Get a PDF of this case study

SPECIALIST IT SECURITY is available as a PDF, sent straight to your email inbox.

SPECIALIST IT SECURITY

Challenge

A very large, global UK business had a history of recurring Access Control issues in SAP which caused a number of serious security breaches. 

The internal IT team reacted to those control issues and mitigated them as part of a BAU process, but the solutions that were applied did not address the root causes of the access violations and only treated the symptoms. .

There was also a lack of security governance for SAP, resulting in inconsistent processes, absence of standards and policies, and incomplete security controls.

Solution

Our expert examined the current state of the SAP security focusing primarily on Segregation of Duty and sensitive access and determined how to mitigate the risks of Access Control violations.

We then planned what changes need to make to people, process and technology to ensure the risks were reduced via effective controls and that SAP security remained in a compliant state.

The project including three major phases:

  • Governance and Target Operating Model
  • Access Controls and Authorisations
  • vulnerability and penetration testing of the SAP structure

 

We formed a large project team consisting of our experts and the clients' in-house employees with specialist SAP Knowledge, we well as representatives of the business users from across the globe. This composition allowed us to bring together not only the security experts, but also end users who could explain how they needed SAP to operate.

Outcome

The project took nearly three years to complete, as the various SAP instances were all very different and had to be thoroughly analysed before any remediating actions could be agreed and implemented, but the business was able to gain several benefits from this complex project:

  • a Target Operating Model applicable to all SAP instances, ensuring conformity for the set-up, usage, and maintenance throughout the business
  • A significant reduction in the number of Security Breaches caused by users having inappropriate levels of access achieved mainly through the imposition of new controls around User Creation and a thorough evaluation of all Roles within SAP.
  • Increased Senior Management confidence that the possibility for internal fraud to occur had been reduced by implementing effective Segregation of Duties policies, preventing individuals from collaborating on potentially fraudulent transactions.
Client: Large Global UK Business

Success factors: Significant transformation
Sectors: Technology

Project lead: Vince Warrington
Project status: Complete

Start date: 07-02-2016
End date: 07-02-2016

Value: Confidential
Contact: Vince Warrington