The document details an advanced authorization model for secure partner collaboration within global SAP deployments, focusing on the partner collaboration lifecycle and authorization tools. It discusses enterprise authorization considerations, the separation of authorization dimensions, and the importance of an effective long-term authorization strategy through practical models and tools. Additionally, the content emphasizes the need for managing intellectual property and ensuring compliance in diverse operational contexts.

1. Advanced Authorization for SAP Global DeploymentsPart 3: SAP authorization model for secure Partner CollaborationSandeep Chopra, Sr. Product Manager, NextLabs, Inc.

2. AgendaObjectiveUnderstand partner collaboration lifecycle for global SAP deploymentApply the Authorization FrameworkIdentify authorization tools used in the solutionPresentationQuick Recap of Part I and IIThe Partner Collaboration LifecyclePartner Collaboration requirements for global SAP deploymentEnterprise authorization considerationsQuestion and Answers

3. Review of Part IUnderstanding Global Deployment Authorization Requirements and ChallengesIntroduction to the Authorization ToolboxAuthorization Framework – Clear Separation of Authorization DimensionsAuthorization Decision Map

4. Review of Part 2Introduce Authorization Model AssessmentUnderstand the requirements of Export Compliance in a global deploymentGroup business authorization into functional, data, and governance dimensionsExample Authorization Decision Map for Export Compliance

5. The Authorization Framework Revisited5. Choose the right tools for each layer4. Develop Data Authorization Decision Map3. Authorization Model Assessment for Data Entitlements2. Develop Functional Authorization Map1. Separate Functional, Data and Governance Requirements

6. The Partner Collaboration LifecycleMarketingEngineeringManu-facturingLogisticsSalesService

7. Partner Collaboration AuthorizationsIntellectual Property (IP) LicensesNDA, PIA, PIEAPatent LicensesTrade SecretsThird Party IP LicensesContractual ObligationsClassified, Top Secret, Need to Know

8. Securing CollaborationMultiple systems are involved throughout the IP LifecycleNeed to apply Authorization Framework to each systemNeed to develop a long term authorization strategy

9. ACME: A Global A&D CompanyGlobal Aerospace & Defense CompanyHeadquartered in USOperations in 6 countries:US, UK, Germany, India, China, AustraliaJoint Ventures in Australia and UK60,000 employees, 5000 suppliers worldwideSingle Instance of SAP, Centralized IT management in USSubstantial number of materials are dual use or under ITAR jurisdiction Global operations IT management in US, operations in India Design centers in US, UK, Germany, and AustraliaManufacturing in US, UK, Australia, China

10. Business Authorization DimensionsFunctional AccessDetermine the actions a user can performData AccessDetermine the data a user can seeGovernanceRules for access managementData AccessFunctional AccessGovernance

11. ACME’s Functional Authorization Map for SAPSAP Authorization Concept and ACCDefine Roles

12. Define Transaction or Function Groups

13. Define Authorization ObjectsData Authorization RequirementsIntellectual Property TypePUBLICPATENTTRADESECRETPROPRIETARYTHIRD-PARTY PROPRIETARYCOPYRIGHTTRADEMARKIP LicenseIP Owner – IP DesigneeIP License (NDA, PIA, Patent License)Business ClassificationProgram, ProjectProductTechnology FamilyCustomer (Service)Significant overlap with Export Classification – the same data will also have Export classifications.

14. Acme’s Authorization Decision Map for SAPSAP

15. Do not Forget Authorization GovernanceClassification ProcessesIP Classification (type, owner, license)Business classification (Program, project, product, customer)IP PublicationProcess for publishing IP to external facing applicationsExternal User Company and Project assignmentsManaging the creation of accounts for external users with accurate information for company and project assignmentIP License ManagementManaging IP licenses established by legalMarking, Audit and Record Keeping

16. Acme’s Enterprise Authorization Decision MapSAPFile ServerPLMCAD SystemSharepointCustom App

17. What is the right Enterprise Authorization Strategy?Custom AppCADSAP/PLMSharePointFile SharesRBACABACABACCustomSeparate admin?

18. Policy consistency?

19. Higher TCOIT

20. Externalize AuthorizationCustom AppCADSAP/PLMSharePointFile SharesExternalized Authorization LayerCentralized Admin

21. Policy consistency

22. Lower TCOIT

23. Leverage Common Authorization ModelSAPFile ServerPLMCAD SystemSharepointCustom App

24. An Authorization Strategy for ACMENear Term:Use the Best authorization model for each Application to meet the control objective LongTerm:Develop strategy to externalize authorization leveraging common authorization model

25. Mapping Requirements to AuthorizationUnderstand the requirements of Secure Collaboration in a global deploymentGroup business authorization into functional, data, and governance dimensionsAuthorization Decision Map for Secure Collaboration for each applicationEnterprise Authorization considerations

26. Co-organized by NextLabs and SAPNextLabs OverviewPolicy-driven, information risk management software for Global 5000 enterprises.Help companies achieve safer and more secure internal and external collaborationEnsure proper access to applications and dataFactsLocationsHQ: San Mateo, CANew York, NYHangzhou, PRCMalaysia25+ Patent PortfolioMajor go-to-market Partners: IBM, SAP, Microsoft“We allow companies to preserve confidentiality, prevent data loss and ensure compliance across more channels and more points with a single unified solution with unmatched user acceptance and total cost of ownership.”- Keng Lim, Chairman and CEO

27. Thank You!Questions?ruth.stephens@nextlabs.comDo not miss the webinar recordingsThe recorded sessions will be available to you via a URL in the next weekContact Ruth for more information:See a demo of how we can protect IP in partner collaboration

28. Get the whitepaper on Protecting IP in Collaborative Manufacturing

29. Request a meeting to find out about our end to end information risk protection for SAP customers