The global and independent platform for the SAP community.

Consistent GRC for SAP cloud applications

Governance, risk management and compliance (GRC) are closely linked, essential areas of a company. A mix of on-premises and cloud is now increasingly being used for business applications. This increases the number of networked applications, but also the security risks.
E3 Magazine
October 16, 2024
avatar
This text has been automatically translated from German to English.

Whether in procurement, accounts payable/receivable or customer relationship management, the joint assignment of rights in different applications can lead to SoD conflicts, especially with cloud solutions. To counter this, companies need to develop a cross-application view of their access management that includes cloud applications such as SAP SuccessFactors, Ariba or Concur in addition to securing and monitoring on-premises applications.

However, as Holger Flint, Head of the SAP Basis Competence Center at IT service provider Akquinet, points out, this is easier said than done: "Implementing a cloud strategy appropriately is no trivial task due to the complexity and in-depth processes involved." The provider of SAP security and compliance services therefore relies on tailor-made software from its long-standing partner Pathlock.

"Implementing a cloud strategy appropriately is no trivial task due to the complexity and in-depth processes involved."
Holger Flint, Head of Competence Center SAP Basis, Akquinet

Holistic solutions such as these offer a joint cross-application SoD check with dashboard-based display of the current risk status for both on-premises and cloud solutions. Potential segregation of duties risks are continuously identified during the application process, at the time of allocation and also during the test cycles. Automated SoD and risk analysis as well as automated reporting for all common business applications - whether SAP ERP, S/4 Hana, SAP cloud applications, Microsoft Dynamics or Salesforce - help to meet legal requirements in a time-saving manner. The preconfigured sets of rules are ready for immediate use and can be easily customized.

Focus on superuser concepts

Ralf Kempf, IT Security Evangelist and Managing Director of Pathlock Germany, emphasizes: "The growing complexity makes it essential to keep SoD concepts up to date, present them transparently and harmonize them. It is important: Emergency concepts can no longer be viewed in isolation." This is because they are still rarely considered together and cause a significant and unnecessary security gap if super users have far more authorizations than they should according to the SoD concept. "This is neither expedient nor practicable for a holistic security strategy," explains Kempf.

"The growing complexity makes it essential to keep SoD concepts up to date, present them transparently and harmonize them."
Ralf KempfIT Security Evangelist and Managing Director, Pathlock

Exploiting strategic opportunities

Identities and access are at the heart of IT security and compliance. The challenge, according to Kempf, is to integrate all business applications in such a way that consistent and secure access governance is guaranteed - whether on-premises or in the cloud. Careful analysis and implementation enable the right design and configuration, the establishment of new automated processes for assigning access authorizations, the creation of transparency and the necessary compliance.

Flint sees decisive advantages for the seamless integration of modern business applications with the involvement of Pathlock's specialists: "Companies should use this strategic opportunity to modernize their infrastructure and improve their cross-application IT security." Last but not least, the end of support for SAP IDM also offers the ideal opportunity to introduce new functionalities, a transparently measurable risk analysis and Continuous Control Monitoring (CCM) for the continuous monitoring of the quality and effectiveness of internal controls.


To the partner entry:

Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 24, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.