If you haven’t heard, starting July 8, 2025, Sonos will begin rolling out updates to its platform to comply with new EU Radio Equipment Directive (RED) Regulations. While these regulations originate in the EU, the upcoming platform changes will affect all Sonos users globally, including those using SmartThings integrations. Read on for a breakdown of […]
The world of PKI and certificate management is evolving faster than ever. Tech giants like Google and Apple are advocating for shorter-lived certificates, Certificate Authorities (CAs) are undergoing major disruptions, and the push for post-quantum cryptography (PQC) readiness is intensifying. On top of these challenges, machine and non-human identities that rely on certificates for trust, secure access and encryption continue to grow at a significant rate. If you’re in security, staying ahead of these shifts is critical.
That’s why RSA Conference 2025 (RSAC) is the place to be. It’s where the industry’s brightest minds come together to tackle the biggest security challenges and explore path breaking solutions, and AppViewX will be right in the middle of it all.
Join AppViewX at RSAC as we break down the latest PKI trends, share future-ready certificate lifecycle management (CLM) strategies, and show you how automation and crypto-agility can help your organization stay resilient in an ever-changing security landscape. Whether you’re looking to streamline your CLM, manage machine and non-human identities at scale, get PQC-ready, or eliminate certificate-related outages and vulnerabilities—we’ve got you covered.
Here’s everything you need to know about AppViewX and RSAC 2025 to make the most of the event.
About RSA Conference 2025
Mark your calendars! The RSA Conference 2025 is happening from April 28 – May 1 at the Moscone Center in San Francisco, CA.
As one of the biggest cybersecurity events in the world, RSAC brings together top experts, thought leaders, and innovators to tackle the most pressing challenges and showcase the latest advancements in cybersecurity. This year’s theme, “Many Voices. One Community,” highlights the power of a united cybersecurity community that can “foresee risks, address threats and embrace challenges.”
Get to Know AppViewX at RSA Conference 2025
Of course, AppViewX is thrilled to be a part of RSAC 2025. You can meet us at booth #4608.
We are looking forward to discussing the latest developments challenges in machine and non-human identity management, crypto-agility and PKI, such as:
Google’s 90-day and Apple’s 47-day TLS validity proposals
Disruptive CA incidents and industry changes
Post Quantum Cryptography readiness
Swing by our booth #4608 in the North Expo (Moscone Centre) to see how the AppViewX AVX ONE Certificate Lifecycle Management and PKI platform can help your organization navigate these changes with confidence.
You can meet our experts, see live product demos, and discover how AppViewX AVX ONE:
Automates certificate issuance, renewal, and endpoint binding to help prepare for Google’s 90-day and Apple’s 45-day TLS certificate validity proposals
Enables enterprise crypto-agility to accelerate post-quantum cryptography readiness
Migrates seamlessly from one CA to another, minimizing disruptions, reducing the risk of outages, vulnerabilities and risk to ensure security and compliance
Eliminates certificate expiry related outages that lead to downtime and revenue loss
Ensures PKI and cryptography compliance with industry standards and regulations
Exclusive AppViewX Events
There is also an exciting lineup of AppViewX activities to engage with us at RSAC 2025:
1. AppViewX Customer Conference – April 28, 2025
Kick off your RSAC experience with AppViewX at our exclusive customer conference! Join us at the W Hotel, where industry pioneers, security leaders, and technical experts converge for an afternoon of insightful discussions, hands-on learning, and networking that will help you achieve crypto-agility and accelerate your journey to PQC readiness.
This invite-only event will dive deep into machine and non-human identity management trends, Certificate Lifecycle Management and PKI solutions, and real-world strategies to help you get ready for shorter validity TLS certificates and post-quantum cryptography now.
Why Attend?
Exclusive live product demos and insider previews
Hands-on technical labs and deep-dive sessions
Collaborative roundtables with CISOs and industry experts
Sneak peek into Post-Quantum Cryptography readiness with crypto-agility from AppViewX
Networking and dinner with peers and thought leaders
2. Meet One-on-One with the AppViewX Executive Team
This is your opportunity to discuss your certificate lifecycle management and PKI strategy with AppViewX leadership. Schedule a private meeting in our executive meeting suite at the W Hotel. Meet with key members of our executive team and subject matter experts to explore how AppViewX can help you get the most value out of our partnership..
