If you’re in the SAP Security field you ought to know that with a complex application like SAP, it is really not sufficient to only secure the communication and only prevent people from logging in from external IPs. The “big money” lies in the data: an employee who commits fraud or sells sensitive customer data to the outside can generate a huge financial loss for the company, not to mention possible law suits and negative impact from bad PR.
Using ProfileTailor Dynamics for SAP Security you can:
- Monitor user activity and pinpoint suspicious and sensitive actions
- Get alerts about irregular activity that could potentially lead to fraud
- Prevent risks before they happen by identifying unused sensitive authorizations and eliminating them
Monitor Your Employee Activity
SAP ERP is a production environment; your users are actively performing many, many activities and producing huge amounts of data. It’s simply not possible to monitor it by yourself, so to take control over it, you must use a computerized system. The ProfileTailor Dynamics system monitors user activity and builds a business profile for each employee. This business profile is the “intelligent summary” of the business activities a person performs in a given application, a sum of all their business-related activities, minus accidental mistakes, and plus the implied and normal activities of the position. A business profile contains activities, organizational objects that the employee has been using (like plant lists, sales organizations, etc.), business functions that have been executed, and more. Using a business profile makes it possible to narrow down required authorizations, and identify irregular activity and hacking attempts. Read more about behavior based profiling and SAP security.
Applicative SAP Security: Identify Suspicious Activity
SAP Security in the application level is all about monitoring user activity, and identifying irregular activity, usage of sensitive activities and attempts to take over privileged user accounts. This is the reason that ProfileTailor Dynamics allows you to:
- Quickly identify users who are using sensitive activities, such as for viewing HR information or transferring money
- Get alerts about users who are performing unexpected activities, like a warehouse employee who is viewing invoices
- Be notified about the creation of new users, users who have moved positions and still use their old permissions, and other important scenarios
ProfileTailor Dynamics was made specifically for the application security administrator and has become their key tool for maintaining control. See what it’s all about – ask for a demo now.
Implement Workflow Processes with Proper Controls
Putting Workflow Processes in place is the heart of effective SAP Security. If you have good workflow processes for authorization-related topics you can be monitoring them instead of performing them. This will maximize your value as an SAP Security manager and will free up your time for more important tasks.
With ProfileTailor Dynamics for SAP Security, you can implement the following preconfigured workflow processes:
- Workflow process for requesting new authorizations: This process begins with issuing a request for a new authorization, goes through to obtaining a direct manager’s approval and CISO approval, if needed, and from there automatically granting the authorization. Read more about our Authorization Request workflow.
- Workflow process for creating new user accounts and then granting them the appropriate authorizations: Starting with a trigger in the HR system, this process allocates and grants the best authorizations for each user account through a set of workflow steps and approvals.
- Workflow process for eliminating user accounts following the HR event “Leave.”
- Periodic process of authorization recertification: A pre-configured process for authorization review in which managers can be reassured that their employee authorizations are still required. Get more details about the authorization review process here.
- Allow Emergency Access to production, carefully: Use a comprehensive workflow process to allow safe, instant power access to production environments by the IT team. Learn more about the Emergency Access process here.
Be the SAP Security Inspector by focusing on the critical tasks. Automate authorization-related processes using ProfileTailor Dynamics, and enjoy peace of mind.
Reduce Unused Authorizations and Eliminate Unnecessary Risks
In the modern concept of SAP Security, unrequired authorizations have the potential for misuse and are therefore considered risks. ProfileTailor Dynamics for SAP Security monitors user activity, compares it to the granted authorizations and identifies unused authorizations. Then, it recommends reducing authorizations on the user level and on the organizational level, thus narrowing down the overall size of the authorization structure and significantly reducing maintenance costs. For SAP Security, ProfileTailor Dynamics includes a set of matrices and reports like:
- Activity and Authorization Roles Usage – identify which user can do what (e.g. who can transfer money), and which user hasn’t used their granted permissions in the past year
- Unused Authorization Roles and Unused Activities – spot and eliminate roles and activities which are not being used – and increase your SAP Security level significantly
- Best Role to Grant – using ProfileTailor RoleAdvisor, you can know what the best role is to grant to a user – and minimize the risk of having too many authorizations.
Be Ready For the Future
With cloud and non-cloud applications existing together in the enterprise environment, it's a new game for hackers and for SAP security managers. Sophisticated hackers who plan their attack wisely and quietly focus on core applications. They execute attacks that begin with false purchase orders or false production orders and that end with money in an untraceable bank account. These types of fraud are extensive and very hard to identify, eliminate and trace back to the source – if you don’t have the proper technology. The only way to identify and eliminate these kinds of attacks is by using business profiles and identifying irregular activity. ProfileTailor Dynamics enables you to do this now – so you can stop the next-generation of hacking attempts.
Take control over your SAP Security. Get your demo now!