View
123
Download
1
Embed Size (px)
DESCRIPTION
Citation preview
Your logo
1
SAP GRC Access Control 10.0:Getting & staying in control of user access
Melissa Dielman
Chris Walravens
SAPience.be Tech Day 2012
2SAPience.be Tech Day 2012
Expertum & SAP GRC
The need for SAP GRC Access Control
SAP GRC AC 10.0: • Components
• Functionalities & Demo
• Benefits
Value Testimonials
Your logo
3
Expertum & SAP GRC
SAPience.be Tech Day 2012
a SAP Consultancy firm with a dedicated SAP Security team
offering services in • SAP Security Audits
• Authorization concept design
• SAP GRC implementation
• SOD conflict remediation
• Access Management Framework design
• Day to day support
the only Belgian SAP partner to achieve the GRC AC RDS Qualification
GRC Channel Sales partner for Large Accounts
providing the GRC trainers at SAP Education
the first to implement GRC AC 10.0 successfully in a Belgian Company
Expertum is….
Your logo
4
Lack of Access Control
Today's SAP environments often lack appropriate security and controls mechanisms, illustrated by following symptoms:
SAPience.be Tech Day 2012
Lack of business & IT communica-
tion
Fragmented approach to
access control
Inability to prevent
access risk
Excessive time & cost of
analysis & audit
Bad practices in user
management
Your logo
5
Access Control Strategy
SAPience.be Tech Day 2012
Define & Control
Empower
Inform & Monitor
Document
Defined & centralized Access RulesAutomated/manual process controls
Governance ModelInformation availabilitySustainabilityAutomation & Self-service
Push & pull reportingRegular reviewsCritical access & SODBusiness & IT
Increased ownershipFull audit trail
Your logo
6
SAP GRC Access Control Components
SAPience.be Tech Day 2012
Emergency Access
Management (EAM)
Provision & Manage Users
(PMU)
Business Role Management
(BRM)
Analyze & Manage Risks
(AMR)
Your logo
7
Analyze & Manage Risk
Emergency Access
Management (EAM)
Provision & Manage Users
(PMU)
Business Role Management
(BRM)
Analyze & Manage Risks
(AMR)
Your logo
8
Analyze & Manage Risk
SAP GRC Access control prevents access risk by defining the rules and identifying & remediating violations.
Centralized definition of Segregation of Duties
Real-time risk analysis on user and role level
Proactive detection of SoD issues by simulation
Documentation & assignment of mitigating controls
Automated Access Reviews & follow-up actions
Your logo
9
Demo: AMR
SOD reporting
SOD analysis
SOD simulation
Emergency Access
Management (EAM)
Provision & Manage
Users (PMU)
Business Role Management
(BRM)
Analyze & Manage Risks
(AMR)
Your logo
10
Emergency Access Management
Emergency Access
Management (EAM)
Provision & Manage Users
(PMU)
Business Role Management
(BRM)
Analyze & Manage Risks
(AMR)
Your logo
11
Emergency Access Management
SAP GRC Access Control allows you to provide extended access rights to users on a exceptional basis. A complete logging ensures (ab)use of the access is traced & documented.
Centralized, automated, pre-approved cross-system emergency access
Automatic e-mail notification when emergency access is activated
Detailed audit trails of performed actions
Your logo
12
Demo
Emergency Access
Management (EAM)
Provision & Manage
Users (PMU)
Business Role Management
(BRM)
Analyze & Manage Risks
(AMR)
Firefighter activation
Firefighter logging
Your logo
13
Provision & Manage Users
Emergency Access
Management (EAM)
Provision & Manage Users
(PMU)
Business Role Management
(BRM)
Analyze & Manage Risks
(AMR)
Your logo
14
Provision & Manage Users
SAP Access Control enables an automated, compliant user provisioning process,
Automated access provisioning, requesting approval to the appropriate business & risk owner
Preventive SOD analysis at time of request
Automatic logging of request approvals and modification
Password self-service
Remote approval through smart phone app
Your logo
15
SAP Access ApproverMobile Application
Your logo
16
Example: User Access Request Flow
Initiate RequestU
ser
Role
Ow
ner
Risk
Ow
ner
Approve
Comp Control
SOD
Accepted Risk
Decline
Decline
Assignment
Approve
DeclineN
Y
Your logo
17
Demo
Emergency Access
Management (EAM)
Provision & Manage
Users (PMU)
Business Role Management
(BRM)
Analyze & Manage Risks
(AMR)
User access request
Preventive SOD simulation
Automated user provisioning
Automated emailing
Your logo
18
Business Role Management
Emergency Access
Management (EAM)
Provision & Manage Users
(PMU)
Business Role Management
(BRM)
Analyze & Manage Risks
(AMR)
Your logo
19
Business Role Management
Enforcing Best Practices for compliant role management
Central documentation of SAP authorization concept
Definition of cross application business roles
Preventive risk analysis for authorization roles
Change Management Process
Your logo
20
GRC Access Control: Recap
Emergency Access
Management (EAM)
Provision & Manage Users
(PMU)
Business Role Management
(BRM)
Analyze & Manage Risks
(AMR)
Accurately identify and analyze access risk violations in real-timeRemediate and mitigate conflicts for users and rolesContinuously monitor access risks and user assignments across the enterprise
Self service emergency access activationCentrally approve and manage emergency access or all SAP systemsDetailed usage logs for comprehensive emergency access reviews
Centralized business role managementEnforced compliancy to format & SOD rulesAutomated role governance process involving business & technical owners
Self service user access request processPreventive risk analysis in user provisioningAutomated workflow for efficiently approving requestsStreamline and automate reviews of user access
Your logo
21
Value
SAPience.be Tech Day 2012
Automation
Prevention
Centralization
Documentation
Logging
Reporting
Self-service
Business involvement
SLA
Your logoValue Testimonials
22
“Finally we have just one place to look for all our compliance rule sets, violations, mitigating controls, … and so forth. That winds up saving us quite a bit of money”Diana Dayal, Newell Rubbermade Inc
“SAP BO Access Control and SAP NW Identity Management have helped us save vast amounts of money by automating almost the entire authorization process from access request to approval and documentation”R. Falke, Vibracoustic GmbH & co
“Using automated password reset, a large U.S. beverage producer reduced its IT service desk costs by more than $600,000 in only one year.”Gartner
“Although Identity and Access Management has traditionally played the role of gatekeeper, it is now also helping to improve business agility and reduce IT complexity by enabling organizations to quickly control user access”Deloitte, 2010 TMT Global Security Survey
Your logo
23
Chris WalravensGRC Competence Lead
T. +32 474 47 59 83E. [email protected]
www.expertum.net
Melissa DielmanSr GRC Consultant
T. +32 470 56 20 63E. [email protected]
www.expertum.net
Contact Details
Thank you!
Your logo
24SAPience.be Tech Day 2012