This white paper proposes integrating the RSA Archer GRC platform with SAP products to provide a unified enterprise governance, risk, and compliance (eGRC) solution. The integration would automate the flow of compliance data from SAP applications into RSA Archer to centralize information, reduce manual work, and improve maturity of risk management. A prototype integration was developed using SAP GRC to collect data from SAP applications and send it to RSA Archer for reporting and action planning. The paper describes the architecture and provides examples of automated compliance checks that could be performed through the integrated system.
Utility companies are constantly threatened by bad actors seeking to hack into their systems and probing for weaknesses to exploit. For utility HR and IT departments, mitigating this threat while protecting employees’ personally identifiable information (PII) is more critical than ever. As the threats to utilities increase, utility companies need systems that reduce overall vulnerability and protect employee privacy and the trust of citizens.
Mitigate cybersecurity risk with FedRAMP-certified HR solutions Bhupesh Chaurasia
Government agencies and branch locations are under increasing pressure to attract, hire, and retain the best talent in the face of bad actors who are constantly trying to hack personnel data. Learn how to protect your employees with FedRAMP-certified cloud applications that deliver the federal cybersecurity standards your agency requires.
Configuration Compliance For Storage, Network & Server EMC
This white paper shows the benefits of integrating IT infrastructure management technologies such as Network Configuration Manager, Storage Configuration Advisor and vCenter Configuration Manager into the RSA Archer platform for Configuration Compliance.
Whitepaper : Building a disaster ready infrastructureJake Weaver
It’s not just hurricanes, fire or other natureal disasters that can bring a business to its knees. Everyday problems such as bad software, misconfigured networks, hardware failures or power outages are much more common. In fact, power failures accounted for nearly half of the declared disasters reported in a recent survey conducted by Forrester
Utility companies are constantly threatened by bad actors seeking to hack into their systems and probing for weaknesses to exploit. For utility HR and IT departments, mitigating this threat while protecting employees’ personally identifiable information (PII) is more critical than ever. As the threats to utilities increase, utility companies need systems that reduce overall vulnerability and protect employee privacy and the trust of citizens.
Mitigate cybersecurity risk with FedRAMP-certified HR solutions Bhupesh Chaurasia
Government agencies and branch locations are under increasing pressure to attract, hire, and retain the best talent in the face of bad actors who are constantly trying to hack personnel data. Learn how to protect your employees with FedRAMP-certified cloud applications that deliver the federal cybersecurity standards your agency requires.
Configuration Compliance For Storage, Network & Server EMC
This white paper shows the benefits of integrating IT infrastructure management technologies such as Network Configuration Manager, Storage Configuration Advisor and vCenter Configuration Manager into the RSA Archer platform for Configuration Compliance.
Whitepaper : Building a disaster ready infrastructureJake Weaver
It’s not just hurricanes, fire or other natureal disasters that can bring a business to its knees. Everyday problems such as bad software, misconfigured networks, hardware failures or power outages are much more common. In fact, power failures accounted for nearly half of the declared disasters reported in a recent survey conducted by Forrester
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
As businesses continue to adopt new cloud and mobile functionality rapidly, we find the
edges of the network even more blurred, and our definitions of data ownership and breach
responsibility continue to evolve. Staffing and training continue to be the foremost challenge
of the modern SOC. This is paving the way to hybrid staffing models and hybrid infrastructures
that require less in-house expertise. As a result, highly skilled security team members can then
be utilized for a more specialized hunt and analytics-focused work.
There is no question this year has been both an exciting and challenging time to be in the field
of cyber security. On one hand, it is disheartening to see the continued decline in the maturity
and effectiveness of security operations, while, on the other, I know that we are in the middle
of an exciting and transformative change in our field. You can feel it. We must go where the
data leads us, and we believe that is to widen our definition of security operations to leverage
analytics, data science, Big Data, and shared intelligence to become more effective in protecting
today’s digital enterprise.
Business-Driven Identity and Access Governance: Why This New Approach MattersEMC
This white paper explains why taking a business-driven approach to identity and access governance (IAG) can enable organizations to easily prove compliance, minimize risk, and enable the business to be productive.
Old Dog New Tricks - How Gartners Pattern Based Strategy Impacts Oracle E-Bus...eprentise
As the economy moved into a recession, last year’s Black Friday was particularly dismal for many retailers who, in anticipation of the usual holiday rush and ignoring any leading economic indicators, had stocked up on inventories. Last year’s lesson was remembered this year, and Black Friday profits – although weak – at least weren’t dragged down by the costs of excessive year-end inventories.
View the original Blog post: http://www.eprentise.com/blog/trends-and-technology/old-dog-new-tricks-how-gartners-pattern-based-strategy-impacts-oracle-e-business-suite-customers/
Website: www.eprentise.com
Twitter: @eprentise
Google+: https://plus.google.com/u/0/+Eprentise/posts
Facebook: https://www.facebook.com/eprentise
Ensure your data is Complete, Consistent, and Correct by using eprentise software to transform your Oracle® E-Business Suite.
Making Executives Accountable for IT SecuritySeccuris Inc.
How do we make executives accountable for IT Security?
Michael outlines the general challenges, details key items of concern and discusses the focus areas that can be taken to improve the daily governance of IT security in your organization.
…But Now I See—A Vulnerability Disclosure Maturity ModelPriyanka Aash
Someone politely knocks on your door and reports that there’s a hole in your wall big enough for a person to climb through. You immediately threaten legal action. Crazy? In the world of vuln research, this happens. This session will review a Vuln Disclosure Maturity Model created describe best-in-class practices. For any company wanting to get better bug reports faster—this session is a must.
(Source: RSA USA 2016-San Francisco)
The Forrester Wave™: Enterprise Mobile Management Q3 2014Symantec
We’re happy to share that Symantec was named a Leader in the Forrester Wave™: Enterprise Mobile Management, Q3 2014! The research conducted by Forrester Research, Inc. evaluated Symantec and 14 other vendors against 27 criteria for current offering, strategy, and market presence.
Symantec was identified as one of ten vendors that “lead the pack.” The leaders were noted for separating ourselves from other vendors by introducing a strong security background without disruption for the employee. Forrester defines Leaders as balancing OS, application, and data management functionality while providing flexible container options and productivity applications, and have demonstrated a strong vision and roadmap to help customers as they bring their PC and mobile management strategies together.
Recognizing the renowned enterprise security solution providers, Insights Success has enlisted “The 10 Most Promising Enterprise Security Solution Providers, 2019”
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
As businesses continue to adopt new cloud and mobile functionality rapidly, we find the
edges of the network even more blurred, and our definitions of data ownership and breach
responsibility continue to evolve. Staffing and training continue to be the foremost challenge
of the modern SOC. This is paving the way to hybrid staffing models and hybrid infrastructures
that require less in-house expertise. As a result, highly skilled security team members can then
be utilized for a more specialized hunt and analytics-focused work.
There is no question this year has been both an exciting and challenging time to be in the field
of cyber security. On one hand, it is disheartening to see the continued decline in the maturity
and effectiveness of security operations, while, on the other, I know that we are in the middle
of an exciting and transformative change in our field. You can feel it. We must go where the
data leads us, and we believe that is to widen our definition of security operations to leverage
analytics, data science, Big Data, and shared intelligence to become more effective in protecting
today’s digital enterprise.
Business-Driven Identity and Access Governance: Why This New Approach MattersEMC
This white paper explains why taking a business-driven approach to identity and access governance (IAG) can enable organizations to easily prove compliance, minimize risk, and enable the business to be productive.
Old Dog New Tricks - How Gartners Pattern Based Strategy Impacts Oracle E-Bus...eprentise
As the economy moved into a recession, last year’s Black Friday was particularly dismal for many retailers who, in anticipation of the usual holiday rush and ignoring any leading economic indicators, had stocked up on inventories. Last year’s lesson was remembered this year, and Black Friday profits – although weak – at least weren’t dragged down by the costs of excessive year-end inventories.
View the original Blog post: http://www.eprentise.com/blog/trends-and-technology/old-dog-new-tricks-how-gartners-pattern-based-strategy-impacts-oracle-e-business-suite-customers/
Website: www.eprentise.com
Twitter: @eprentise
Google+: https://plus.google.com/u/0/+Eprentise/posts
Facebook: https://www.facebook.com/eprentise
Ensure your data is Complete, Consistent, and Correct by using eprentise software to transform your Oracle® E-Business Suite.
Making Executives Accountable for IT SecuritySeccuris Inc.
How do we make executives accountable for IT Security?
Michael outlines the general challenges, details key items of concern and discusses the focus areas that can be taken to improve the daily governance of IT security in your organization.
…But Now I See—A Vulnerability Disclosure Maturity ModelPriyanka Aash
Someone politely knocks on your door and reports that there’s a hole in your wall big enough for a person to climb through. You immediately threaten legal action. Crazy? In the world of vuln research, this happens. This session will review a Vuln Disclosure Maturity Model created describe best-in-class practices. For any company wanting to get better bug reports faster—this session is a must.
(Source: RSA USA 2016-San Francisco)
The Forrester Wave™: Enterprise Mobile Management Q3 2014Symantec
We’re happy to share that Symantec was named a Leader in the Forrester Wave™: Enterprise Mobile Management, Q3 2014! The research conducted by Forrester Research, Inc. evaluated Symantec and 14 other vendors against 27 criteria for current offering, strategy, and market presence.
Symantec was identified as one of ten vendors that “lead the pack.” The leaders were noted for separating ourselves from other vendors by introducing a strong security background without disruption for the employee. Forrester defines Leaders as balancing OS, application, and data management functionality while providing flexible container options and productivity applications, and have demonstrated a strong vision and roadmap to help customers as they bring their PC and mobile management strategies together.
Recognizing the renowned enterprise security solution providers, Insights Success has enlisted “The 10 Most Promising Enterprise Security Solution Providers, 2019”
All of material inside is un-licence, kindly use it for educational only but please do not to commercialize it.
Based on 'ilman nafi'an, hopefully this file beneficially for you.
Thank you.
All of material inside is un-licence, kindly use it for educational only but please do not to commercialize it.
Based on 'ilman nafi'an, hopefully this file beneficially for you.
Thank you.
The State of California Housing Finance Authority (CalHFA) has recently reintroduced and expanded it's Extra Credit Teacher Program.
Complete Post & Guidelines Here: www.BMCLB.com/edu-workbook/
In addition to this exciting new Buyer Assistance and Closing Cost assistance program, the State of California also offers homebuyer assistance loans and grants that are available to first time, and non-first time buyers throughout the State.
This slideshow was modified from the original live class to create a shortened version for video.
How to Design a Logo. User Guide for Logo TemplatesMaxim Logoswish
Learn how to open and use your logo templates.
We provide quality company logo templates for small businesses and individuals, including realtors, bloggers etc. Logoswish deliver modern & creative logos.
Logoswish established their design consultancy in 2001 with a primary focus on logo design and corporate identity. We have experience working with different budget projects. We understand how to provide quality services to our customers through individual attention, and provide satisfaction to each of our clients. Logoswish provide excellent value for money.
General idea of Logoswish provides logo design for small business, individuals (who has personal business activity such as bloggers, photographers, realtors etc.), invents (Expeditions, Forums, meetings etc.) and projects visualization. We specialise in pre-made logo templates to increase both value, but also to shorten the time taken to kick-off a design identity project. Choosing the right logo or corporate design need not be a laborious task. We give you the logo you wish for.
