Have You Spotted The Risk Yet?06, June 2018
SAPPHIRE NOW is here – the biggest event of the year that brings technological innovation to the best-run businesses that run SAP. We are here amidst the digital renaissance led by amorphous cloud, cloned digital twins, and blockchains. And we are here with our own quiet revolution, asking a seemingly innocent question “Can you spot the risk?”
What is the risk?
The risk in question is the one that is on the mind of every IT security team regardless of the industry or the size of the company – cybersecurity attacks. In a recent ERP Maestro commissioned survey of ASUG members, over half of the members expressed concern over the security of their SAP data. Rightfully so, given that 76 percent of the world’s transaction revenue is processed by SAP. As we roll into Day #2 of the event, we continue to get a steady flow of SAP customers who walk into our booth asking, “So how can I spot the risk?” While most are aware of the presence of a risk, not many know that over 75 percent of all cybersecurity attacks are carried out by insiders within the company. And that most of these internal threats are purely accidental with no malicious intent. That brings us back to our question – So, how can you spot the risk? Here is a hint, nearly 80 percent of all insider attacks are known to be caused by the lack of efficient access controls.
How do you spot it?
Ask the maestros in ERP and GRC and they will tell you to look for privileged users, conflicts in segregation of duties (SoD) and the lack of visibility into who has access to what within the company. Simply understanding this can help you detect, prevent and deter fraud. Or you can see for yourself when you drop by our Booth #1226 in the next two days.
Why risk it?
Best practice calls for putting forth detective controls to sniff out these risks on a timely basis and keep your SAP environment safe and secure. This is usually done through periodic user access reviews where the review admin, usually the IT administrator, pulls out spreadsheets with the access details for every single employee. However, it is not much of a detective control, when the business owners who review the tcodes, roles, and authorizations, in a process called ‘rubber-stamping’ approve all without really understanding what they approved.
Our latest solution to the suite of access controls, launched yesterday, right here at SAPPHIRE NOW– Access Reviewer – solves this problem. It allows admins to instantly create new reports, assign them to reviewers, track review status, send reminders, notifications – all without leaving the app. Reviewers, on the other hand, get everything they need, to understand the reviews assigned to them and take necessary action.
Enough of this risky business
For those of you who couldn’t make it to Orlando or haven’t had the chance to visit us at our Booth #1226, here is a snapshot of all the action that was Day#1 of Sapphire Now for us!
To find us, simply follow the aroma of fresh popcorn!
Join us for a drink or two at our booth this evening from 4- 6 P.M. to talk about digital transformations happening right here at Sapphire Now.