SAP security solutions Is your business protected?

Similar documents
Accelerate Your Enterprise Private Cloud Initiative

Improve Internal Controls with Governance, Risk, and Compliance Solutions

Pave the way: Build a value driven SAP GRC roadmap March 2015

Demystifying GRC. Abstract

The Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory

Achieving effective risk management and continuous compliance with Deloitte and SAP

Oracle Buys Automated Applications Controls Leader LogicalApps

SAP Security Remediation: Three Steps for Success Using SAP GRC

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

Symantec Data Center Transformation

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Integrating SAP GRC RM, PC and AC: An end-to-end solution

Leveraging advanced controls with PeopleSoft implementation and upgrade projects

Dell helps you simplify IT

SAP Security Remediation: Three Steps for Success Using SAP GRC

Continuous protection to reduce risk and maintain production availability

Implementing ITIL v3 Service Lifecycle

Flex Tenancy :48:27 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Controlling Costs and Driving Agility in the Datacenter

Governance, Risk & Compliance - Management Commitment; Building a GRC Aware Culture.

Turning Risk into Advantage

COBIT 5 With COSO 2013

SAP HANA Rapid Deployment Solutions, Knowledge transfer & enablement

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

ORACLE SERVICES FOR APPLICATION MIGRATIONS TO ORACLE HARDWARE INFRASTRUCTURES

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

Introduction to Automated Controls

Hyperion Application Access Control Governor Blueprint for Oracle GRC Applications

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Sustainable Security Operations

21ST century enterprise. HCL Technologies Presents. Roadmap for Data Center Transformation

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

The Business of Security in the Cloud

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

Nebraska CERT Conference

Vulnerability Assessments and Penetration Testing

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Survey - Governance, Risk and Compliance

Developing your GDPR response for competitive advantage. EU General Data Protection Regulation (GDPR)

GDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018

Better together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com

Test Data Management for Security and Compliance

Attunity Gold Client Enables Global Consolidation at BAT

Data Curation Handbook Steps

From Cloud adoption to Cloud first Enabling effective Cloud usage

1 Executive Overview The Benefits and Objectives of BPDM

Heading Text. Manage your Organization s Governance, Risks, and Compliance Requirements and Transform your Business Potential with SAP GRC

USING QUALYSGUARD TO MEET SOX COMPLIANCE & IT CONTROL OBJECTIVES

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

NORTH CAROLINA NC MRITE. Nominating Category: Enterprise IT Management Initiatives

STEP Data Governance: At a Glance

WORKSHARE SECURITY OVERVIEW

Introduction to AWS GoldBase

THE JOURNEY OVERVIEW THREE PHASES TO A SUCCESSFUL MIGRATION ADOPTION ACCENTURE IS 80% IN THE CLOUD

Top Reasons To Audit An IAM Program. Bryan Cook Focal Point Data Risk

Information Infrastructure and Security. The value of smart manufacturing begins with a secure and reliable infrastructure

Virtualizing the SAP Infrastructure through Grid Technology. WHITE PAPER March 2007

Practical Guide to Hybrid Cloud Computing. Cloud-Computing.

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010

Cisco Director Class SAN Planning and Design Service

Data Governance Quick Start

Convergence of BCM and Information Security at Direct Energy

Overview. Business value

OVERVIEW BROCHURE GRC. When you have to be right

TSC Business Continuity & Disaster Recovery Session

Designing a Day 1 Operating Model for Rapid Adoption of Converged Systems GLOBAL SPONSORS

I D C T E C H N O L O G Y S P O T L I G H T. V i r t u a l and Cloud D a t a Center Management

Build confidence in the cloud Best practice frameworks for cloud security

The University of Queensland

Embedding GDPR into the SDLC

DIGITAL INNOVATION HYBRID CLOUD COSTS AGILITY PRODUCTIVITY

Practical Guide to Cloud Computing Version 2. Read whitepaper at

the steps that IS Services should take to ensure that this document is aligned with the SNH s KIMS and SNH s Change Requirement;

Assuring Certainty through Effective Regression Testing. Vishvesh Arumugam

Certeon s acelera Virtual Appliance for Acceleration

Symantec Enterprise Vault

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

How Verizon boosted product delivery with Dynatrace Software Intelligence

Why Enterprises Need to Optimize Their Data Centers

Navigating the Clouds Fortifying ITIL for Cloud Governance

PREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice

THE FUTURE OF BUSINESS DEPENDS ON SOFTWARE DEFINED STORAGE (SDS)

STRATEGIC PLAN

The Future of Business Depends on Software Defined Storage (SDS) How SSDs can fit into and accelerate an SDS strategy

Embedding GDPR into the SDLC. Sebastien Deleersnyder Siebe De Roovere

Cloud Customer Architecture for Securing Workloads on Cloud Services

Symantec Network Access Control Starter Edition

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)

Improve testing for customer services and service management

Improving Security in the Application Development Life-cycle

locuz.com SOC Services

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

The Center for Internet Security

Monitoring and Operating a Private Cloud with System Center 2012 (70-246) Course Outline Module 1: Introduction to the Private Cloud

Evaluator Group Inc. Executive Editor: Randy Kerns

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

Transcription:

www.pwc.com SAP security solutions Is your business protected?