Join us for an exclusive evening at the CyAlliance Waterbar Dinner event that brings together top cybersecurity professionals, thought leaders, and industry executives. Hosted at San Francisco’s iconic Waterbar, this invite-only dinner offers a relaxed setting to engage in meaningful conversations, exchange ideas, and strengthen industry connections while enjoying spectacular views of the Bay Bridge.
To get the best value from RSAC 2025, make sure to plan ahead. Here are some key things to keep in mind:
Register Early – Passes are available at different rates, so register as soon as possible to secure the best price.
Build Your Agenda – With hundreds of sessions and keynotes, planning your schedule in advance will help you maximize your experience.
Connect with AppViewX – Whether you choose to join us at our customer conference, in our meeting suite, or at our booth, we’d love to meet with you!
See You at RSA Conference 2025!
RSAC 2025 promises to be an incredible event, and we can’t wait to connect with you in San Francisco. Stay tuned for more updates, and don’t forget to register for our customer conference and book a meeting with our leadership team.
Get a free expo pass for RSAC 2025 with this exclusive AppViewX discount code “52EAPPVXXP”. Looking for a full conference pass? Use this exclusive AppViewX discount code “52FCDAPPVX” to get $150 off the full conference pass rates.
The renewable energy landscape is evolving fast—bringing smarter, more sustainable ways to generate, distribute, and use power. At the heart of this transformation is a lesser-known but vital standard: IEEE 2030.5—a foundational protocol that helps smart energy devices and the power grid communicate safely and reliably.
Dive into this blog for a breakdown of what IEEE 2030.5 is, why it’s important, and how automated certificate lifecycle management (CLM) helps meet its compliance requirements, driving forth secure and future-ready systems.
Why the IEEE 2030.5 Standard Was Developed
The rise of Distributed Energy Resources (DERs)—like smart meters, rooftop solar panels, wind turbines, smart thermostats, battery storage, EVs, and inverters—has transformed the way our electric grid works. These resources help bring more renewable energy online, cut down on transmission losses, and make the grid more resilient by spreading out power generation. Today, millions of DERs feed into the power grid.
But as great as that sounds, it also brings new challenges like reverse power flows (back feeds), voltage swings, and reduced system inertia—which are tough to manage with traditional power grids that were originally built for big, centralized power plants.
To make things even trickier, many of these DERs are owned by either homeowners or businesses that both generate and consume energy. These setups often come with contractual agreements that set limits on how and when the devices can be used. In this context, grid operators require a solution that provides real-time monitoring and control over DERs while respecting these operational boundaries.
Utilities have traditionally used SCADA communication systems to manage a limited number of large-scale grid assets. However, SCADA isn’t built to handle thousands of small, scattered devices. Extending it to cover DERs is both expensive and impractical—especially since residential DER owners lack the specialized equipment SCADA requires. It is this gap that led to the development of IEEE 2030.5: a communication protocol that runs on the Internet, is accessible to all, and helps grid operators efficiently manage DERs and optimize energy distribution.
So, What Exactly Is the IEEE 2030.5 Standard?
IEEE 2030.5, also known as the Smart Energy Profile (SEP 2.0), is a modern communication protocol built to enable secure and efficient two-way communication between Distributed Energy Resources (DERs) and the centralized smart grid. Think of it as the “language” that lets your rooftop solar panel or EV charger converse seamlessly and safely with the grid.
IEEE 2030.5 uses standard Internet protocols such as TCP/IP and HTTP, and a RESTful architecture—much like modern web applications. This means new devices can plug in seamlessly and start communicating right away, regardless of the device manufacturer. The result is a highly scalable, cost-effective solution for managing the exploding number of DERs on today’s grid.
Security is at the core of IEEE 2030.5. The protocol uses Public Key Infrastructure (PKI) to authenticate devices and encrypt all data exchanges. This ensures that only authorized devices can join the network and that communication is encrypted and remains protected from cyberattacks.
