by Vince Warrington | 1 August 2016
A very large, global UK business had a history of recurring Access Control issues in SAP which caused a number of serious security breaches.
The internal IT team reacted to those control issues and mitigated them as part of a BAU process, but the solutions that were applied did not address the root causes of the access violations and only treated the symptoms. .
There was also a lack of security governance for SAP, resulting in inconsistent processes, absence of standards and policies, and incomplete security controls.
Our expert examined the current state of the SAP security focusing primarily on Segregation of Duty and sensitive access and determined how to mitigate the risks of Access Control violations.
We then planned what changes need to make to people, process and technology to ensure the risks were reduced via effective controls and that SAP security remained in a compliant state.
The project including three major phases:
We formed a large project team consisting of our experts and the clients' in-house employees with specialist SAP Knowledge, we well as representatives of the business users from across the globe. This composition allowed us to bring together not only the security experts, but also end users who could explain how they needed SAP to operate.
The project took nearly three years to complete, as the various SAP instances were all very different and had to be thoroughly analysed before any remediating actions could be agreed and implemented, but the business was able to gain several benefits from this complex project: