The security departments of organizations using SAP face a number of challenges. One set of problems stems from the fact that, since their expertise lies in the area of information security - and not in the complex workings of SAP --- including the problematic issue of authorizations --- they must rely on internal SAP specialists in order to retrieve security-related information from the SAP system. 

Another group of problems is SAP-related. Since the focus of SAP is not security, many critical security features and capabilities are simply not part of the system. For example, a lack of definitions for privileged access to information - with the consequent granting of inappropriate privileged authorizations such as SAP-ALL and SAP-NEW - can needlessly endanger organizational security. Security can be further compromised by the accumulation of unnecessary authorizations - collected and never discarded as people change roles in an organization. Typically, more than 93% of authorizations are unused and easily exploited! Other SAP-related issues include cumbersome audit trail access, lack of control over multiple ghost, dormant or dead accounts, and incomplete logging of activities.

The currently available SAP security solutions were developed specifically to answer compliance requirements such as the implementation and enforcement of SoD (Segregation of Duties) policies - and to monitor sensitive transactions. They do not provide a comprehensive solution that can prevent security breaches - and do not overcome the significant security omissions in the system.

Furthermore, due to the basic structure of SAP security, which is static, the system often fails to identify unwanted events in a timely fashion, and is therefore unable to prevent damage to the organization. These events are often discovered only during an audit, or following a customer query.

To adequately protect the organization, Security Officers need:

• a friendly interface into SAP that does not require SAP expertise
• a method of automatically collecting and analyzing critical data in real time
• a method of automatically comparing authorizations that have been granted with authorizations actually being used
• a method of reducing the number of authorization roles; creating specific, dedicated roles; narrowing authorizations; revoking privileged authorizations such as SAP_ALL
• a system of real-time alerts regarding unusual or unacceptable behavior

CISOs need an advanced tool that can pinpoint that one individual among hundreds or thousands of SAP users who changes his/her behavior ... who may be supplying a competitor with sensitive information, or who may want to hack into the system and wreak havoc. 

XPANDION's ProfileTailor Dynamics meets this challenge, delivering a totally new approach to information security. Based on real-time user profiling, it simplifies and automates SAP security, identifying unusual behavior BEFORE it damages the organization.  

ProfileTailor Dynamics provides:

• easy- to-use web interface requiring no SAP expertise
• total visibility of actual real-time authorization usage
• unique, detailed usage profile for every SAP user
• online behavior monitoring and real-time alerts
• complete audit trail

ProfileTailor Dynamics enhances organizational security via continuous monitoring of actual real-time use of SAP authorizations.