With IEEE 2030.5, grid operators gain real-time visibility into critical information about DERs, such as their location, status, capacity, and usage limits—and can control these resources remotely. This capability translates to smoother load management, faster demand response, and fewer on-site fixes.
In essence, IEEE 2030.5 turns the traditional, one-way power grid into a responsive, intelligent network—paving the way for a more reliable, secure, and green energy future.
The IEEE 2030.5 Standard Use Cases
Designed for versatility and effectiveness, IEEE 2030.5 covers a wide range of use cases:
Residential: Enables homeowners to seamlessly integrate home energy systems with the smart grid and gain greater visibility and control over their energy consumption.
Commercial and industrial Settings: Helps businesses manage hundreds or thousands of IoT devices across their facilities to optimize their energy usage and cut operational costs.
DER Developers: Provides an industry-wide playbook for designing and deploying DERs that work straight out of the box with any compliant grid—eliminating costly custom integrations.
The Critical Role of Automated Certificate Lifecycle Management in IEEE 2030.5
A fundamental aspect of the IEEE 2030.5 standard is ensuring secure and trustworthy communication between Distributed Energy Resources (DERs) and the smart grid. This is achieved through PKI (public key infrastructure) and digital certificates, which help authenticate DERs connecting to the grid and encrypt their communications over TLS (Transport Layer Security). Managing these certificates effectively is critical for maintaining the integrity of the smart grid. However, manually managing certificates becomes nearly impossible as DER deployments scale into the millions.
Traditional methods—like spreadsheets or basic CA tools—are slow, fragmented, and error-prone. A single expired certificate or misconfigured setting can disrupt communication and cause costly grid outages. Moreover, manual processes do not provide complete visibility or control of certificates, making it hard to detect expired certificates or respond quickly to security threats—opening the grid to unauthorized access and data breaches through DERs.
When it comes to managing certificates at scale in an expansive grid environment, automation is indispensable. Automation streamlines the entire process—discovering, tracking, issuing, renewing, provisioning, and revoking certificates across thousands (or millions) of DERs. This efficiency is vital in the power grid, where even a slight delay in certificate renewal or issuance can lead to communication breakdowns. Automation enforces strict policies and role-based access controls (RBAC) for all certificate processes. This helps ensure every certificate remains valid and properly tied to its DER, dramatically reducing human error and keeping security tight.
Automation also brings the visibility grid operators need. With centralized dashboards, real-time alerts, and regular reporting, operators can continuously monitor certificate status and ensure that every DER is using up-to-date, authenticated certificates. This proactive approach is key to keeping the grid secure, compliant, and resilient—no matter how fast DERs scale.
How AppViewX Helps You Meet IEEE 2030.5 Compliance
AppViewX AVX ONE CLM is a ready-to-consume, scalable certificate lifecycle management (CLM) solution that fully automates all certificate processes from start to finish. From discovery and monitoring to renewal and provisioning, it provides complete visibility and control—all through a single, centralized dashboard.
Certificate Lifecycle Management with Visibility, Control and Insights – All in One Place
With powerful automation capabilities and policy enforcement, AVX ONE CLM helps minimize the risk of outages and security vulnerabilities—making it a key enabler for IEEE 2030.5 compliance.
Here’s how AppViewX supports IEEE 2030.5 compliance:
PKI Deployment and Redeployment: Seamlessly manage PKI and certificates issued to devices across their entire lifecycle—from first deployment to redeployment and ongoing use.
Automated Certificate Issuance: Issues certificates to devices at installation through the manufacturer’s PKI, ensuring each device is trusted and uniquely identifiable from day one.
Broad Support for Certificate Types: Handles all relevant certificate types—device, test device, optional TLS, client/server, and self-signed—to support a wide range of grid communication needs.
Full CA Hierarchy Support: Supports the entire chain of trust, including SERCA (Root CA), MCA (Manufacturer CA), and MICA (Manufacturer Intermediate CA).
OCSP Integration: Verifies the revocation status of certificates issued by non-IEEE 2030.5 CAs before expiration, ensuring continued trust and security.