To ensure every customer we provide services for are satisfied, feel they have received excellent value and would recommend us to a colleague or friend.
Logoswish – logos you wish.
http://www.logoswish.com
Cloud Integration for Hybrid IT: Balancing Business Self-Service and IT ControlAshwin V.
The success of SaaS applications has led to the era of hybrid IT - an era where both on-premise and SaaS applications coexist. To make this coexistence fruitful, it is essential to have a cloud integration strategy for any hybrid IT environment. Read to find out more.
PLAY TO WIN
In Business, As In Chess, Forethought Wins
Showcasing exemplary stories of success where channel partners have gone to great lengths to implement innovative solutions. Acclaiming those partners who have risen to the challenges of the digital era and transformed their business to a solutions offering. Inspiring channel businesses to become value-added providers and trusted allies to their customers. Stories that made a Difference.
eGestalt Announces Next Generation Security Posture Management with AegifyAegify Inc.
eGestalt Technologies (www.eGestalt.com), a provider of IT security monitoring and compliance management for SMBs and enterprises, today announced Aegify, the world’s first completely integrated and unified IT-GRC and cloud-based Security Posture Management (SPM) product using a completely software-based solution.
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...Symantec
Today’s data centers are transitioning into software-defined data centers (SDDC). In the SDDC, the core elements of the infrastructure—storage, server and compute, networking, databases, and business applications—are virtualized and delivered as services. The deployment, provisioning, configuration, management and operation of the entire infrastructure is abstracted from hardware and implemented through software. The infrastructure resources across the stack are application-centric, and customers have the ability to provision IT assets across their public cloud, private cloud, and on-premise domains. These SDDC capabilities are intended to enhance an enterprise’s ability to quickly respond to new opportunities and emerging threats.
Delivering Operational Excellence with InnovationFindWhitePapers
Examine the trends in enterprise resource planning (ERP) that are driving businesses to adopt an enterprise services-oriented architecture (SOA). And learn how enterprise SOA can help your organization deliver operational excellence and realize new levels of innovation by enabling more responsiveness and agility.
With businesses now accelerating their goal to becoming a whole cloud-native interface in the
coming years, with a ground cloud-based disaster recovery strategy, they must also be embedded
within their management plans. Otherwise, every business risks losing vital data and having
its systems, operations, and services shut down by natural and artificial disasters, hardware
failures, power outages, and security risks.
Attacks on the enterprise are getting increasingly sophisticated. Current solutions available do not seem to be adequate given the innovativeness, precision and persistence of these attacks in different forms and of different dimensions. Organisations thus want to increase the sophistication of their employees and also of the solutions to be deployed given this backdrop.
Similar to EMC Hybrid Cloud for SAP - Enhanced Security and Compliance (20)
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
CloudBoost is a cloud-enabling solution from EMC
Facilitates secure, automatic, efficient data transfer to private and public clouds for Long-Term Retention (LTR) of backups. Seamlessly extends existing data protection solutions to elastic, resilient, scale-out cloud storage
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
With EMC XtremIO all-flash array, improve
1) your competitive agility with real-time analytics & development
2) your infrastructure agility with elastic provisioning for performance & capacity
3) your TCO with 50% lower capex and opex and double the storage lifecycle.
• Citrix & EMC XtremIO: Better Together
• XtremIO Design Fundamentals for VDI
• Citrix XenDesktop & XtremIO
-- Image Management & Storage
-- Demonstrations
-- XtremIO XenDesktop Integration
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC
Explore findings from the EMC Forum IT Study and learn how cloud computing, social, mobile, and big data megatrends are shaping IT as a business driver globally.
Reference architecture with MIRANTIS OPENSTACK PLATFORM.The changes that are going on in IT with disruptions from technology, business and culture and so IT to solve the issues has to change from moving from traditional models to broker provider model.
Force Cyber Criminals to Shop Elsewhere
Learn the value of having an Identity Management and Governance solution and how retailers today are benefiting by strengthening their defenses and bolstering their Identity Management capabilities.
Container-based technology has experienced a recent revival and is becoming adopted at an explosive rate. For those that are new to the conversation, containers offer a way to virtualize an operating system. This virtualization isolates processes, providing limited visibility and resource utilization to each, such that the processes appear to be running on separate machines. In short, allowing more applications to run on a single machine. Here is a brief timeline of key moments in container history.
This white paper provides an overview of EMC's data protection solutions for the data lake - an active repository to manage varied and complex Big Data workloads
This infographic highlights key stats and messages from the analyst report from J.Gold Associates that addresses the growing economic impact of mobile cybercrime and fraud.
This white paper describes how an intelligence-driven governance, risk management, and compliance (GRC) model can create an efficient, collaborative enterprise GRC strategy across IT, Finance, Operations, and Legal areas.
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
This white paper discusses the results of a CIO UK survey on a“Trust Paradox,” defined as employees and business partners being both the weakest link in an organization’s security as well as trusted agents in achieving the company’s goals.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
EMC Hybrid Cloud for SAP - Enhanced Security and Compliance
1. White Paper
EMC Solutions
Abstract
This White Paper details the integration between the RSA Archer ®
and SAP
products by prototyping integration processes that help a customer understand
how the two products can work together to provide a unified eGRC solution.
This solution satisfies business and management priorities across IT, finance,
operations, and legal domains, and helps achieve automated compliance with
regulatory requirements.
