Xpandion Solves Critical SOD Problem for SAP® Users
Xpandion introduces the first solution to combine SoD auditing and behavioral analysis of real-time usage
Tel Aviv, Israel, June 10, 2011 - Xpandion, a leading provider of software solutions for enterprise security and licensing products for SAP®, today announced the release of a breakthrough new product, ProfileTailor™ SoD as part of the ProfileTailor™ Suite of solutions. Responding to customer demand, Xpandion now provides enterprises with a full SOX/SoD (Segregation of Duties) solution that includes unique behavioral based compensating controls. This solution is also the first that answers a common need of customers to define forbidden combinations, not only according to activities and authorization objects, but also to authorization roles, while including all standard SOX/SoD auditing capabilities.
Based on the unique ability of the entire ProfileTailor™ Suite to create a dedicated profile based on actual usage, this solution identifies SoD violations on both the static level of granting authorizations - and on the dynamic level, as a compensating control. The out-of-the-box, unique new approach for compensating controls can save enterprises months of manual planning of controls and at least two months annually auditing them. A ‘What If’ simulator prevents conflicts by testing in advance whether granting a user an authorization role or activity will violate any of the SoD rules --- and prevents any potentially problematic authorizations.
Addressing another common customer requirement, ProfileTailor™ SoD also allows the definition of SoD violations on the authorization role level. “Many enterprises have discovered that it is easier for them to define combinations of roles instead of activities when designing their SoD compliance process. For example, they may define the combination of Accountant and Sales Manager - as forbidden,” said Moshe Panzer, Xpandion CEO. “However, until ProfileTailor™ SoD, there was no other solution that could support this method of compliance. Instead, these enterprises were being forced to reconstruct their entire matrix of rules to the level of activities, which was an extremely expensive and time consuming process”. Mr. Panzer added that “according to Xpandion’s research, the implementation of ProfileTailor™ SoD in a company that implemented a role-based rules-set can save the company, on average, 6 months of teamwork.”
External to SAP, the solution is easy to install, deploy and use. It automatically monitors all SAP applications from a single vantage point, analyzes the data, identifies policy violations, and prevents sensitive authorization changes. Tracking users’ behavior and sending immediate alerts regarding SoD violations, the solution provides managers the ability to respond to risks in real-time.
Xpandion’s webinar on behavior based SoD monitoring will take place on Wednesday, June 29, 2011 at 6PM EST. To register, please email firstname.lastname@example.org.
* * * * *
Focused on the areas of SAP® security and licensing, Xpandion creates user-friendly, easily deployed, automated management solutions for SAP's global customers that are available as classic enterprise or SaaS/Cloud based software. Xpandion's ProfileTailor™ Suite delivers unprecedented visibility of actual, real-time SAP® authorization usage – enabling significant improvements in enterprise security, including reduction of fraud and leakage of sensitive data. It is the first solution that detects and alerts to deviations in behavior in real time - including deviations from SoD (Segregation of Duties) rules. The ProfileTailor™ Suite creates a thin and controllable SAP system that can be easily managed with substantially reduced effort and resources allowing enterprises to then maintain ongoing control of their SAP licenses and authorization usage. Xpandion's LicenseAuditor optimizes SAP investments, enabling considerable savings through the identification of dormant, underused, duplicate and misclassified users. Xpandion is a SAP® Partner and proud member of the SAP® PartnerEdge Program
SAP® and SAP® GRC are registered trademarks of SAP AG in Germany and in several other countries.
Daniela Sztulwark - Marketing Manager
Xpandion – SAP® Software Solutions