Cryptographic Algorithm Support: Supports ECC key algorithms for efficient, strong encryption—ideal for resource-constrained IoT and Smart Grid devices—and SHA256 with ECDSA for message integrity and non-repudiation.
Support for Certificate Policies and Extensions: Enforces certificate policies, such as validity period, authority key identifier and subject key identifier, device type, and serial number to match IEEE 2030.5 requirements.
Robust Private Key Protection: Secures private keys with FIPS-compliant HSMs to maintain PKI integrity and device authenticity.
Industry Adoption and The Road Ahead
As the world accelerates toward clean and renewable energy, IEEE 2030.5 will play a central role in ensuring grid stability, security, and innovation. Thanks to its internet-based, plug-and-play architecture, the protocol has made significant strides in recent years, quietly becoming the global standard for DER integration.
California’s Rule 21—governing nearly half of the U.S. renewable energy market—now mandates IEEE 2030.5 for all DERs. The standard is gaining momentum internationally too, with Canada, Europe, and Australia adopting it for DER and EV charging management. Australia even launched its own localized version of the IEEE 2030.5 protocol, CSIP‑Aus, to support its fast-growing DER fleet and clean energy goals.
In December 2024, the IEEE 2030.5 working group released an updated version of the standard, with stronger security and broader capabilities. CSIP 3.0 is slated for 2025, promising further enhancements to meet emerging grid services and market demands. As the protocol continues to evolve, automated certificate lifecycle management (CLM) will become critical for maintaining compliance and securing this dynamic, distributed energy ecosystem.
Today’s financial systems are highly digital and deeply interconnected. That’s great until something breaks. Whether it’s ransomware paralyzing critical services or cryptographic vulnerabilities quietly eroding trust, disruptions are no longer rare—they’re systemic.
The Modern Heist Bank Report 2025shows just how serious it’s become: 64% of surveyed financial institutions reported cyber incidents in the past 12 months. Regulators aren’t standing by waiting for institutions to catch up. They’re demanding proof that firms have the countermeasures to withstand and recover fast from operational shocks.
The Digital Operational Resilience Act (DORA) is a European Union regulation designed to strengthen the digital operational resilience of financial institutions. The goal is to ensure they prepare for, respond to, and recover from ICT (Information and Communications Technology) risks—from cyberattacks to system outages and industry disruptions.
Effective across the EU since January 17, 2025, DORA applies to a wide range of financial entities, including banks, insurance companies, investment firms, payment service providers, crypto‑asset (currency) service providers, and even ICT third‑party suppliers that support them.
Why Focus on ICT Resilience ?
Modern financial operations run on ICT systems for everything from data processing and API integrations to cloud infrastructure and network security. But when these systems are mismanaged or targeted, they become serious points of failure. A single breach or outage can leak sensitive data, disrupt services, and destabilize the broader financial system. To prevent this, DORA enforces a comprehensive resilience framework to manage, mitigate, and report ICT-related incidents.
It focuses on five key areas:
ICT Risk Management: Implement structured policies, ongoing risk assessments, and governance mechanisms to proactively manage ICT risks.
Incident Reporting: Establish clear protocols for detecting, classifying, and reporting ICT-related incidents that could impact operational continuity or customer trust.
Third-Party Risk Management: Conduct due diligence, establish contractual safeguards, define clear exit strategies, and continuously monitor critical third-party ICT service providers.
Resilience Testing: Conduct regular risk-based penetration tests, such as Threat-Led Penetration Testing (TLPT), on critical ICT systems to simulate real-world attack scenarios and identify vulnerabilities. Implement incident response plans to mitigate attacks quickly.
Information Sharing: Share information and threat intelligence with other EU financial institutions to drive awareness and improve collective resilience.
Together, these five pillars form the backbone of DORA’s resilience strategy, ensuring resilience against cyber threats and operational disruptions.
Cryptography Requirements Under DORA
As financial institutions go increasingly digital, cryptography has become more than a security best practice. It is crucial to ensuring the confidentiality, integrity, and availability of sensitive data. Recognizing this, DORA—along with its supporting Regulatory Technical Standards (RTS) under Delegated Regulation (EU) 2024/1774—lays out clear expectations for how financial institutions should govern cryptographic controls.
You Must Prioritize Post-Quantum Cryptography (PQC) and Shorter TLS Validity Readiness
Encryption and Cryptographic Controls (RTS Article 6)
Under DORA, financial institutions must develop, document, and implement a formal encryption policy covering all data and communications as part of their ICT risk management framework. Key requirements include:
Encrypting data at rest and in transit—as well as in use where feasible. If encrypting in use isn’t technically possible, organizations must process such data in isolated, protected environments.
Encrypting all internal network traffic and external communications
Defining clear criteria for choosing cryptographic algorithms and key lengths based on industry standards, risk analysis, and data classification
Updating or replacing cryptographic methods as threats evolve; When updates aren’t immediately possible, compensating controls must be documented and justified.
Cryptographic Key Management (RTS Article 7)
DORA expects financial institutions to maintain a documented key management policy that covers the entire lifecycle of cryptographic keys to prevent key exposure and misuse. Core expectations include:
Secure key handling across every stage—generation, storage, backup, transmission, rotation, and revocation
Strict access control and usage policies throughout the key lifecycle to prevent unauthorized access, theft, loss, or tampering
Clear procedures for key replacement following suspected compromise or damage
A comprehensive register of all digital certificates used in critical systems—along with processes to ensure timely renewals.
Protecting keys during their active use, often through encryption or isolation in secure hardware such as hardware security modules (HSMs)
Proper disposal of retired keys, including securely deleting keys and associated metadata to prevent recovery or misuse
Secure Authentication and Access Controls (Article 9)
Access to cryptographic assets must be carefully managed. Article 9 reinforces the need for strong identity verification and strict privilege controls. This includes:
Least-privilege access policies that restrict both physical and logical access to only those who need it, with documented and continuously monitored access rights
Strong authentication mechanisms to protect cryptographic keys from unauthorized use
Why Crypto-Agility Matters for DORA?
DORA’s technical standards—especially Article 6—send a strong message: cryptographic systems must evolve with the ever-changing threat landscape. In practice, this means building crypto-agility into your infrastructure. Financial institutions are expected to monitor cryptographic developments, assess emerging risks, and update algorithms or protocols—quickly, smoothly, and without disruption.
Why is this important? Because cryptographic standards don’t last forever. They age, weaken, and get replaced. Crypto-agility gives you the ability to:
Replace outdated algorithms and vulnerable keys without operational delays
Adapt to new regulatory mandates, such as DORA, with minimal friction
Stay ahead of new threats, such as the potential vulnerability of current encryption methods like RSA or ECC to quantum resilient algorithms, by transitioning to NIST-approved post-quantum cryptography (PQC) algorithms before these methods are compromised.
Whether you are preparing for PQC, adapting to 47-day TLS certificate lifespans, or responding to Certificate Authority distrust incidents, crypto-agility ensures your cryptographic infrastructure remains resilient, secure, and compliant throughout.
How AppViewX Enables Crypto-Agility and Supports DORA Compliance
Crypto-agility isn’t a checkbox—it’s a continuous capability. AppViewX AVX ONE CLM, our certificate lifecycle management solution, helps you build and maintain it through powerful visibility, automation, and policy control—fully aligned with DORA’s technical requirements.
Complete Crypto Visibility
Under DORA Article 7, a complete, up-to-date certificate registry is non-negotiable. AVX ONE CLM delivers it by:
Automatically discovering certificates across your infrastructure—from any public or private CA, across all endpoints and cloud services—consolidating them into a centralized inventory
Mapping certificates to their location, owner, issuing CA, expiry date, and crypto standards for a single-pane-of-glass view
Providing dynamic visual dashboards to understand risks, manage renewals, prevent outages and vulnerabilities, and ensure compliance
End-to-End CLM Automation
DORA demands secure, consistent handling of digital certificates across their lifecycle—and AVX ONE CLM delivers precisely that.
Full lifecycle automation, including issuance, renewal, provisioning, revocation, and last-mile binding to endpoints
A low-code workflow builder and a rich library of automation templates to tailor automation to your environment
CA-agnostic operations—manage all public and private certificates from one place and implement cryptographic changes quickly, without disruption
Built-In Policy Control and Governance:
Strong cryptographic governance is central to DORA compliance. AVX ONE CLM enables:
Automatic enforcement of defined policies for approved CAs, algorithms, validity periods, upgrades, and more.
Role-based access controls (RBAC) to ensure secure and authorized certificate issuance
Detailed audit logs, automated policy checks, and periodic reports to simplify audits, ensure compliance, and strengthen overall crypto hygiene
DORA Compliance Starts with Crypto-Agility
DORA marks a major step forward in strengthening the financial sector’s defense against growing digital threats. With its strong focus on operational resilience and crypto-agility, DORA pushes financial institutions to move beyond static defenses to dynamic systems that can adapt, recover, and stay secure as risks evolve.
Crypto-agility is central to making that shift.
With AppViewX AVX ONE CLM, crypto-agility isn’t an afterthought—it’s built in. From complete certificate visibility and lifecycle automation to centralized policy control and reporting, AppViewX helps your organization meet DORA requirements with confidence.
If I had a dollar for every time I heard “AI” at SAP Sapphire 2025 …
AI was simply everywhere at this year’s events. From Christian Klein’s keynote to the show floor demos, it was the foundation of nearly every conversation. But beneath the buzzwords and bold visions, I noticed one question kept surfacing: How do you actually do it? How do you make AI actionable inside the day-to-day workings of an enterprise?
That’s the question we were thinking about at the Redwood Software booth and in our customer sessions and roundtables. It was fantastic to see the energy this year: standing-room-only demos, deep discussions with IT and business leaders and a steady stream of customers stopping by to share what they’re already doing with job scheduling, orchestration and workload automation (WLA). The excitement was real, but the deeper story was about who’s already rolling up their sleeves instead of just dreaming about digital transformation that actually realizes the value of AI.
Redwood was proud to be recognized for the second year in a row with the SAP Pinnacle Award in a category honoring innovative partners that provide economically relevant solutions, validating our ability to consistently drive high adoption and ROI for SAP customers. We also announced that RunMyJobs by Redwood is now an SAP Endorsed App, Premium certified — the highest level of SAP verification, indicating outstanding customer value.
The best part? We’re not talking in hypotheticals. These milestones are a testament to the real-world outcomes our customers achieve when integrating with the latest SAP technologies, maximizing the value of their SAP investment. We saw that in full color in sessions and roundtable discussions with RS Group and others, whose teams shared striking results they’ve achieved using RunMyJobs. They haven’t been waiting for the AI wave. Instead, they’ve been preparing for it by modernizing their WLA. And it’s paying off.
We’re making business AI real as we drive digital transformations that help customers thrive in an increasingly unpredictable world.
Klein’s sentiment rang true throughout the event, especially his keynote theme: To thrive in an AI-powered world, it’s not enough to modernize ERP. Foundational processes, especially the ones running behind the scenes, must be intelligent, agile and orchestrated. WLA platforms like RunMyJobs are already doing the work of preparing SAP landscapes for AI by coordinating processes end to end, orchestrating the tasks that drive efficient data pipelines and ensuring the reliability that AI output depends on.
Redwood customers leading the charge
SAP made it clear: the future isn’t about cobbling together best-of-breed tools. It’s about building a smart, cohesive suite. That suite extends beyond core ERP to include the applications and automation fabrics that make an entire business run. Redwood customers are already there.
RunMyJobs isn’t a standalone job scheduler. It’s the connective tissue for automation fabrics across SAP and non-SAP systems, delivering the kind of real-time orchestration that complex, data-intensive environments demand. Redwood’s shared product vision with SAP is helping customers optimize operations to scale with AI. That alignment is also what earned RunMyJobs its SAP Endorsed App status.
We spotlighted compelling Redwood customer stories at SAP Sapphire this year, including the following.
