Our new fat burner for authorizations! Slim your roles with SAST Self-Adjusting Authorizations

Transcription

1 Our new fat burner for authorizations! Slim your roles with SAST Self-Adjusting Authorizations

2 Facts and figures AKQUINET is an international operating, continuously growing IT company headquartered in Hamburg. Our company units are organized into owner-managed midsize enterprises, which means they are both flexible and highly efficient. And as a self-financed IT business, we re independent of manufacturers and banks. Our focus is on the introduction of ERP and S/4HANA systems, the individual development of software solutions in the areas of Java, SAP and Microsoft as well as their security. Employees 32,3 41,5 45,0 56,3 71, ,9 92,0 110,0 Turnovers in Mio offices in Germany, Austria, Poland and Brazil. Projects in 30 countries worldwide

3 Your SAP security is our number one concern IDENTITY AND USER ACCESS MANAGEMENT SOFTWARE SECURITY INTELLIGENCE CONSULTING PLATFORM SECURITY MANAGED SERVICE

4 4D SAST Solutions: all-around protection with real-time monitoring! Our Suite at a glance Modular design. Individual possibilities

5 Companies who ve decided to play safe with us. (an alphabetical listing of selected customers) Plastics Production Chemical Conglomerate Customer goods Food ICT services Land and housing Automotive Mechanical engineering ICT services Construction Energy Machine and plant engineering Chemical / Textile Technology / Chemical Automotive Customer goods Production / Services Customer goods Trade Machine engineering Insurance Trade Banks / Insurances Pharmaceuticals Healthcare Banks Land and housing Mining - 7 -

6 Up to 75% of current authorizations can be reduced, within only a quarter year s time. In our authorization projects, we often meet users having authorizations. But only 25% of them are needed and we can tell you of course which ones these are! Ralf Kempf Technical Managing Director SAST SOLUTIONS - 8 -

7 Why we developed self-adjusting authorizations? The idea Regularly optimizing SAP authorizations is mandatory for every company. Authorization administration often lacks information about which roles the user department really need to fulfill their daily business activities. Recklessly assigned authorizations can lead to... unclear roles due to the large number of authorizations per user... strongly increased potential for segregation of duty (SoD) conflicts... unnecessarily high cost for SAP licenses.! Therefore concrete transaction usage analyses are needed but these often lack. SAST SUITE helps with delivering such essential key figures and more! - 9 -

8 Feedback from our pilot customers "SAST analysis showed that only 23% of all roles provided are used in our systems. We did not expect such an astonishing result." "The SAST analysis revealed that we needed to revise all of our roles. An average usage of just 31% was simply not acceptable. And we had to discover this, even beeing very close to the standard!

9 Process for self-adjusting authorizations: An employee had been assigned 10 authorizations (transactions) which she supposedly needed to carry out her day-to-day business in accounting. Role creation with SAST-Suite Evaluation of role usage SAST-Suite results of role usage Role: Accounting Reference Date: Role: Accounting Transaction 1 Transaction 2 Transaction 3 Transaction 4 Transaction 5 Transaction 6 Transaction 7 Transaction 8 Transaction 9 Transaction 10 Evaluation over 3 or more months. It turns out that not all transactions were needed. Some transactions were even never used. Transaction 1 often used 75% Transaction 2 often used 86% Transaction 3 often used 97% Transaction 4 rarely used 11% Transaction 5 rarely used 21% Transaction 6 rarely used 8% Transaction 7 rarely used 12% Transaction 8 rarely used 6% Transaction 9 never used 0% Transaction 10 never used 0%

10 Process for self-adjusting authorizations: Evaluation of results by Business- or IT-Department Revised role plus quick wins GREEN: These transactions stay in the role definition. YELLOW: Remain in role definition for now but rare usage is monitored. (e.g. due to completion cycles) RED: Those transactions will be removed. Transaction 1 used often stays in role definition Transaction 2 used often stays in role definition Transaction 3 used often stays in role definition Transaction 4 rarely used monitored Transaction 5 rarely used monitored Transaction 6 rarely used monitored Transaction 7 rarely used monitored Transaction 8 rarely used monitored Transaction 9 never used to be removed Transaction 10 never used to be removed

11 Process for self-adjusting authorizations: Starting phase of self-adjusting roles with SAST-Suite Transaction 4 rarely used under observation Transaction 5 rarely used under observation Transaction 6 rarely used under observation Transaction 7 rarely used under observation Transaction 8 rarely used under observation Transaction 9 never used was removed Transaction 10 never used was removed Determination of a reasonable period of time for the observation phase Within observation phase, rarely used transactions can be accessed without restriction. If SAST SUITE. recognizes the observation phase still running, transactions are assigned to the "Accounting" role. In case of a transaction call is done outside the observation phase, the "missing" transaction gets renewed and automatically assigned. Simultaneously, administrators are getting informed. If a transaction previously removed from the role is called, it can be assigned again but via using the regular approval workflow

12 The Fatburner for your roles: SAST Self-Adjusting Authorizations. Transaction Analysis Productive operation Daily business Cleansing Automatic adjustment Slim authorizations with full control. Less SoD conflicts. Reduction potential for SAP licenses.

13 Self Adjusting Authorizations with SAST SUITE. Key takeaways Significant streamlining of authorizations - without impacting your daily business. Automatic optimization - no need to coordinate with the business departments. Need-based role development on the basis of concrete usage analysis. Less potential for SoD conflicts. Saving lots of resources through process automation. Full transparency in every step and also improved maintainability. Possibility to reduce your SAP license costs

14 Security is simply a good feeling!

15 DO YOU HAVE ANY QUESTIONS? WE ANSWER. FOR SURE. RALF KEMPF Technical Managing Director SAST SOLUTIONS More than 20 years of experience in SAP security services and software development Specializing in security analysis and testing of complex SAP systems Architect of the AKQUINET SAST SUITE Mobil: Web: Copyright AKQUINET AG. All rights reserved. This publication is protected by copyright. All rights, in particular the right of reproduction, distribution, and translation, are reserved. No part of this document may be reproduced in any form (photocopy, microfilm or other process) or processed, copied, or distributed using electronic systems without the prior written agreement of AKQUINET AG. Some of the names mentioned in this publication are registered trademarks of the respective provider and as such are subject to legal provisions. The information in this publication has been compiled with the greatest care. However, no guarantee can be given for its applicability, correctness, and completeness. AKQUINET AG shall assume no liability for losses arising from use of the information.