Your SlideShare is downloading. ×
0
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
1.4. sa pience be tech day 2012   grc access control mdi
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

1.4. sa pience be tech day 2012 grc access control mdi

150

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
150
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Enable all corporate compliance stakeholders to collaboratively manage the enforcement of proper segregation of duties (SoD)Jump-start compliance setup with a comprehensive library of best practices and rules for SoDDetect and resolve violations of SoD and excessive user access by removing authorizations or applying mitigating controlsAddress access and authorization issues at their inception using enterprise role managementProvide users with privileged but controlled access to quickly address emergency requirementsHelp ensure efficient and compliant provisioning of user access throughout the employee life cycleMeet compliancy requirements by policy enforcement & full audit logging
  • ExplainRoles included can require approval from 1 or more role ownersA mail can be sent to inform the involved persons from the status of the request/action to takeA compensating control can be documented when an SOD occursAssignment will only happen if all parts are reviewed. Only approved roles will be assigned. Approved roles will be assigned even if the request contains declined roles.Show:Logon to ECC with GRC_DEMOShow user DHOWARD in ECC – no accessTemplate based request on change user Create request for other user DHOWARD requesting Maintain PO XP3_00000_SMD_MMPU_PURORD_FULL (GRC_XP3). Enter mail adress demo.grc@expertum.net in user detailsShow mail sent to role owner Maintain PO .Log on as FcobainGo to My Home – Work inboxSOD check. Approvedashboard & reportWorkitem is goneShow role assigned to userShow mail to requestorCreate request Maintain Goods Receipt: XP3_00000_SMD_MMIN_GDSRPO_FULL Show mail sent to role owner Maintain Goods receipt. SOD check - Approve-> sent to Risk owner Go to inbox FCOBAIN – submitGo to mailbox -> BhamiltonLogon as Bhamilton -> reject.
  • “The helpdesk labour cost for a single password reset is between 15£ and 50£” - Gartner
  • Transcript

    • 1. SAP GRC Access Control 10.0:Getting & staying in control of user access Melissa Dielman Your logo Chris Walravens SAPience.be Tech Day 2012 1
    • 2. Expertum & SAP GRCThe need for SAP GRC Access ControlSAP GRC AC 10.0:• Components• Functionalities & Demo• BenefitsValue Testimonials SAPience.be Tech Day 2012 2
    • 3. Expertum & SAP GRC Your logo Expertum is…. a SAP Consultancy firm with a dedicated SAP Security team offering services in • SAP Security Audits • Authorization concept design • SAP GRC implementation • SOD conflict remediation • Access Management Framework design • Day to day support the only Belgian SAP partner to achieve the GRC AC RDS Qualification GRC Channel Sales partner for Large Accounts providing the GRC trainers at SAP Education the first to implement GRC AC 10.0 successfully in a Belgian Company SAPience.be Tech Day 2012 3
    • 4. Lack of Access Control Your logoTodays SAP environments often lack appropriate security andcontrols mechanisms, illustrated by following symptoms: Lack of Fragmented Bad practices business & IT approach to in user communica- access control management tion Excessive time Inability to & cost of prevent analysis & access risk audit SAPience.be Tech Day 2012 4
    • 5. Access Control Strategy Your logo Define & Defined & centralized Access Rules Control Automated/manual process controlsGovernance ModelInformation availabilitySustainability EmpowerAutomation & Self-service Push & pull reporting Inform & Regular reviews Monitor Critical access & SOD Business & IT Increased ownership Document Full audit trail SAPience.be Tech Day 2012 5
    • 6. SAP GRC Access Control Your logoComponents Analyze & Emergency Manage Risks Access Management (AMR) (EAM) Business Role Provision & Management Manage Users (BRM) (PMU) SAPience.be Tech Day 2012 6
    • 7. Analyze & Manage Risk Your logo Analyze & Emergency Manage Risks Access Management (AMR) (EAM) Business Role Provision & Management Manage Users (BRM) (PMU) 7
    • 8. Analyze & Manage Risk Your logo SAP GRC Access control prevents access risk by defining the rules and identifying & remediating violations. Centralized definition of Segregation of Duties Real-time risk analysis on user and role level Proactive detection of SoD issues by simulation Documentation & assignment of mitigating controls Automated Access Reviews & follow-up actions 8
    • 9. Demo: AMR Your logo Analyze & Emergency Manage Risks Access Management (AMR) (EAM) Business Role Provision & Management Manage Users (BRM) (PMU) SOD reporting SOD analysis SOD simulation 9
    • 10. Emergency Access Your logoManagement Analyze & Emergency Manage Risks Access Management (AMR) (EAM) Business Role Provision & Management Manage Users (BRM) (PMU) 10
    • 11. Emergency Access Your logoManagement SAP GRC Access Control allows you to provide extended access rights to users on a exceptional basis. A complete logging ensures (ab)use of the access is traced & documented. Centralized, automated, pre-approved cross-system emergency access Automatic e-mail notification when emergency access is activated Detailed audit trails of performed actions 11
    • 12. Demo Your logo Analyze & Emergency Manage Risks Access Management (AMR) (EAM) Business Role Provision & Management Manage Users (BRM) (PMU) Firefighter activation Firefighter logging 12
    • 13. Provision & Manage Users Your logo Analyze & Emergency Manage Risks Access Management (AMR) (EAM) Business Role Provision & Management Manage Users (BRM) (PMU) 13
    • 14. Provision & Manage Users Your logo SAP Access Control enables an automated, compliant user provisioning process, Automated access provisioning, requesting approval to the appropriate business & risk owner Preventive SOD analysis at time of request Automatic logging of request approvals and modification Password self-service Remote approval through smart phone app 14
    • 15. SAP Access Approver Your logoMobile Application 15
    • 16. Example: User Access Your logo Request Flow Mail Initiate User Request Assignment DeclineOwner Approve Role Mail SOD N Decline Y Approve Comp ControlOwner Mail Risk Accepted Risk Decline 16
    • 17. Demo Your logo Analyze & Emergency Manage Risks Access Management (AMR) (EAM) Business Role Provision & Management Manage Users (BRM) (PMU) User access request Preventive SOD simulation Automated user provisioning Automated emailing 17
    • 18. Business Role Management Your logo Analyze & Emergency Manage Risks Access Management (AMR) (EAM) Business Role Provision & Management Manage Users (BRM) (PMU) 18
    • 19. Business Role Management Your logo Enforcing Best Practices for compliant role management Central documentation of SAP authorization concept Definition of cross application business roles Preventive risk analysis for authorization roles Change Management Process 19
    • 20. GRC Access Control: Recap Your logoAccurately identify and analyze access Self service emergency accessrisk violations in real-time activationRemediate and mitigate conflicts for Centrally approve and manageusers and roles emergency access or all SAP systemsContinuously monitor access risks and Detailed usage logs for comprehensiveuser assignments across the enterprise emergency access reviews Analyze & Emergency Manage Risks Access Management (AMR) (EAM) Business Role Provision & Management Manage Users (BRM) (PMU)Centralized business role management Self service user access requestEnforced compliancy to format & SOD processrules Preventive risk analysis in userAutomated role governance process provisioninginvolving business & technical owners Automated workflow for efficiently approving requests Streamline and automate reviews of user access 20
    • 21. Value Your logo Logging Prevention Business involvement Documentation Reporting Automation Self-service Centralization SLA SAPience.be Tech Day 2012 21
    • 22. Value Testimonials Your logo “Using automated password reset, a large U.S. beverage producer reduced its IT service desk costs by more than $600,000 in only one year.” Gartner “SAP BO Access Control and SAP NW Identity Management have helped us save vast amounts of money by automating almost the entire authorization process from access request to approval and documentation” R. Falke, Vibracoustic GmbH & co “Finally we have just one place to look for all our compliance rule sets, violations, mitigating controls, … and so forth. That winds up saving us quite a bit of money” Diana Dayal, Newell Rubbermade Inc “Although Identity and Access Management has traditionally played the role of gatekeeper, it is now also helping to improve business agility and reduce IT complexity by enabling organizations to quickly control user access” Deloitte, 2010 TMT Global Security Survey 22
    • 23. Your logoContact Details Melissa Dielman Chris Walravens Sr GRC Consultant GRC Competence Lead T. +32 470 56 20 63 T. +32 474 47 59 83 E. Melissa.Dielman@expertum.net E. Chris.Walravens@expertum.net www.expertum.net www.expertum.net 23
    • 24. Thank you! Your logo SAPience.be Tech Day 2012 24

    ×