RS Group: Transforming global supply chain operations for a demanding market
As a global industrial distributor, RS Group faces an unforgiving supply chain environment. Before RunMyJobs, they couldn’t even run business operations processing (BOP) daily for all 26 markets they serve. The complexity was enormous. They had to stagger market runs, which put customer promises, such as delivery timelines, at risk.
Using RunMyJobs to re-engineer processes and workstreams and optimize job logic, they now run BOP for all 26 markets daily.
We now meet our promise to our business and customers.
Dharmesh Patel, Head of SAP Development & Services, RS Group
But that was only the beginning. Previously, RS Group faced issues with poor monitoring, alerting and visibility, leading to frequent Priority 1 (P1) and Priority 2 (P2) incidents in critical operations like order processing and warehouse management. With RunMyJobs, they introduced custom alerting, rebuilt job frameworks and created a governance model for continuous improvement.
The payoff of using RunMyJobs for RS Group: No P1 or P2 incidents in critical operations in over a year and job execution reliability over 99%
This isn’t just operational success. It’s setting the stage for AI readiness, because AI needs more than just access to data. It needsreliable, actionable data at the right time, integrated into the processes that power the business. RS Group is ready. When you run a global supply chain, “ready” isn’t a luxury.
Ready on day 1: How fit-to-suite automation prepares you for the AI future
The real takeaway from SAP Sapphire wasn’t that AI is coming. It’s that AI is already here, and the companies reaping the benefits are the ones that did the foundational work early. Redwood customers like RS Group have already modernized their WLA. They’re not bolting on AI. They’re ready for what’s happening now and what’s to come because their automation is fit-to-suite: deeply integrated, spanning SAP and non-SAP systems and built for scale and AI innovation.
RunMyJobs provides the automation fabrics enterprises need to orchestrate complex, cross-system workflows and support the data pipelines AI depends on. It connects SAP S/4HANA to the hybrid architectures, business process layers and related data AI needs to drive better, faster decisions and more efficient attainment of business outcomes.
When your business runs on well-managed, intelligent processes, you don’t just hope your AI strategy will work — you know it can.
An obvious and undeniable message of SAP Sapphire 2025? WLA modernization isn’t a side project. It’s a prerequisite. See how Redwood supports SAP customers in future-proofing their ecosystems.
A large United States-based manufacturer recently approached Redwood Software with a high-stakes decision to make: Renew their legacy workload automation (WLA) contract at five times the cost or modernize and move to the cloud. Their IT leadership had already committed to a cloud-first strategy aligned with their broader digital transformation goals. Renewing with their vendor would have meant staying tethered to costly on-premises infrastructure and putting off much-needed modernization.
The business case was clear for moving to a cloud-native WLA solution. But the clock was ticking. With just three months before their existing contract expired, the company needed to evaluate new platforms, prepare for migration and go live in that tight timeframe without disrupting critical business operations.
That’s when they turned to Redwood.
Our team of migration experts quickly mobilized, leaning on Redwood’s proven methodology, cloud-native platform and proprietary migration tools. We helped this company not only meet their deadline, migrating from a legacy platform in just 14 weeks, but also use the migration as a strategic opportunity to improve automation processes, retire technical debt and set the stage for long-term success in the cloud.
This isn’t an edge case. Whether you’re facing similar licensing deadlines, preparing for a RISE with SAP transformation or simply looking to modernize a fragmented automation landscape, you’re not alone — and you don’t have to start from scratch.
At Redwood, we understand that migration isn’t just a technical change. It’s your chance to rethink how automation supports your business and make sure you’re ready for what the future brings.
Speed is essential — but so is strategy
Time constraints are common in these scenarios. Redwood frequently works with organizations facing license renewals that force a go/no-go decision, RISE with SAP transitions that require cloud-readiness and/or internal mandates for tool consolidation and legacy system modernization.
These deadlines create urgency, but a rushed migration without strategy leads to risk. It can carry over inefficiencies and complications into your next-generation platform. Too often, we see companies fall into the trap of replatforming without rethinking.
In our experience, there are two primary mindsets when it comes to WLA migration:
Lift-and-shift first, optimize later: Move jobs as-is to meet tight deadlines, with plans to modernize after go-live.
Modernize as you move: Take the opportunity to streamline architecture, remove redundancies and improve process logic as you migrate.
Most organizations fall somewhere in between, and that’s exactly why Redwood approaches migration by tailoring it to your environment, not a one-size-fits-all script.
Migration as momentum: Essential considerations
What kind of change are you driving? Are you simply replicating jobs or using this transition to streamline, modernize and reduce complexity?
How will you optimize the new platform? Are you planning for better performance and improved reliability from the start?
Is your automation strategy aligned with broader goals? Will the migration support larger initiatives like cloud adoption, tool consolidation or SAP transformation?
Who needs to be involved: Are departments, service providers or external teams part of the process, and are they looped in early?
Redwood evaluates your:
Source platform and job volume
Critical business processes and dependencies
Timeline flexibility and go-live constraints
Appetite for technical debt cleanup
This ensures we don’t just recreate your existing environment but deliver a better one.
Rather than thinking of migration as a one-time event, consider it the start of a smarter operating model. Redwood’s Professional Services team brings decades of experience helping enterprises like yours transition from legacy WLA platforms to our modern, cloud-native solution, RunMyJobs by Redwood. Here’s what that means for your business.
IT infrastructure savings
Migrating off legacy systems sooner lets you decommission outdated infrastructure, eliminate those redundant support contracts and reduce operational overhead. This is especially important if you’re heading toward hybrid or full cloud adoption.
Business process improvements
We don’t just move your jobs; we evaluate them. During migration, we help you identify inefficiencies, unnecessary handoffs and outdated dependencies. This is your chance to streamline.
Operational efficiencies
Redwood provides pre-built templates, connectors and industry best practices to fast-track implementation. These accelerators and our unique testing frameworks help you get to production faster.
The groundwork for long-term gains
One of the most overlooked benefits of a well-executed migration is how quickly you can begin realizing value, and not just from the software itself. Value comes from removing friction. Thus, you need a team with a track record of doing just that.
With Redwood, you begin seeing results almost immediately:
Noticeably stronger stability: Our migration process is designed to minimize disruption and deliver a stable production environment from day one. You don’t need weeks or months of post-migration troubleshooting to feel the benefits.
Improved visibility: Instead of toggling between tools and spreadsheets, you have a single source of truth for managing jobs enterprise-wide. Thus, fewer blind spots and better operational alignment.
Reduced manual effort: With intelligent automation and reusable templates, your teams spend less time on repetitive tasks and more time on process improvement.
Accelerated business outcomes: Faster financial closes, improved service availability … whatever you’re after, Redwood removes the bottlenecks and gets you there quickly.
Greater agility: Once you’re on a modern, cloud-native platform, you can scale, adapt and evolve your automation environment in lockstep with your business. Adding new systems or integrating third-party tools becomes significantly easier.
Modernize on your terms
Migrating to a new WLA solution involves much more than moving scripts or job chains. Your goal should be to enable a new level of orchestration across your enterprise. That’s why it pays to work with a partner who specializes in this exact domain.
Redwood’s Professional Services team is focused solely on successful automation implementations. We offer:
Proven methodologies for assessment, migration and rollout
Proprietary tools to streamline job mapping, testing and cutover
Flexibility to adjust your scope in real time
Risk mitigation with detailed validation and go-live readiness
Post-migration services to keep advancing your automation maturity
At Redwood, we don’t just bring technology. We also offer unmatched focus, tools and experience. Organizations across industries have trusted Redwood to help them leave behind legacy WLA platforms.
If you’re feeling the pressure of an expiring contract, a cloud deadline or a business that’s outgrown your current WLA solution, Redwood’s proven migration approach is here to move you forward with a clear vision.
Hear directly from Daniel Sivar, Technologist at American Water, about how Redwood guided the largest regulated water and wastewater utility company in the United States through “managed waves” to ensure a successful migration.
Location: W Hotel, San Francisco
Date: April 28, 2025
Time: 2:00 p.m. – 6:00 p.m.
