Verified case study

SPECIALIST IT SECURITY

by Vince Warrington | August 1, 2016

SPECIALIST IT SECURITY

Challenge

A very large, global UK business had a history of recurring Access Control issues in SAP which caused a number of serious security breaches. 

The internal IT team reacted to those control issues and mitigated them as part of a BAU process, but the solutions that were applied did not address the root causes of the access violations and only treated the symptoms. .

There was also a lack of security governance for SAP, resulting in inconsistent processes, absence of standards and policies, and incomplete security controls.

Solution

Our expert examined the current state of the SAP security focusing primarily on Segregation of Duty and sensitive access and determined how to mitigate the risks of Access Control violations.

We then planned what changes need to make to people, process and technology to ensure the risks were reduced via effective controls and that SAP security remained in a compliant state.

The project including three major phases:

  • Governance and Target Operating Model
  • Access Controls and Authorisations
  • vulnerability and penetration testing of the SAP structure

 

We formed a large project team consisting of our experts and the clients' in-house employees with specialist SAP Knowledge, we well as representatives of the business users from across the globe. This composition allowed us to bring together not only the security experts, but also end users who could explain how they needed SAP to operate.

Outcome

The project took nearly three years to complete, as the various SAP instances were all very different and had to be thoroughly analysed before any remediating actions could be agreed and implemented, but the business was able to gain several benefits from this complex project:

  • a Target Operating Model applicable to all SAP instances, ensuring conformity for the set-up, usage, and maintenance throughout the business
  • A significant reduction in the number of Security Breaches caused by users having inappropriate levels of access achieved mainly through the imposition of new controls around User Creation and a thorough evaluation of all Roles within SAP.
  • Increased Senior Management confidence that the possibility for internal fraud to occur had been reduced by implementing effective Segregation of Duties policies, preventing individuals from collaborating on potentially fraudulent transactions.

user

Vince Warrington

Vince is an expert in data protection and cyber security. He runs Protective Intelligence, an information security consultancy.

Sectors

Technology

Success factors

Significant transformation

Keywords

Project lead

Vince Warrington

Project status

Complete

Start date

February 2016

End date

February 2016

Project value

Confidential

Build Your Reputation For Excellent Delivery

Schedule a free 15-minute consultation today and discover how we turn case studies from a boring chore into a valuable experience you'll enjoy

Subscribe to Case Study Ninja

Don't miss out on the latest case studies and Academy articles. Sign up today.