By Anand Kotti, Senior SAP Engineer, NextLabs
As companies grow and expand globally, there is an increasing number of enterprise application users, and with this growth, an ever increasing risk of security breaches and violations. As enterprises are becoming more susceptible to security risks and violations from internal users, businesses are moving towards implementing more preventative measures rather than staying in reactive mode.
SAP GRC enables organizations to establish effective internal controls, along with processes to make sure these controls remain consistent, updated and cost-effective to manage. Administrators can now use a single SAP GRC framework to monitor and enforce business, compliance and security policies across the enterprise. SAP has enhanced the GRC offering to include the SAP Dynamic Authorization Management by NextLabs to ensure that companies can quickly adapt to changing policies and streamline enforcement and administration of those policies.
GRC customers can now integrate more fine-grained contextual information about the user. This information can include location, project, cross-departmental access, territory, and real-time segregation of duties attributes. The tight integration provides real-time risk enforcement to prevent misappropriation of information before it happens. Customers can monitor and track all activity.
Segregation of duties violation example:
- Charles can maintain a vendor master and post a vendor invoice payment.
- Charles can maintain his own vendors and transfer money to the vendors at any time without external authorization . It poses a huge financial risk for business.
With SAP Dynamic Authorization Management implementation:
Case #2.1 – There are no mitigating controls in place in GRC rule set for SOD Violation:
- When Charles performs the action of paying the vendor he created, he is blocked.
Case #2.2 – There are mitigating controls in place in GRC rule set for SOD Violation:
- When Charles performs the action of paying vendor he created, Charles has an option to move forward by signing an NDA (SAP DAM self attestation feature).
In all the use cases discussed above, the activity performed by Charles is recorded and reported back to SAP DAM Analytical Dashboard.