Sap business objects access control as a sustainable solution for authorization compliance
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
778
On Slideshare
720
From Embeds
58
Number of Embeds
3

Actions

Shares
Downloads
11
Comments
0
Likes
0

Embeds 58

http://www.expertum.net 54
http://192.168.20.100 3
http://projects.lavagraphics.be 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. SAP WORLD TOUR LUXEMBOURG 2010October 26, 2010 – Kikuoka Mercure Golf ClubSAP BusinessObjects Access ControlA Solution for Sustainable AuthorizationCompliance Chris Walravens GRC Competence & Delivery Lead Expertum Koen Roaen For more info: www.expertum.net Business Development & GRC Competence Lead Expertum
  • 2. Agenda 1. Expertum introduction 2. GRC today 3. SAP BO GRC AC 5.3 • Benefits • Stakeholder interests • Issues encountered & Solution approach 4. Get Clean – Stay Clean – Stay in control • RAR • CUP • SPM • RAR 5. Conclusion 6. The next release 7. Questions© SAP 2010 / Page 2
  • 3. Expertum Introduction  SAP Service Partner  Founded in 2006  SAP Channel Partner  SAP Education Partner  Team of +45 SAP Experts and Project Managers  SAP Lounge Partner  SAPience.be Partner Project Management Product (PM) Supply Lifecycle Chain Management Planning (PLM) (SCP) Knowledge Supply Finance Chain Management Execution (FI)  Our Expertise : - (SCE) Product & Service Development Business SAP Intelligence NetWeaver (BI) (NW) SAP Governance, Solution Risk, and Manager Compliance (SolMan) (GRC)  Our Mission: Exceed client expectations by providing top-quality expertise Provide our people a safe environment for personal and professional growth© SAP 2010 / Page 3
  • 4. GRC today Governance, Enables  Access Control compliant continuous Risk and  Sustainability Performance Management Manages processes and analytics control of access and authorization across the enterprise Compliance to communicate and execute sustainability strategy Proactively protects information Data gathering with automatic and prevents fraud through and repeatable collection from automated risk analysis and systems and people remediation Sustainability Access Performance Control  Process Control Management  Global Trade Services Automated continuous control Automates import and export monitoring across policies and compliance, including ITAR regulatory requirements Supports electronic customs Delivers cross-system visibility filling and reporting and a unified repository of Monitors and manages outbound compliance data for efficient multi- initiative management Process Global Trade NFe transactions Identify, manage and prioritize Control Services risk exposure across global supply chains  Risk Management  Environment, Health, and Safety Management Formal integration of risk Comprehensive platform for management with strategy Environmental, Health and Safety Environment, Health, and Repeatable framework to analyze Risk Management Safety Management Management and mitigate risk Provides support across three Continuously monitor key risk pillars of Health and Safety, indicators across strategic Product, Safety and Stewardship objectives and Emissions Management© SAP 2010 / Page 4
  • 5. Benefits of SAP BO GRC AC 5.3 Control access  Centralized access (and identity) management  Out of the box rules automatically eliminate access and authorization risks  Enforce segregation of duties across applications and departments  Prevents improper access to assets Automate compliance  Automate segregation of duties and access management  Automated audit trails and documentation  Automated analysis© SAP 2010 / Page 5
  • 6. Benefits of SAP BO GRC AC 5.3 Real-time oversight and predictability  Review and approval process  Real-time detective controls and transaction monitoring  Automated IT and Line of Business collaboration Facilitates the road to compliance  Obtain quick, effective, and comprehensive identification of risks  Eliminate existing access and authorization risks© SAP 2010 / Page 6
  • 7. Benefits of SAP BO GRC AC 5.3 Continuous access management  Avoid business obstructions with faster emergency response  Improve productivity of end users  Mitigate risk through continuous monitoring Effective management oversight  Provide capabilities for management oversight  Facilitate internal audit  Minimizes audit cost & time© SAP 2010 / Page 7