August 2014
EMC HYBRID CLOUD FOR SAP
Enhanced Security and Compliance
Centralize compliance information into a single repository
Automate application control verification
Integrate RSA Archer with SAP
3. 3EMC Hybrid Cloud for SAP
Enhanced Security and Compliance
Table of contents
Executive summary............................................................................................................................... 5
Business case.................................................................................................................................. 5
Solution overview ............................................................................................................................ 5
Key results/ recommendations ........................................................................................................ 6
Introduction.......................................................................................................................................... 7
Purpose ........................................................................................................................................... 7
Scope .............................................................................................................................................. 7
Audience ......................................................................................................................................... 7
Terminology..................................................................................................................................... 7
Solution overview................................................................................................................................. 8
Current situation.............................................................................................................................. 8
Our solution..................................................................................................................................... 9
Solution architecture................................................................................................................. 10
Key components ............................................................................................................................ 11
SAP Business Suite ................................................................................................................... 11
SAP GRC.................................................................................................................................... 11
RSA Archer ................................................................................................................................ 12
EHC overview ................................................................................................................................. 13
Use cases and verifications ................................................................................................................ 15
Overview........................................................................................................................................ 15
Using an automated application to control verification .................................................................. 15
Process ..................................................................................................................................... 15
Summary................................................................................................................................... 15
Monitoring client opening and closing for configuration................................................................. 15
Process ..................................................................................................................................... 16
Summary................................................................................................................................... 16
Assigning high-risk profiles............................................................................................................ 16
Process ..................................................................................................................................... 16
Summary................................................................................................................................... 16
Identifying and deleting inactive SAP user accounts....................................................................... 17
Process ..................................................................................................................................... 17
Summary................................................................................................................................... 17
Monitoring SoD user violation rates ............................................................................................... 17
Process ..................................................................................................................................... 18
Summary................................................................................................................................... 18
Monitoring SoD role violation rates ................................................................................................ 18
Process ..................................................................................................................................... 18
4. EMC Hybrid Cloud for SAP
Enhanced Security and Compliance
4
Summary................................................................................................................................... 19
Monitoring of opening/closing of financial and material periods for posting .................................. 19
Process ..................................................................................................................................... 19
Summary................................................................................................................................... 19
Conclusion ......................................................................................................................................... 20
Summary ....................................................................................................................................... 20
Findings......................................................................................................................................... 20
Professional Services..................................................................................................................... 20
References.......................................................................................................................................... 22
White papers ................................................................................................................................. 22
Product documentation.................................................................................................................. 22
5. 5EMC Hybrid Cloud for SAP
Enhanced Security and Compliance
Executive summary
Organizations recognize that their ability to compete in a global marketplace is
increasingly tied to the efficiency and agility of their IT solutions and their ability to
remain flexible as the business environment evolves. Enterprise Governance, Risk,
and Compliance (eGRC) strategy is a key component to this evolution as it ensures
effective risk management and organizational compliance, which are critical to the
organization’s mission. The impact of unmanaged risk to this mission is highly visible
and detrimental to the organization’s bottom line.
For the Chief Information Security Officer (CISO), and other executives performing
similar duties, the increased focus on an organization’s compliance posture has led
to increased focus on financial risks, operational risks, strategic risks and the close
management of operationalizing security initiatives. For IT professionals, this requires
translating IT risks into digestible terms for the business so that they can prioritize
the risks appropriately at the enterprise level. Compliance should be embedded in
core processes, not the afterthought following a significant event.
This compliance revolution is taking place as businesses are moving core
applications into the cloud and facing the challenges of big data, explosive
information growth, data mobility, and social media. The ability to manage risks and
effectively meet compliance requirements in this networked and mobile world
enables the enterprise to meet these challenges head on.
Alternatively, in some cases, the compliance landscape is fragmented with multiple
applications housing GRC-related data. This GRC landscape has many disadvantages
including the delayed processing of manual tasks, complex management of IT
architecture, data inefficiency, and overburdened resources. This lack of consolidated
data hinders the organization from achieving timely compliance and managing risk
effectively.
As part of the EMC Hybrid Cloud for SAP solution, the EMC Solutions team in
collaboration with the RSA Archer®
team and EMC/RSA partner, S3, has created a
solution that directly integrates the RSA Archer and SAP products. This will assist
customers in addressing the challenges of centralizing and consolidating
governance, risk, and controls information from SAP and non-SAP applications into a
single repository to support ongoing compliance activities. Figure 1 represents the
basic elements of this solution.
Figure 1. Unified eGRC solution
Business case
Solution overview
6. EMC Hybrid Cloud for SAP
Enhanced Security and Compliance
6
This solution builds and tests the integration between RSA Archer and SAP products
by prototyping the processes that aid customers in understanding how the two
products can work together. This combined, unified eGRC solution satisfies business
and management priorities and facilitates the automated compliance with regulatory
requirements.
Organizations using both SAP and RSA Archer GRC will be able to:
Assess their current eGRC operations and identify processes that are resource
intensive, time consuming, manual and repetitive.
Automate control and compliance data collection.
Receive direct data feeds from SAP into Archer to consolidate compliance
results.
Use Archer’s advanced user interface, dashboard, analytics and reports to
improve eGRC maturity.
Reduce manual effort spent on data collection, research, and analysis of GRC
results from multiple sources.
Increase resource efficiency and the ability to evolve towards a predictive risk
posture.
Eliminate manual action plan task assignment for compliance failures.
Immediately respond to both internal and external compliance inquiries with
automated verification of detailed results.
Key results/
recommendations
7. 7EMC Hybrid Cloud for SAP
Enhanced Security and Compliance
Introduction
The purpose of this document is to provide information about integration between
RSA Archer GRC and SAP, which is provided as a service by RSA.
This White Paper focuses on the integration between RSA Archer GRC and SAP. The
solution design, architecture and a sample of seven use cases are discussed in
detail. The paper does not cover step-by-step configuration, infrastructure, or non-
SAP application compliance management.
This document is intended for information security, risk, and controls (ISRC)
leadership, Chief Information Security Officers, governance officers, internal audit,
and SAP security managers. Readers should be familiar with Enterprise Compliance
regulations and requirements, the RSA Archer GRC platform and its applications, SAP
Business Suite, SAP GRC, and general IT functions requirements. Knowledge of EMC
Hybrid Cloud is recommended but not mandatory.
Table 1 lists terminology included in this white paper.
Table 1. Terminology
Term Definition
CISO Chief Information Security Officer
eGRC Enterprise Governance, Risk, and Compliance
GRC Governance, Risk, and Compliance
SoD Segregation of Duties
SOX Sarbanes-Oxley Act
Purpose
Scope
Audience
Terminology
8. EMC Hybrid Cloud for SAP
Enhanced Security and Compliance
8
Solution overview
SAP Business Suite is the pre-eminent business software suite used by enterprises all
over the world. All major business processes are covered by its components such as
ERP, CRM, and SRM. SAP GRC or similar third-party tools are widely used by
organizations to provide governance, risk and control to their SAP systems. The RSA
Archer GRC solution is not only widely recognized as the eGRC market leader by
Gartner and Forrester IT, but is in use in over 25 of the Fortune 100. This results in
many of these organizations using both the SAP GRC (or similar third-party tools) and
RSA Archer GRC. It also may result in the use of two separate GRC systems in many of
these enterprises. Typically, SAP GRC manages compliance efforts within the SAP
applications while Archer eGRC manages enterprise-wide non-SAP applications as
well as infrastructure requirements.
Figure 2 shows how SAP applications communicate together but are separate from
the Archer platform. The Archer application needs manual input for validation from
non-SAP applications.
Figure 2. Current Archer/SAP environment
This scenario has several major disadvantages, including the effort required, the
manual documentation needed, and the use of two separate but similar tools.
Significant effort required
Regulatory compliance within SAP is a resource-intensive activity that requires large
amounts of time and distracts the focus of security team members who would be
more productive focusing on more strategic preventative and predictive risk
management activities.
Manual documentation
The current method of reporting compliance consists of manual testing followed by
manually recording the results into Archer. This generates a huge amount of data to
satisfy regulatory requirements. Furthermore, External Audit is far less comfortable
with manually created documents than it is with trusted system-to-system interfaces
or data transfers.
Current situation
9. 9EMC Hybrid Cloud for SAP
Enhanced Security and Compliance
Separate tools
Having two separate GRC tools (Archer and SAP) both addressing “Compliance” and
“Risk” objectives creates confusion about the purpose of each system. This
confusion often leads to duplication of effort and overlapping resource
responsibilities. In fact, these applications have quite different business objectives.
The SAP GRC tool supports activities such as access management or compliant user
provisioning (including segregation-of-duties reviews and mitigating controls),
emergency access management, role management, and process controls. The Archer
eGRC tool takes an enterprise focus that allows you to manage the complete lifecycle
of corporate policies and report compliance with controls and regulatory
requirements across the organization.
The Archer/SAP integration approach eliminates the manual intervention required to
report results and generate action plans. It addresses GRC from both a business and
an IT perspective simultaneously. This enterprise-wide GRC strategy reduces risk with
measurable and consistent metrics. It assists the company in becoming more cost-
efficient in addressing risk and allows greater flexibility in adjusting its business
model as the market demands without significantly increasing risk.
Figure 3 shows how SAP applications, non-SAP applications, and infrastructure
integrate and feed into the Archer enterprise platform.
Figure 3. Archer/SAP integration
Compliance management and incident management
In this solution, the compliance management application directly communicates the
adherence to or failure of the SAP applications to comply with client-specific settings
and SOX regulations as identified within policy management. This results in tailored
compliance solutions automatically distributing email notification of results related
to your compliance levels. Compliance status is immediately visible within the
dashboard reporting metrics and action can be taken based on automated workflow
notification. This further advances the maturity of the organization and its ability to
take action based on ongoing automated monitoring efforts rather than audit
findings.
Our solution
10. EMC Hybrid Cloud for SAP
Enhanced Security and Compliance
10
When Archer's incident management application identifies a non-compliant policy, it
generates an incident which, in turn, creates a work task for the responsible party.
In this solution, not only will the Compliance Management dashboards display
current compliance levels, but Incident Management will also track open items to
achieve resolution for any temporary failures.
Each solution includes automated workflow notification functionality to communicate
status. This is available to distribute updates to any interested or responsible parties.
Figure 4 illustrates an example of integrated compliance management, incident
management and email notification.
Figure 4. Integrated compliance/incident management and email notification
Solution architecture
This solution consists of an SAP GRC system and an RSA Archer GRC system. To
demonstrate the use cases of this solution, an SAP ERP IDES system was prepared as
a source system to the SAP GRC system. A shared file repository is required and
should be accessible from both the SAP GRC system and Archer GRC.
Note: While a standalone SAP GRC system was used in this solution, it is not mandatory.
The tools can be integrated with an SAP system or an SAP GRC system.
Figure 5 shows the architecture of this solution.
11. 11EMC Hybrid Cloud for SAP
Enhanced Security and Compliance
Figure 5. Archer/SAP integration architecture
Table 2 lists the software components and their versions used in the solution lab.
Table 2. Solution software
Software Version Purpose
SAP GRC 10 SP13/NW 7.0 EhP2 SAP GRC system
SAP ERP ECC 6.0 EhP6 SAP ERP IDES system
RSA Archer GRC 5.4 SP1 P2 RSA Archer GRC system
SAP Business Suite
SAP Business Suite is a collection of business applications that integrates enterprise-
wide information and processes, collaboration, and functionality for specific
industries. It consists of the following applications:
SAP ERP (Enterprise Resource Planning)
SAP CRM (Customer Relationship Management)
SAP SRM (Supplier Relationship Management)
SAP SCM (Supply Chain Management)
SAP PLM (Product Lifecycle Management)
The SAP ERP application provides the core of the SAP Business Suite. Augmented
with the CRM, SRM, SCM, and PLM applications, it is used to manage all the key
business processes involved in the daily business of companies all over the world.
Manufacturing, inventory, sales, marketing, human resources, and accounting—there
is hardly any aspect of modern business that SAP Business Suite does not handle.
SAP GRC
The SAP Business Suite includes multiple modules and products that cover all
aspects of business operations (supply chain, finance, asset management,
procurement, and so on). Each of these areas carries inherent compliance and risk
components that need to be monitored by a centralized tool.
Key components
12. EMC Hybrid Cloud for SAP
Enhanced Security and Compliance
12
SAP-GRC is the tool used to ensure that SAP-related application, access, and process
controls comply with standard regulatory statutes.
SAP GRC reviews access controls, process controls, and role management activities
within the SAP applications to provide detailed feedback on internal control
violations based on configured Segregation-of-Duties (SoD) matrices or process
control violations based on defined policies. It is particularly effective in the
monitoring of segregation-of-duties and process control capabilities within SAP
applications, which are critical to assessing the overall GRC risk posture for the
organization.
SAP GRC also supports firefighter or emergency access to SAP applications with
tracking for audit purposes. These activities carry a compliance requirement to ensure
that this special access is managed appropriately, reviewed in a timely manner, and
is not used excessively.
RSA Archer
RSA Archer provides a technology architecture that integrates with EMC/VMware
systems to provide a cohesive view into the organization’s eGRC operations. The
integrated solution not only provides compliance data for configuration violations
and vulnerabilities but also blends with risk analytics, loss events, logs, document
and records retention data, and accounting information. This data is often scattered
across multiple tools and systems. RSA Archer aggregates the data, putting risks,
threats, incidents and compliance deficiencies into a business context and enabling
managers to prioritize the response based on what is most significant to the
organization.
Key characteristics
The key characteristics of the RSA Archer platform include:
Centralized views—A central view of risk and compliance activities provides a
single lens through which stakeholders can identify threats early and prioritize
issues, as well as improve efficiencies by applying a single process to multiple
regulations. Archer’s dashboards provide easy-to-read information at executive
and administrative levels. They include metrics on risk, compliance, incidents,
and threat management, giving the organization valuable insight to drive its
risk management processes. Figure 6 shows an example Archer dashboard.
13. 13EMC Hybrid Cloud for SAP
Enhanced Security and Compliance
Figure 6. Archer dashboard
Automation—Through automation, organizations achieve continuous risk and
controls monitoring as opposed to the point-in-time spot checks of the past.
Technological capabilities required include advanced risk analytics and
modeling, automated controls tied to business rules engines, advanced
content and process management capabilities, and embedded GRC control
points.
Integration—Multiple point solutions that span different areas of the
infrastructure are costly to manage, fail to deliver a holistic view of the
enterprise, and cannot correlate analysis to provide reliable conclusions.
Archer’s level of integration enables management and reporting across the
enterprise.
Flexibility—The Archer platform is adaptable and can evolve as the business
evolves. Furthermore, business is able to make changes and build out
applications to solve business programs without relying on costly, time-
intensive custom development.
The EMC Hybrid Cloud solution empowers IT organizations to accelerate
implementation and adoption of an on-premises hybrid cloud that delivers
infrastructure as a service (IaaS) to their business, while still enabling customer
choice for the compute and networking infrastructure within the data center. It
integrates the best of EMC and VMware products and services, and enables
customers to build an enterprise-class, scalable, multitenant infrastructure that
provides features and functionalities including:
Self-service and automation
Multitenancy and secure separation
Security and compliance
Monitoring and service assurance
Data protection, continuous availability, and disaster recovery
EHC overview
14. EMC Hybrid Cloud for SAP
Enhanced Security and Compliance
14
Metering
Particularly regarding security and compliance, this solution addresses the
challenges of securing authentication and configuration management to aid in
compliance with industry and regulatory standards through:
Securing the infrastructure by integrating with a public key infrastructure (PKI)
to provide authenticity, nonrepudiation, and encryption
Converging the various authentication sources into a single directory to enable
a centralized point of administration and policy enforcement
Using configuration management tools to audit the infrastructure and
demonstrate compliance.
This solution seamlessly integrates with EMC Hybrid Cloud to provide enhanced
security compliance on top of the previously mentioned security and compliance
measures. In addition, it can be implemented as a standalone solution for those who
would like to enjoy the benefit before transforming their existing IT infrastructure to
EMC Hybrid Cloud.
15. 15EMC Hybrid Cloud for SAP
Enhanced Security and Compliance
Use cases and verifications
The following use cases provide a glimpse into the extensive automation possibilities
between the SAP and Archer GRC applications. Each of the following SAP-related
procedures has been created and tested. They can be implemented with the basic
configuration framework to customize the solution based on the specific needs of an
individual customer’s SAP landscape.
Note: These use cases are only a small representative sample of the many that are possible
with SAP and Archer GRC integration.
Automating the detailed confirmation of RSPARAM or IT application control settings
enables customers to monitor specific application controls within SAP for regulatory
compliance purposes. The existing parameters are identified and reported to Archer
to note current settings (passed tests) and/or deviations from the configured
requirements (failed tests).
Process
The following table describes the process of this use case.
Table 3. Using an automated application to control verification
Step Description
1 Each test is executed based on scheduled batch job execution within the SAP
system.
2 Results are written to a text file on a shared file server.
3 Archer selects the file and creates a Scan ID or Automated Configuration Check to
provide evidence of the current settings for each target application.
4 Each parameter reviewed within every SAP client is reported as text within the
automated configuration check or test execution and emailed to procedure owners
for investigation based on any failures.
Summary
This automation eliminates the manual verification process that typically can take
hundreds of hours of review (annually) across the SAP landscape. This results in a
reduction in manual verification procedures and investigation time for internal
resources.
