10 Years of SAST: How it all began…

ralfkempfA conversation with Ralf Kempf, Managing Director of AKQUINET and architect of the SAST-Suite.

Mr. Kempf, the GRC Suite “SAST” is celebrating its 10-year anniversary. At the age of 10, a person is still young. A dog, however, is already a senior at that age. What about the SAST Suite?
“We are adults now as far as both our product and our company are concerned. Today we are a leading SAP security provider. We have made a name in the market, we can prove our know-how with many well-known customers, and we are represented at the key fairs. Corporate groups trust in us, and we have worked hard for this reputation over the last ten years.”

What lead to the development of the GRC Suite “SAST”?
“The product idea for SAST in 2006 was the impetus to found the company that has been under the umbrella of akquinet AG since 2006. I had already developed several product ideas, and one of them was the SAST GRC Suite. Through my consultations with customers, I noticed that a market was developing in the area of SAP security. I had my first product ideas in 2004. Already in 2005, my wife and I were able to sell the first prototype to our first customer. That was the Berlin Transport Authority. My wife supported me a lot at the time and helped further my ideas. With her company, she is active in the same area of business. At that time, we registered the trademark rights for the SAST logo using my wife’s company. And that is still the case today; you could call it a historical relic.”

Were there decisive waypoints in the development of the young company?
“I would like to mention three developments or stations. First, we transitioned from working with freelancers for sales and consulting to hiring employees so that we could develop more know-how here. However, that happened in the years 2008 and 2009, when the dot-com bubble broke and the world economic crisis took place. The high fixed costs were a great burden for us. Nevertheless, that was the right path to choose. The second fork in the road was the switch from in-house development to professional software development in a team. Here, we learned together how to develop internal products as a team. And thirdly: we learned that we needed to employ and engage only professional sales employees. That is something you either can or can’t do. Today I am quite pleased with our very professional sales team.”

About 150 companies use SAST, including VW, s.Oliver and Montblanc. How have the customer pitches changed over the years?
“In most cases, it is quickly clear on a technical level whether we can provide what the customer requires. Now, meetings and workshops before the contract is awarded and during the project usually gain the upper hand. The companies are looking for security, and a wide variety of departments are involved in the decisions. Sometimes, 40 people sit for one or more days in such a workshop, even though that is not appropriate for the budget. In this regard, an administrative obstacle has arisen that delays projects quite a bit. In the end, we decide on compromise solutions that do not meet any one person’s expectations completely.”

Penetration tests are certainly interesting situations. Can you tell us what they are, exactly?
“Over the years, we were able to penetrate SAP systems in 95 percent of all tests. Meanwhile, our success rate has thankfully been reduced a bit because awareness of security is growing in companies. During the penetration tests, we do not take a cookie-cutter approach to the checks. Instead, we think outside the box. We have already experienced situations where we had brilliant ideas in our hotel rooms after a couple of beers. In an ideal situation, we perform the tests in pairs. But since testing is usually not a fixed, long-term component of security strategies, many customers decide to use sporadic one-man tests instead.”

How would you describe your company to a highly qualified applicant?
“We are part of an informal team that is active in a very technological environment for corporate groups and many medium-sized companies. Our employees can work independently and develop new ideas and thus realize their full potential in their work environment. Amongst ourselves, we use a very open tone at eye level with one another.”

What do your customers value?
“In sales situations, our market competitors appear at times with up to ten persons. Sometimes, even more experts are involved. Bodo Kahl and I travel together as the company management and address all of our customers’ issues. I am responsible for the technological issues and our product, and Bodo Kahl answers all business-related questions. This often impresses our customers. They notice that they can profit from our short communication lines and decision paths and that they can realize their projects quickly and flexibly with us.”

jubilaeum-bodo-ralf_bilderallgemeinFor six years now, you have managed the business together with Bodo Kahl. How does this “marriage” work?
“Bodo Kahl is responsible for the strategic and business planning as well as marketing control. He also manages the team and is the contact person for the employees. I am in charge of product development and technical operations. We complement each other superbly because each of us can employ his strengths. That our business “marriage” functions very well can be seen best of all in our customer meetings. Customers notice right away that we are an experienced team and have all processes firmly in hand.”

Mr. Kempf, what do you do when you are not working? How do you keep balance in your life?
“I am currently working on our vacation home because it needs to be finished for our silver anniversary this summer. I can relax well when installing or reconstructing an electric floor heating system or a control system for the blinds. In addition to that, I am active in the rifle club.”

(The conversation with Ralf Kempf led Angela Sauerland)