehension. Seven in 10 decision-makers (72%) say they’re concerned about personal and company data security, according to a recent SAP Concur-commissioned survey with Forrester. While modern spend management solutions can help make T&E more responsive and agile, they can also introduce new challenges around security and data protection if a mindful approach is not taken from the beginning.
SAP Concur has incorporated AI and machine learning technology into its spend management solutions for nearly a decade. Three words have guided our strategy since day one: relevant, reliable, and responsible. We employ this technology in a way that protects our customers, including barring it from using customer data to train the model for use outside of their organisation. We are actively and intentionally taking steps to proactively protect our customers’ data and security.
Looking for more specifics? Here are just a few ways that SAP Concur embeds security and privacy into every solution we deliver while enabling our customers to make the most of data intelligence and the cloud.
Hybrid Security Measures
The shift to hybrid and remote work has unlocked productivity and brought more work-life balance to employees. At the same time, it’s also introduced new complexities and security challenges for organisations. Expanding the definition of the workplace to include the home office, the hotel lobby, the coffee shop, and other makeshift working environments can increase risk—if the right security measures are not in place.
As a company deeply rooted in the T&E landscape, we are well-versed in ensuring the solutions we offer are secure regardless of location, since our customers can be in the office one day and on a plane the next. We understand that organisations need T&E solutions that empower everyone to thrive in the hybrid working environment while ensuring compliance. In fact, 71% of surveyed decision-makers say that increased security and data protection is the top benefit of implementing a modern T&E solution.
For example, whether customers are working remotely or in the office, we’ve instituted secure options for logging into our tools. Customers can choose to log in with single-sign-on (SSO) initiated by an identity provider (IdP) or with a username and password—with two-factor authentication coming soon for those who choose the latter. We enable companies to customise according to their preferences and security policies (e.g., making SSO optional). We’ve also put safeguards in place to automatically alert managers of profile changes, such as when a user’s email address is updated.
End-to-End Privacy Controls
In recent years, there has been growing scrutiny of how technology companies collect, process, protect, and use their customers' personal data. The rise of AI systems trained on massive data stores has only further heightened those concerns.
SAP Concur upholds the importance of implementing safeguards that protect our users’ data, which is why we’ve embedded data protection functionality and privacy features into all our products and services, including data masking and data encryption. Our Data Privacy and Protection team evaluates and must approve every use case leveraging customer data. We are compliant with all personal data protection regulations in place, such as the General Data Protection Regulation (GDPR). We also make use of robust application programming interfaces (APIs) and secure file transfer protocols (SFTPs), more secure methods of transferring and integrating data than manual imports and exports.
This approach extends to how we develop, deploy, and use AI systems. In 2022, SAP published its Global Artificial Intelligence (AI) Ethics Policy, which defines our approach to AI development in alignment with our organisational values, such as our commitment to developing systems that do not de-anonymise already anonymised data.
Modern, Robust Data Security
Ensuring our customer data is safe and maintains the highest security standards is a top priority. As more organisations move increasing amounts of data into the cloud, security has become more critical than ever to ensure that data remains private and bad actors never gain access. This is exceptionally true for T&E platforms, which handle large amounts of personal identifiable information. Strict data security standards must come built in.
To that end, SAP Concur has used industry standards and compliance and regulatory requirements to build a robust security foundation. We back this up by offering System and Organization Controls (SOC) reports to give organisations insights into the effectiveness of internal control systems implemented within cloud delivery units.
In addition, we’re audited regularly for compliance with the leading global standards of security and service management, assuring our customers that we maintain data confidentiality, integrity, and availability at all times. The written results of many of these audits are available on request.
A New Era for Data Intelligence and the Cloud
With the right approach, modern spend management solutions can alleviate any security and data protection woes, allowing organisations to focus on moving their teams forward, not stressing over whether their data is protected. And SAP Concur is leading the charge.
Learn more about how SAP Concur builds, runs, and maintains secure operations for our customers by clicking here.