A Global Security & Asset Protection Organization’s Approach to Access Management
How They Achieved Efficient SoD & Access ManagementValue Achieved in Third party
Business processes and technology change at a rapid pace. In the context of change, internal controls over financial reporting, regulatory requirements (e.g., SOX), internal and external auditors, and fraud risk put increased pressure on corporations to ensure ERP systems are secure and access control risks are managed in the context of a dynamic business environment. Segregation of duties (SoD), inherited rights, critical and super user access, and changes to roles are too much for today’s organization to manage adequately in manual processes. A global security and asset protection organization used to manually manage their access control testing in their SAP environments. To address this challenge, they found a solution in ERP Maestro that was not only cost effective, but also enabled them to achieve their goals of efficiency, effectiveness, and agility. GRC 20/20 has evaluated and verified the use of ERP Maestro at this organization and confirms that the ERP Maestro subscription service has achieved measurable value across the elements of GRC efficiency, effectiveness, and agility. In this context, GRC 20/20 has recognized ERP Maestro with a 2014 GRC Value Award in the domain of Identity & Access Management.
- Growing Need for Automated Access Controls & Segregation of Duties
- How a Security Organization Achieved Value in Access Management
- The Situation
- The Value of ERP Maestro at this Global Security Organization
- Identity & Access Efficiency Value
- Identity & Access Effectiveness Value
- Identity & Access Agility Value
- GRC 20/20’s Final Perspective
- About GRC 20/20 Research, LLC
- Research Methodology
©GRC 20/20 Research, LLC. All Rights Reserved.
No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable but cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability whatever for actions taken based on information that may subsequently prove to be incorrect or errors in analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements of fact. GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research should not be construed or used as such.