Written by Richard Hunt
SAP security and GRC professionals now have the tools and technology available to be more effective than ever in securing their critical SAP environments. Yet at the same time, the threat landscape has never been as fierce as it is today. While those responsible focus on safeguarding SAP applications, business leaders also expect more from these teams in terms of adding value across the wider risk management agenda.
It’s also a time of great change for SAP customers generally, as the need to embrace SAP S/4 HANA moves more sharply into focus – bringing with it many significant and very different security considerations. Enhanced interconnectivity and mobility can bring clear benefits but also leave SAP applications and infrastructure increasingly open, so it is vital to make the make the right security decisions from the outset.
When Turnkey Consulting’s global management team met in Sydney, Australia, we discussed some of the biggest risk-related questions facing SAP customers today. Collectively the team has many, many years of experience in helping hundreds of SAP customers manage risks across the globe.
We explored key issues such as the new security challenges in migrating to SAP S/4 HANA, managing cyber threats and how to maximise your investment in SAP GRC. We’ve produced a seven-part video series, which captured the roundtable insights from our team of GRC experts. We also shared our views on the differences in maturity that we’ve seen in different corners of the world, as well as across different industries.
To watch the 7-part video series now click here.
Here’s a quick summary of what you’ll learn from the video series:
Part 1: What are the security challenges with SAP implementations
With more security considerations to make, it is vital that those responsible for SAP security are engaged early in the process.
So, we cover the lessons to be learnt from previous ERP implementations – many of which were hampered with costly retrospective changes that could have been avoided if security was considered earlier on in the project. You’ll learn why security should be a main focus of any project, playing a vital role in system implementation right from conception.
Part 2: How can a security specialist work with systems integrators?
In this video we look at why few systems integrators possess the security skill set required to manage today’s threats effectively. And we explore the role of a security specialist that works alongside the integrator to minimise risk.
From this video, you’ll understand why managing SAP security requires an increasingly in-depth knowledge of risk and compliance processes and tools. Many organisations have already discovered that combining the strong functional and technical experience of a systems integrator with the specialist skills of an SAP security expert, could ensure nothing is missed when it comes to security.
Parts 3 & 4: What security challenges are presented by moving to SAP S/4 HANA?
In the next two videos, we discuss the security implications involved in migrating to SAP S/4 HANA. With increasingly complex underlying architectures, ensuring the security of your SAP environment needs to be a key focus for any migration to SAP S/4 HANA.
You’ll see that whilst the interface and user experience of SAP S/4 HANA is far simpler, the underlying architecture is actually far more complex. Also, you’ll get a clearer view of the new cyber risks and security challenges that are potentially more wide-ranging – especially when you consider that S/4 HANA migrations are often run alongside the implementation of cloud-based SAP technologies.
Part 5: How can companies drive more value from their investment in SAP GRC?
In this discussion, we debate why access management and compliance is usually the primary focus for many SAP customers, and how some organisations are missing opportunities to drive more value from SAP GRC.
Like any investment, the best way to deliver ROI is to utilise and maximise all possible functionality within the system, which requires effective training and use of automation. And this video will help you identify where the opportunities may exist for you to unlock more value from your SAP GRC tools.
Part 6: How can clients minimise the cost of security remediation?
Six-monthly checks remain commonplace, but in reality, controls should be continuously reviewed in order to prevent excessive security costs and role remediation. In fact, many role remediation projects begin as a result of the changing security requirements of legacy implementations, organisational changes and business processes.
In this video, you’ll learn why security should be considered an ongoing priority, not a one-off investment. This will ensure the security function can develop in line with changes, evolve with the system and reduce the need for role remediation.
Part 7: What cyber initiatives are SAP customers focusing on?
In our last video, we look at why SAP customers should consider key cyber risks, best practice cyber strategy, identity management, privilege access management and testing. The discussion moves into the lower layers of the system, such as the database, operating system and the coding configuration underlying the SAP application environment.
You’ll learn why many organisations are also putting a lot more focus on ‘worst-case scenarios’, with more disaster recovery and business continuity plans than ever before. With multiple applications (even within internal systems) and external clients/vendors increasingly sharing information in cloud applications, the risks are greater – and your security measures must reflect that.
View the video series
This article is sponsored by Turnkey Consuting