  • 8. Stakeholder interests  CFO - Better visibility of access risk - Solid proof and reliability for financial data and regulatory reporting - Reduce risk by analyzing issues and performing necessary remediation  CIO - Increase efficiency and collaboration with compliance embedded into business processes - Faster resolution of issues with IT and Line of business collaboration  Audit - Transfer ownership of controls to business - Minimized audit time and audit related costs - Automated audit trails and documentation© SAP 2010 / Page 8
  • 9. Issues encountered Compliance and Audit Business Operations  Compliance analysis is mostly a manual process  Lack of visibility due to technical complexity  Manage numerous diverse regulatory requirements  Overwhelmed by ever-increasing number of  Lack of governance framework to ensure compliant role global and local regulatory requirements management  Limited effectiveness with review and approval  Role proliferation and excess privileges increase audit processes challenge IT Operations  Manual, labor intensive user provisioning and access End Users management  Productivity loss due to delay in getting access  Fragmented approach to access management increases the  Fragmented access management process provides possibility for errors and inconsistency incomplete access  Complex and technical security data models prevent collaboration  Access not kept synchronized with changing role, resulting in between IT and business inadequate access (or potential unauthorized access)© SAP 2010 / Page 9
  • 10. Solution approach Business Operations Compliance and Audit  Provides for business user accountability  Preventive compliance of roles through integrated risk analysis  Collaborative role management process  Streamlines job functions with consistent business roles  Business friendly role definitions reflect the reality  Visibility of role compliance and role exceptions of business  Increases confidence with built-in audit trailsIT Operations End Users Reduction in administration  Quick on-boardingcosts eliminating productivity loss Elimination of manual errors  Right access to rightresulting in increased user systems at right timesatisfaction  Reduce risk of unauthorized accessConsistent, repeatable, streamlined processes to manageusers across the enterprise Single toolset forheterogeneous landscaperesulting in lower training costs Customers / Partners  Secure and compliant access to business services across organization boundaries© SAP 2010 / Page 10
  • 11. SAP BO Access Control Sustainable prevention of segregation of duties violations Effective Minimal Continuous Management Oversight Time To Compliance Access Management and Audit (Get Clean) (Stay Clean) (Stay in Control) Risk Analysis Enterprise Role Compliant User Superuser Privilege Periodic Access and Remediation Management Provisioning Management Review and Audit Rapid, cost-effective Enforce SoD Prevent SoD Close #1 audit issue Focus on remaining and comprehensive compliance at violations at with temporary challenges during initial clean-up design time run time emergency access recurring audits© SAP 2010 / Page 11
  • 12. SAP BO Access Control Minimal time to compliance Get Clean Risk Analysis and Remediation© SAP 2010 / Page 12
  • 13. SAP BO Access Control Sustainable prevention of segregation of duties violations Minimal Time To Compliance (Get Clean) Risk Analysis and Remediation Rapid, cost-effective and comprehensive initial clean-up© SAP 2010 / Page 13
  • 14. Get Clean – RAR demo© SAP 2010 / Page 14
  • 15. Get clean (RAR) Cross-enterprise view on SOD violations  Allows an effective road towards compliance  Allows reviews per system, user group, organizational level or role  Translates a technical subject (authorizations, rule sets, etc.) into business language  Remediation actions can be  authorization removal  mitigating control assignment Side notes  Authorization concept architecture impacts ease of remediation  Mitigating controls need to be in place and inventoried  The default rule set needs to be made company specific (false positives)© SAP 2010 / Page 15
  • 16. SAP BO Access Control Continuous Access Management Stay Clean Compliant Superuser Enterprise User Provisioning Privilege Management Role Management Get Clean Risk Analysis and Remediation© SAP 2010 / Page 16
