Appsian And SAP GRC: Enhance Access Governance with Adaptive Data Security and Analytics

1. By combining data-centric security capabilities with attribute-based policies, Appsian’s Adaptive Data
Security and Analytics products enable enterprises to apply dynamic, fine-grained controls to their
most critical business transactions.
For customers using SAP GRC, Appsian can extend the existing access control policies to
improve the effectiveness of internal controls, and enhance the reporting capabilities for
direct, real-time visibility into transaction usage, violations, and compliance risk.
Appsian and SAP GRC
Enhance Access Governance with
Adaptive Data Security and Analytics
Appsian Real-Time Analytics
• Monitor transaction usage, master data
changes, SoD violations
• View actual SoD violations with user, data,
and transaction correlation
• Segment reports by user/data attributes
• Drill down into end-user usage events
Appsian Adaptive Data Control
• Deploy attribute-based access control
policies interlaced with SAP GRC
• Implement real-time preventive SoD
controls and business process controls
• Enforce dynamic field-level controls
Improve Visibility
Enhance Control
SAP GRC Access Control
• Core foundation relies on role-based
access controls
• Relies on generic SoD rules
• Limited to static controls at the transaction
level
© Appsian 2019 www.appsian.com info@appsian.com
SAP GRC, Reporting Capabilities
• Relies on scheduled audits
• Frequent false-positives on SoD violations
• Limited context to log records
• Raw CSV export format
• Requires manual correlation of events

2. Appsian and SAP GRC
Enhance Access Governance with Adaptive Data Security and Analytics
SAP GRC Access Control
• Provides the right access to the right people
• Helps detect, manage, and prevent access violations
• Access request administration – Workflow driven access requests and approvals
• Automates reviews of role access, authorizations, risks and controls
SAP GRC Process Control
• Enables centralized documentation of controls and policies, and covers the risks and
regulations impacting an enterprise
• Allows testing of controls to manage risk
• Helps evaluate the controls and remediate issues using a range of tools
• Allows monitoring of controls
• Provides actionable insights
• Helps to enable preventive controls
• Makes internal processes more efficient by automation
Appsian Adaptive Data Security & Analytics for SAP
• Access control at the transaction and data level
• Preventive business process controls
• Preventive Segregation of Duties controls
• Real-time analytics for application usage, business risk, and compliance
Appsian Products SAP GRC
Core foundation relies on Attribute Based Access control Core foundation relies on Role Based Access Control
Ability to implement Realtime SoD Violation rules Allows you to set up generic SoD rules
Granular Access control using ABAC Transaction Level Access Control using RBAC
Allows segregation of Data in reports using ABAC
(Who , When, What and How)
Need customization to support data filtering in reports
Analytical reports to drill down into end user usage
events to capture business risks and anomalies
N/A
Combine Business Rules with IT Security to Deliver Data-
Centric ERP Protection
Cannot consume IT security requirements
Analytical reports to drill down into usage events that tie
back to Compliance risks
N/A