Integration between Archer and SAP target systems documents the opening and
closing of the SAP client for configuration. Each target system is monitored based on
scheduled batch job execution within the SAP system, creating a text file on a shared
file server. Archer selects the file and then creates a Scan ID or Automated
Configuration Check to provide evidence of the current client configuration settings
for each target application. These settings should be monitored to confirm that
production and validated environments are set correctly. When a ticket is submitted
to change the settings, opening the client for configuration should be extremely brief
and monitored by system administrators. Automating this process to integrate into
Overview
Using an
automated
application to
control verification
Monitoring client
opening and
closing for
configuration
16. EMC Hybrid Cloud for SAP
Enhanced Security and Compliance
16
Archer for visibility, continuous monitoring, and awareness to confirm correctness will
facilitate the communication of this high-risk activity.
Process
The following table describes the process of this use case.
Table 4. Monitor client opening and closing for configuration
Step Description
1 Data from each SAP client is reported as text within the automated configuration
check or test execution.
2 The data is emailed to procedure owners for investigation of any failures.
3 Based on standard internal control reviews for SAP, production systems and
validated environments are monitored to confirm adherence to general control
settings.
Summary
This automation eliminates the manual client setting monitoring and verification
process that typically occurs reactively after the identification of an incident. Our
automated monitoring results in a reduction of manual verification procedures and
investigation time for internal resources as well as providing more accurate and
timely information on a high-risk SAP setting.
Integration between Archer and SAP target systems monitors the assignment of
standard delivered SAP profiles to ensure that users are not assigned high-risk
profiles directly. Each target system is monitored based on scheduled batch job
execution within the SAP system creating a text file on a shared file server to identify
any direct profile assignments. Archer will select the file and then create a Scan ID or
Automated Configuration Check to provide evidence of the current profile assignment
occurrences for each target application.
Process
The following table describes the process of this use case.
Table 5. Standard delivered SAP profiles
Step Description
1 Data from each SAP client is reported as text within the automated user to profile
assignment report or test execution.
2 The data is emailed to procedure owners for investigation based on any user
assignments.
3 Standard SAP security reporting programs are executed to identify any profile-
related user assignments to relay to Archer.
Summary
Generating and automating reports eliminates the manual verification process across
the SAP landscape and reduces investigation time for internal resources.
Assigning high-
risk profiles
17. 17EMC Hybrid Cloud for SAP
Enhanced Security and Compliance
Integration between Archer and SAP target systems monitors inactive user accounts
to identify those that can be stripped of transactional access and eliminated. This use
case is customized for each client based on internal Information Protection Protocols
to migrate inactive user accounts into a retired user group or to dispose of them, as
required. De-provision inactive accounts to remove any current access assignments,
and modify user groups when necessary.
Each target system is monitored based on a scheduled batch job execution within the
SAP system creating a text file on a shared file server to identify the inactive user
accounts. Archer selects the file and then creates a Scan ID or Automated
Configuration Check to provide evidence of the current profile assignment
occurrences for each target application. Standard SAP security reporting and
programs identify inactive user accounts based on last logon dates and the
customer’s inactive account parameters; these accounts are then relayed to Archer.
Process
The following table describes the process of this use case.
Table 6. Identifying and deleting inactive SAP user accounts
Step Description
1 Data from each SAP client is reported as text within the automated last logon
report or test execution.
2 Data is emailed to procedure owners for investigation of any accounts that should
be retired.
3 Based on each client’s workflow needs, automatic GRC-Access Controls
provisioning requests are created to eliminate role assignments identified during
the review of stale user accounts.
4 Once accounts are identified based on the standard Last Logon report, an
automatic deprovisioning request is submitted to retire the account.
Summary
Generating automated reports eliminates the manual verification process across the
SAP landscape, reducing investigation time for internal resources.
Integration between Archer and SAP target systems monitors users with unmitigated
SoD violations to identify those that require further remediation. Outstanding user
SoD violation rates should be below customer-defined tolerances and automatically
monitored or remediated on an ongoing basis. When user violations occur, it is likely
that role provisioning has occurred that is outside of the mitigation process. This
increases the risks related to provisioning and potential misuse of the applications.
When users are identified after execution of the standard batch jobs within SAP-GRC,
the scheduled batch job creates an aggregated SAP target system text file on a
shared file server to identify users for mitigation. Archer selects the file and creates a
Scan ID or Automated Configuration Check to provide evidence of the current open
user SoD violations. This use case is supported based on standard SAP security
Identifying and
deleting inactive
SAP user accounts
Monitoring SoD
user violation
rates
18. EMC Hybrid Cloud for SAP
Enhanced Security and Compliance
18
reporting and programs to identify user accounts with unmitigated SoD violations to
relay to Archer.
Process
The following table describes the process of this use case.
Table 7. Monitoring SoD user violation rates
Step Description
1 Data from each SAP client is reported as text within the GRC reports for
unmitigated users.
2 Data is emailed to procedure owners for investigation and mitigation.
3 Standard SAP security reporting and programs identify users with unmitigated SoD
violations.
4 These users are relayed to Archer for distribution.
5 Based on each client’s mitigation needs, automatic GRC-Access Controls
provisioning requests can be created to request user mitigation during the review
of SoD occurrences within existing active user accounts.
6 Once the accounts are identified, an automatic deprovisioning request can be
submitted to retire the account.
Summary
Automating this process facilitates the visibility of the recertification process and
aligns continuous monitoring to the overall organization risk profile. This results in a
reduction in manual verification procedures and investigation time for internal
resources while increasing the automation of the mitigation and evidence-gathering
processes.
Integration between Archer and SAP target systems monitors open SoD role violation
rates to identify single or composite roles that maintain unmitigated SoD violations.
Outstanding role SoD violation rates should be zero and need to be automatically
monitored or remediated on an ongoing basis. This information is aggregated in GRC
for all target applications and provided in an attachment to Archer for notification and
distribution on a periodic basis. This automation reduces the risk that violations exist
but are not monitored by the appropriate business personnel. By integrating the
remediation and continuous monitoring process into the Archer platform, the results
are visible to management to ensure compliance and role recertification.