  • 17. SAP BO Access Control Sustainable prevention of segregation of duties violations Minimal Continuous Time To Compliance Access Management (Get Clean) (Stay Clean) Risk Analysis Enterprise Role Compliant User and Remediation Management Provisioning Rapid, cost-effective Enforce SoD Prevent SoD and comprehensive compliance at violations at initial clean-up design time run time© SAP 2010 / Page 17
  • 18. Stay Clean – CUP demo© SAP 2010 / Page 18
  • 19. Stay clean (CUP) Request procedure is very structured  Only choice from existing business roles  Forces to work within the existing roles  Sustainability of implemented roles Approval procedure automated  Automated workflow (efficiency)  Preventive SOD checks (before approval)  Automated user provisioning  Sustainability of compliance of role assignments Side note  Role / authorization owners needed© SAP 2010 / Page 19
  • 20. SAP BO Access Control Sustainable prevention of segregation of duties violations Minimal Continuous Time To Compliance Access Management (Get Clean) (Stay Clean) Risk Analysis Enterprise Role Compliant User Superuser Privilege and Remediation Management Provisioning Management Rapid, cost-effective Enforce SoD Prevent SoD Close #1 audit issue and comprehensive compliance at violations at with temporary initial clean-up design time run time emergency access© SAP 2010 / Page 20
  • 21. Stay Clean – SPM demo© SAP 2010 / Page 21
  • 22. Stay clean (SPM) Firefighter roles  Classical firefighter activities (the truck is waiting and the issue needs to be solved)  Critical system access (debugging)  Support roles for IT people needing to perform business functionality on occasion  Sustainability of regular access rights  Sustainability of audit trail for activities out of the regular© SAP 2010 / Page 22
  • 23. SAP BO Access Control Effective Management Oversight and Audit Stay in Control Management Oversight Internal Audit Stay Clean Compliant Superuser Enterprise User Provisioning Privilege Management Role Management Get Clean Risk Analysis and Remediation© SAP 2010 / Page 23
  • 24. SAP BO Access Control Sustainable prevention of segregation of duties violations Effective Minimal Continuous Management Oversight Time To Compliance Access Management and Audit (Get Clean) (Stay Clean) (Stay in Control) Risk Analysis Enterprise Role Compliant User Superuser Privilege Periodic Access and Remediation Management Provisioning Management Review and Audit Rapid, cost-effective Enforce SoD Prevent SoD Close #1 audit issue Focus on remaining and comprehensive compliance at violations at with temporary challenges during initial clean-up design time run time emergency access recurring audits© SAP 2010 / Page 24
  • 25. Stay in Control – RAR demo© SAP 2010 / Page 25
  • 26. Stay in Control (RAR) What-if analysis  Check compliance before violations occur  Sustainability of compliance of role assignments Reaffirmation  Reaffirm role assignments on a regular basis  Sustainability of compliance of role assignments© SAP 2010 / Page 26
  • 27. SAP BO Access Control Sustainable prevention of segregation of duties violations Effective Minimal Continuous Management Oversight Time To Compliance Access Management and Audit (Get Clean) (Stay Clean) (Stay in Control) Risk Analysis Enterprise Role Compliant User Superuser Privilege Periodic Access and Remediation Management Provisioning Management Review and Audit Rapid, cost-effective Enforce SoD Prevent SoD Close #1 audit issue Focus on remaining and comprehensive compliance at violations at with temporary challenges during initial clean-up design time run time emergency access recurring audits Risk analysis, remediation and prevention services Cross-enterprise library of best practice segregation of duties rules© SAP 2010 / Page 27
  • 28. Conclusion SAP BO GRC Access Control ensures sustainability of  Implemented roles through a very structured request procedure  Compliance of role assignments (regular access) through:  Automated approval procedure with preventive rule set check  What-if analysis  Reaffirmation procedure  Audit trails (access out of the regular)© SAP 2010 / Page 28
  • 29. SAP BO GRC AC : The next release GRC2010 Barcelona  Release 10.0 of AC, PC & RM will be presented  One common technology platform (ABAP based)  More integration between the three applications  Mitigating controls in AC & PC  Risks in PC & RM  Functionality improvements© SAP 2010 / Page 29
  • 30. Questions?© SAP 2010 / Page 30
  • 31. For more info: www.expertum.netThank you!