Access Control for SAP® Environments as a Service
March 21, 2017
Almost everyone struggles with SAP GRC these days. Many companies use outdated, document-centric review processes. They work for months just to compile audit reports, and by the time they remediate their SAP access controls, it’s time to start the whole process again.
Installing a product like the ControlPanelGRC Access Control Suite can be transformative. Suddenly, reports that used to take months are run automatically, and remediation processes that would require you to dig through thousands of pages of records can be handled with a few clicks.
For example, Carlisle Construction Materials was able to cut 80% off SAP security remediation costs, and 75% off annual SAP security administration costs, and save months of data gathering work every year. But is streamlining your SAP GRC process good enough?
The Case For Outsourcing SAP Access Controls
Even with modern SAP access controls, GRC is complex. SAP GRC SOX compliance requires you to implement finely-tuned segregation of duties controls, and remediate potential conflicts. This requires staff who understand the legal framework, technical requirements and business needs — and have time to keep up with constant change in all three domains.
Most organizations simply do not have this combination of skills in-house. But even if yours does, managing SAP access controls internally may not be a logical decision. An in-house SAP GRC program will always be costly compared to outsourcing, and you may be wasting highly-skilled employees on a task that gives you no competitive advantage.
Even from a compliance perspective, Access Control as a Service (ACaaS) is usually a better bet. It’s unlikely you’ll be able to find highly-experienced GRC staff, and there’s a certain amount of risk inherent in having your staff manage its own GRC. A managed services provider that specializes in SAP access controls will be able to leverage their experience more effectively, while reducing risk and administrative overhead by providing a complete SAP GRC solution.
SAP GRC, Security and Compliance — We’ll Take Care of It!
NTT Ltd. provides a complete suite of SAP hosting and managed services, including ACaaS, SAP security and cyber security. Whether you’re looking for someone to install and configure SAP access controls and train your staff, a complete security and compliance solution, or something in between, we’re here to support you.
Scott Goolik is the VP, Compliance and Security Services, Managed Services division of NTT Ltd.