SAP security overview Background SAP Security is becoming more difficult to control due to a constantly evolving compliance landscape and increasingly complex business environments. Restrictions required by legislation, upgrades to systems, centralization of functions within businesses, and contiually changing role responsibilities increase the importance of having a well-designed security management process. The increasing complexity of SAP s software applications, adds to the risk of security threats, with evolving technology, new functionality, and web-based solutions. Ultimately how can you ensure that your users have the information they need in a timely manner yet comply with the challenges above in an efficient and optimal manner? Opportunities and challenges HR Process Centralized processes Technical development SAP Security Integrate to new platforms Outsourced Processes SoD & GRC Ensuring flexibility to accommodate organizational changes and underlying process variations Accommodating centralized functions within old security designs and processes Reducing the amount of time spent on technical administration and end-user security management by both IT and the wider business Integrating the SAP Security structure and controls into the day-to-day operations of the business Key enabler for leveraging GRC technologies Opportunities for delivering improvements and efficiencies through GRC or other tools Ensuring that the security controls are properly aligned with other configurable and manual controls in the SAP environment Remediating segregation of duty (SoD) issues in the most efficient manner Managing costs and commercial leakage from outsourced administrators Effectively transition to managing shared service center SAP security solutions 3

Our approach high-level overview PwC Transform Security Design and Remediation process Phases Assess Design III. CONSTRUCT IV. Implement Operate Task Project Preparation Design Build Test Final Preparation Go-Live & Support Objective Deliverables The project is initiated and supporting infrastructure is established Project Plan Systems, Business Processes, and Actions Analyses Roles and Responsibilities Business Risks are Identified Business Risks Action Groupings Risk Rankings Security requirements are translated Rule set(s) Built Updated Policies and Procedures Tool Configured SOD Compliance Finalized Initial Rule set(s) Rule set(s) Signoff Reports Material Deployment Package End User Mapping Security Admin Process Provisioning Process Deployed Security Cross-Application SOD Reports SOD Review and Action Plan Mitigated Conflicts Interfaces Infrastructure ERP SAP security: Redesign to align Assess Design Construct Implement & Operate Assess and review your access controls 1 Design an optimal security model 2 Remediate issues or build new technical solution 3 Integrate your security design with GRC tools and align with other organizational controls 4 1 Assess and review access controls 2 Design an optimal security operating model During the assessment of the Security and SOD as is position we focus on the following areas: Building on the assessment work, we can assist in your effort to transition to an optimized security design: Assess and compare how your individual business units are adopting existing controls. Provide the strategy and approach to deliver a security model, where compliance objectives are embedded into the design. Benchmark how your security issues measure against industry standards. Implement PwC s User Activity Analysis tool to analyze your actual transactional usage. Map activity analysis output back to existing security design and pinpoint areas for design remediation. Map the Security Access controls design back to SAP Security governance design. Develop a design that is flexible enough to accommodate likely changes to the organizational structure while integrating existing business controls. Devise a security blueprint that maximizes the sustainability of the future security model. Address root causes of specific control and access issues at the design phase to ensure a consistent and efficient clean up effort. Design and develop a process for using accelerators like SAP GRC in security build and maintenance phases to maximize efficiency. Underpin technical aspects of the design with a robust SAP security governance framework. 4 SAP security solutions

3 Remediate or rebuild We can assist in managing the integration of the risk and controls elements of the security design and build throughout the life cycle of the engagement, from remediation of existing issues, to a complete rebuild of the technical platform. The work focuses on ensuring your strategy design and build are aligned to the long-term organizational requirements. We provide this service by: Utilizing accelerators in the build phases to expedite technical role build activities Following a best practice iterative design/build/ re-analyze process to ensure that technical solution is fit for purpose and SoD compliant Implementing PwC s enabler technology for rebuild activities Ensuring that security build at the template and local levels doesn t deviate from the overall strategy, reducing the risk of your security design regressing back to being localized or fragmented 4 Integrate your security design with GRC tools and organizational controls PwC can work with you to: Utilize GRC technology for structured, compliant, and accelerated role design and build. Integrate with GRC tools for SoD compliance at a technical role and user provisioning level. Integrate the SAP security model with IDM tools to provide single sign-on capabilities and controls. Provide assistance to design an operating model that fully utilizes the controls potential available in GRC tools. SAP GRC Access Control Suite Access risk analysis Access request management Business role management Emergency access SAP ERP systems Other SAP systems Non-SAP solutions Active directory Benefits realized by our clients: Significantly improved governance and management of access risks Business-owned and standardized access management processes Reduced business time spent on access reviews by 60% Greater transparency into who has what access Reduced complexity of roles leads to sustainable, lower-cost SAP security processes Significant increase in business user support capabilities SAP security solutions 5

Client citation leading automobile manufacturer Background This client was struggling to meet service level agreements related to SAP provisioning and user maintenance. Although the initial implementation of SAP GRC Access Controls suite was complete, the organization was using only a small subset of the suite s capabilities. The PwC solution The first phase of this project focused on assessing the current state and designing of the future state. In our design of the future state, we included the full deployment of the SAP GRC Access Controls suite to simplify and automate the user provisioning processes, while remaining compliant. We worked with the client to design and implement a new SAP security design following our tier 4 methodology. The implementation of the new SAP security design helped this client reduce the number of roles in the SAP environment, which, combined with the SAP GRC Access Controls application, facilitated the overall user provisioning processes. What has the client achieved? After the completion of the SAP security design and implementation of the SAP GRC Access Controls applications, this client was able to realize the following benefits: 75% reduction of SAP security roles in the SAP production environment 99% reduction of transaction code duplication in SAP security roles 0 SAP security roles with inherent segregation of duties conflicts Reduced user provisioning time from 21+ days to 2.3 days (average) 6 SAP security solutions

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback