Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

4. sa pience be tech day 2012 grc access control mdi

515 views

Published on

  • Be the first to comment

4. sa pience be tech day 2012 grc access control mdi

  1. 1. SAP GRC Access Control 10.0:Getting & staying in control of user access Melissa Dielman Your logo Chris Walravens SAPience.be Tech Day 2012 1
  2. 2. Expertum & SAP GRCThe need for SAP GRC Access ControlSAP GRC AC 10.0:• Components• Functionalities & Demo• BenefitsValue Testimonials SAPience.be Tech Day 2012 2
  3. 3. Expertum & SAP GRC Your logo Expertum is…. a SAP Consultancy firm with a dedicated SAP Security team offering services in • SAP Security Audits • Authorization concept design • SAP GRC implementation • SOD conflict remediation • Access Management Framework design • Day to day support the only Belgian SAP partner to achieve the GRC AC RDS Qualification GRC Channel Sales partner for Large Accounts providing the GRC trainers at SAP Education the first to implement GRC AC 10.0 successfully in a Belgian Company SAPience.be Tech Day 2012 3
  4. 4. Lack of Access Control Your logoTodays SAP environments often lack appropriate security andcontrols mechanisms, illustrated by following symptoms: Lack of Fragmented Bad practices business & IT approach to in user communica- access control management tion Excessive time Inability to & cost of prevent analysis & access risk audit SAPience.be Tech Day 2012 4
  5. 5. Access Control Strategy Your logo Define & Defined & centralized Access Rules Control Automated/manual process controlsGovernance ModelInformation availabilitySustainability EmpowerAutomation & Self-service Push & pull reporting Inform & Regular reviews Monitor Critical access & SOD Business & IT Increased ownership Document Full audit trail SAPience.be Tech Day 2012 5
  6. 6. SAP GRC Access Control Your logoComponents Analyze & Emergency Manage Risks Access Management (AMR) (EAM) Business Role Provision & Management Manage Users (BRM) (PMU) SAPience.be Tech Day 2012 6
  7. 7. Analyze & Manage Risk Your logo Analyze & Emergency Manage Risks Access Management (AMR) (EAM) Business Role Provision & Management Manage Users (BRM) (PMU) 7
  8. 8. Analyze & Manage Risk Your logo SAP GRC Access control prevents access risk by defining the rules and identifying & remediating violations. Centralized definition of Segregation of Duties Real-time risk analysis on user and role level Proactive detection of SoD issues by simulation Documentation & assignment of mitigating controls Automated Access Reviews & follow-up actions 8
  9. 9. Demo: AMR Your logo Analyze & Emergency Manage Risks Access Management (AMR) (EAM) Business Role Provision & Management Manage Users (BRM) (PMU) SOD reporting SOD analysis SOD simulation 9
  10. 10. Emergency Access Your logoManagement Analyze & Emergency Manage Risks Access Management (AMR) (EAM) Business Role Provision & Management Manage Users (BRM) (PMU) 10
  11. 11. Emergency Access Your logoManagement SAP GRC Access Control allows you to provide extended access rights to users on a exceptional basis. A complete logging ensures (ab)use of the access is traced & documented. Centralized, automated, pre-approved cross-system emergency access Automatic e-mail notification when emergency access is activated Detailed audit trails of performed actions 11
  12. 12. Demo Your logo Analyze & Emergency Manage Risks Access Management (AMR) (EAM) Business Role Provision & Management Manage Users (BRM) (PMU) Firefighter activation Firefighter logging 12
  13. 13. Provision & Manage Users Your logo Analyze & Emergency Manage Risks Access Management (AMR) (EAM) Business Role Provision & Management Manage Users (BRM) (PMU) 13
  14. 14. Provision & Manage Users Your logo SAP Access Control enables an automated, compliant user provisioning process, Automated access provisioning, requesting approval to the appropriate business & risk owner Preventive SOD analysis at time of request Automatic logging of request approvals and modification Password self-service Remote approval through smart phone app 14
  15. 15. SAP Access Approver Your logoMobile Application 15
  16. 16. Example: User Access Your logo Request Flow Mail Initiate User Request Assignment DeclineOwner Approve Role Mail SOD N Decline Y Approve Comp ControlOwner Mail Risk Accepted Risk Decline 16
  17. 17. Demo Your logo Analyze & Emergency Manage Risks Access Management (AMR) (EAM) Business Role Provision & Management Manage Users (BRM) (PMU) User access request Preventive SOD simulation Automated user provisioning Automated emailing 17
  18. 18. Business Role Management Your logo Analyze & Emergency Manage Risks Access Management (AMR) (EAM) Business Role Provision & Management Manage Users (BRM) (PMU) 18
  19. 19. Business Role Management Your logo Enforcing Best Practices for compliant role management Central documentation of SAP authorization concept Definition of cross application business roles Preventive risk analysis for authorization roles Change Management Process 19
  20. 20. GRC Access Control: Recap Your logoAccurately identify and analyze access Self service emergency accessrisk violations in real-time activationRemediate and mitigate conflicts for Centrally approve and manageusers and roles emergency access or all SAP systemsContinuously monitor access risks and Detailed usage logs for comprehensiveuser assignments across the enterprise emergency access reviews Analyze & Emergency Manage Risks Access Management (AMR) (EAM) Business Role Provision & Management Manage Users (BRM) (PMU)Centralized business role management Self service user access requestEnforced compliancy to format & SOD processrules Preventive risk analysis in userAutomated role governance process provisioninginvolving business & technical owners Automated workflow for efficiently approving requests Streamline and automate reviews of user access 20
  21. 21. Value Your logo Logging Prevention Business involvement Documentation Reporting Automation Self-service Centralization SLA SAPience.be Tech Day 2012 21
  22. 22. Value Testimonials Your logo “Using automated password reset, a large U.S. beverage producer reduced its IT service desk costs by more than $600,000 in only one year.” Gartner “SAP BO Access Control and SAP NW Identity Management have helped us save vast amounts of money by automating almost the entire authorization process from access request to approval and documentation” R. Falke, Vibracoustic GmbH & co “Finally we have just one place to look for all our compliance rule sets, violations, mitigating controls, … and so forth. That winds up saving us quite a bit of money” Diana Dayal, Newell Rubbermade Inc “Although Identity and Access Management has traditionally played the role of gatekeeper, it is now also helping to improve business agility and reduce IT complexity by enabling organizations to quickly control user access” Deloitte, 2010 TMT Global Security Survey 22
  23. 23. Your logoContact Details Melissa Dielman Chris Walravens Sr GRC Consultant GRC Competence Lead T. +32 470 56 20 63 T. +32 474 47 59 83 E. Melissa.Dielman@expertum.net E. Chris.Walravens@expertum.net www.expertum.net www.expertum.net 23
  24. 24. Thank you! Your logo SAPience.be Tech Day 2012 24

×