Edison Group, Inc.

Improve Security with Access Governance Solutions

Organizations face increasing challenges to manage access to applications and data as enterprise systems grow in number, complexity, and variety of deployment options. Access Governance processes and technologies are expanding to meet these new requirements with increased automation and features, leading to improved capabilities. These capabilities both empower users with greater accuracy in delivering the access they need, as well as apply policies and analysis necessary to improve security and monitor access to sensitive applications and data.

Access Governance has its roots in managing access for finance and other critical enterprise applications over the last decade. As organizations and technology have grown more complex, these same processes and technology are proving to be well adapted to be deployed enterprise-wide. Organizations are able to leverage the same audit processes and analysis capabilities for other systems using a common governance platform.

While Identity Access Management (IAM) vendors have added Segregation of Duties (SoD) and analysis capabilities, they are not well-suited to address the specific requirements for Enterprise Resource Planning (ERP) and other complex business applications. These systems have thousands of highly specific and customizable role definitions often specific to numerous business processes. ERP specific solutions often lack the ability to connect to other IT systems, and are missing key role management capabilities necessary to organize and structure user administration. In addition, policies for governing access have expanded beyond just SoD, and the narrow application of these policies to just an ERP system is no longer sufficient.

Regulatory requirements around data privacy and data protection are only increasing, and the IT landscape is changing as organizations shift to best in breed business applications with various deployment options, whether they be on-premises, cloud, or hybrid models.

What is Access Governance?

Access Governance processes and technology aim to efficiently govern users and permission assignments within business applications and IT systems considering business risk, and in the process driving provisioning. This enables greater transparency over access assignments, shows why they need the access and who approved it, and reveals what they’ve done with their access. Critical capabilities of access governance solutions include:

Explore to Learn More…

The success or failure of implementing a sustainable access governance solution hinges in many cases on three main factors: breadth and strength of the above capabilities, adoption of the business and satisfaction of IT’s long-term and strategic goals.

Key Considerations for a Sustainable Solution

The keys for implementing a successful, sustainable access governance program lie both in the technology as well as the process. Edison encourages organizations to evaluate their long-term needs both from a business and IT perspective across each of the critical capabilities mentioned below.

Explore to Learn More…

Building the Business Case for Automation

The business case for investing in an automated access governance solution should consider not only objectives for IT efficiency, compliance, and increased security, but the business as well. While typically driven by IT, these solutions ultimately will benefit the business by reducing the time to complete access requests, compliance reviews, and more.

Explore to Learn More…

Recommendation for SAP-Centric Environments

Edison has concluded that SAP's solutions for Access Governance provide the best able to answer the requirements and challenges detailed here for SAP-centric environments, due to its breadth of capabilities, tight integration with SAP applications and technologies, and enterprise-wide expandability.

SAP Access Control enables organizations to govern access to applications and data on an enterprise-wide basis. SAP Access Control delivers capabilities for analysis and remediation of SoD and sensitive access policy violations, compliant provisioning, role management, emergency privilege management, and privilege attestation. While most companies to date have looked to SAP to provide access control for their SAP ERP environments, a growing number of organizations have extended the solution beyond their ERP and SAP environments.

Case studies show that customers reported that by implementing SAP Access Control they were able to not only see process-level access governance benefits, but also elimination of overhead and maintenance costs by eliminating disparate solutions.

The new SAP Access Violation Management by Greenlight solution is complimentary to SAP Access Control, and shows the financial exposure to the business from segregation of duties.

Edison advises that enterprises seeking to exercise a firmer and more confident control over access in order to deter risk strongly consider deploying SAP Access Control.

Appendix: Case Studies

Systems Under Comparison
Edison Group reviewed four case studies provided by SAP. Each described the company’s objectives and experiences with SAP Access Control, as well as the benefits that were achieved as a result of its deployment. The case studies are summarized in Table 1: Summary of SAP Customer Experiences with SAP Access Control. For a more detailed description of the each company, its objectives, implementation considerations, and benefits, click on the company name in the table.

Summary of SAP Customer Experiences with SAP Access Control
Enable systematic authorization approval according to user clearance levels within the SAP ERP application   Increase reporting and monitoring of authorizations   Deploy a systematic and efficient way of handling governance, risk, and compliance across 64 offices, 63 development centers, and 150,000 employees worldwide   Strengthen the governance model for data and access control
Click to View   Click to View   Click to View   Click to View