Process
The following table describes the process of this use case.
Monitoring SoD
role violation rates
19. 19EMC Hybrid Cloud for SAP
Enhanced Security and Compliance
Table 8. Monitoring SoD role violation rates
Step Description
1 When roles with open SoD violations are identified after execution of the standard
batch jobs within SAP-GRC, the scheduled batch job aggregating data from each
SAP target system creates a text file on a shared file server to identify roles for
mitigation.
2 Archer selects the file and creates a Scan ID or Automated Configuration Check
with an attachment (or link) with supporting evidence of the current open SoD role
violations for per target application.
3 Standard SAP security reporting and programs identify roles with unmitigated SoD
violations and relay them to Archer for distribution.
Summary
Automating this process improves the visibility of the recertification process and
aligns continuous monitoring to the overall organization risk profile. This reduces
manual verification procedures and investigation time for internal resources, while
increasingly automating the mitigation and evidence gathering process.
Integration between Archer and SAP target systems identifies the current setting
based on scheduled batch job execution to report the status of the opening and
closing of the SAP financial and material posting periods for configuration. The risk to
an organization is that the posting period for a prior (or future) period is open and
posting is allowed into the wrong period, affecting revenue recognition.
Each target system is reported based on scheduled batch job execution within the
SAP target systems and creating a text file on a shared file server. Archer selects the
file and creates a Scan ID or Automated Configuration Check to provide
documentation of the current posting period settings for each target application.
Process
The following table describes the process of this use case.
Table 9. Monitoring of opening/closing of financial and material periods for posting
Step Description
1 Data from each SAP client is reported as text within the automated configuration
check or test execution.
2 The data is emailed to procedure owners for confirmation.
3 Based on standard internal control reviews for SAP, production systems and
validated environments are monitored to confirm adherence to general control
settings, and to confirm that the financial and material posting periods are aligned
with the desired settings.
Summary
This automation eliminates the manual verification process and avoids uncertainty
about the status of the application while reducing investigation time for internal
resources.
Monitoring of
opening/closing of
financial and
material periods
for posting
20. EMC Hybrid Cloud for SAP
Enhanced Security and Compliance
20
Conclusion
The integration of RSA Archer and SAP provides a solution that enables customers to
address the challenges posed by the disjointed nature of GRC as it currently exists in
the SAP landscape. This solution centralizes and consolidates audit information from
SAP and non-SAP applications in a single repository. This unified eGRC solution
satisfies both business and IT priorities and enables automated compliance with
regulatory requirements.
Archer’s Professional Services personnel can transform the fragmented and largely
manual governance programs into automated analysis solutions. Their services can
apply sophisticated dashboard reporting, integrated data connections, and real-time
analysis to what is (in many cases) the biggest and most important business
application used in the enterprise. The complete visibility afforded by this solution
facilitates executive decision-making, supports current regulatory compliance needs,
and meets the predictive risk and eGRC needs of tomorrow.
Customers who employ both RSA Archer and SAP should:
Assess their current eGRC practice and identify processes that are time-
consuming, manual, and repetitive.
Automate to the greatest extent possible the collection of control and
compliance data.
Implement direct data feeds from SAP to Archer to consolidate compliance
results.
Use Archer’s advanced user interface, dashboard, analytics and reports to
improve eGRC maturity.
These highly integrated solutions enable Professional Services personnel to
transform your existing manual governance programs into fully automated predictive
analysis solutions. Service experts inject technology efficiency and automation into
your processes to drive immediate results.
With enhanced dashboard reporting, integrated data connections, and immediately
available analysis to your largest and key applications we provide a 360° glimpse
into your risk environment. This complete visibility facilitates executive decision-
making, immediate risk management results, and is the foundation to evolve your IT
department to enable business operations.
A Professional Services team provides solutions that can immediately reduce your IT
spend in the areas of regulatory compliance and support by:
Identifying client-specific SAP configuration for core Archer integration and
automation
Providing recommendations and a roadmap for further automation and overall
program enhancements
Providing a detailed assessment of your Archer, SAP, and eGRC landscape
Summary
Findings
Professional
Services
21. 21EMC Hybrid Cloud for SAP
Enhanced Security and Compliance
Professional Services can transform your organization to meet the predictive risk and
eGRC needs of tomorrow while smoothly supporting the regulatory compliance needs
of today.
Additional services
A sample of additional professional services and technology solutions related to
SAP/Security/IAM/eGRC include:
Complete SAP security deployments
Role redesign and/or remediation
GRC deployments, upgrades, assessments
IAM/IdM integration and deployment
Full life cycle identity, authorization, and authentication solutions
Further customizations of Archer, SAP, and IdM solutions
Automation of SAP continuous monitoring tasks, including
Identification of incomplete, manual, or changed authorizations
Identification and analysis of out-of-synch roles (mismatched parent-to-
child or incorrect child role values)
Identification of roles with non-compliant technical names
Identification of non-compliant user group elements
22. EMC Hybrid Cloud for SAP
Enhanced Security and Compliance
22
References
For additional information, see the white papers listed below.
EMC Hybrid Cloud Solution with VMware: Foundation Infrastructure Reference
Architecture 2.5
EMC Hybrid Cloud Solution with VMware: Foundation Infrastructure Solution
Guide 2.5
EMC Hybrid Cloud Solution with VMware: Security Solution Guide 2.5
EMC Hybrid Cloud for SAP: VMware vCloud Automation Center, VMware vCloud
Application Director, EMC ViPR, EMC ViPR SRM
For additional information, see the product documents listed below.
RSA Archer GRC Platform Administration Guide
RSA Archer GRC Platform 5.4 Solutions User Guide
White papers
Product
documentation