Topics in this article

Accelerating a SAP security redesign

Executing a SAP security redesign is like fixing up a house. If the structure is sound, it makes sense to work with what you have – patch up the roof, knock out a wall here, add a room there, put a fresh coat of paint on everything and you’re done.

But what if the house is old, decrepit and crumbling? You can’t just build an addition if the structure isn’t sound or if there’s mold growing in all of the walls. Even minor changes can require major foundation work. At a certain point, there’s just no point in fixing it all; you’ve got to start anew.

Many organizations have a SAP security landscape that’s past the point of fixing. Their sagging segregation of duties (SoD) rules are patched together in a complex and inconsistent way – like building materials that just don’t fit. Their SAP security model has gaps like massive holes in the floor. Their change management process is like a decaying and slowly collapsing foundation. And unsuccessful audit remediations are piled up everywhere. Clearly, it’s time for an overhaul.

A SAP security redesign can replace an unusable security model

Unfortunately, the above situation is common even among mature businesses, as they move away from document-centric controls. Decades of ad hoc security tend to build up into complicated and inconsistent habits. Trying to build on top of these controls drastically complicates the SAP security model. For example, before we automated SAP controls for a manufacturing company and building materials supplier, the company attempted, internally, to manually revamp its security model. The organization ended up with an unusable system – with 3,000 roles for just 700 internal users. After the remediation project executed by NTT’s Managed Services division, the customer reduced complexities, improved its security posture and saw a 75% reduction in annual SAP security administration costs.

Setting up a GRC system with usable output can also be tremendously difficult without a SAP security redesign. Companies often end up trying to reverse-engineer their business processes and compliance procedures, and have to customize their GRC software or create complex workarounds. Output is often completely indecipherable and typically missing some needed functionality, making remediation and even analysis difficult.

We can make a SAP security redesign easy

The good news is that a SAP security redesign doesn’t have to be as stressful as rebuilding a house. It doesn’t require permits, heavy equipment and difficult design decisions. It just takes a partner who understands SAP security design and knows how to build a system that lets you do your job while minimizing risk.

We use a combination of cutting-edge software tools and industry-leading security expertise to reduce the timeline and cost of a SAP security design by over 50%. Our ControlPanelGRC SAP® Security Acceleration Suite helps with both routine security troubleshooting and comprehensive SAP security redesign tasks – from automating security testing across your SAP landscape to physically constructing your new security model in the few clicks of a button.

Our SAP Security Complete Plus GRC service goes even further, providing a complete security and compliance solution – from planning a SAP security redesign to supporting continuous SAP security and compliance. We can offer any level of support your organization needs, from empowering your internal SAP security team with the tools and training they need, to providing a managed security and compliance solution for your entire organization.

Contact us to learn how we can build you a better SAP security solution, from the ground up.

Ben Uher is the director of SAP compliance and security at the Managed Services division of NTT Ltd.