SAP GRC: Digital Transformation Series, Part III

Today we continue our blog series on digital transformation. (For an overview on the topic, be sure to check out the first post in the series.) In our most recent post, we walked through 2 of 4 key areas to consider when it comes to digital transformation: Network security and SAP capabilities. Now, let’s take a look at the remaining key areas: Governance, risk management, and compliance–collectively known as GRC–and physical security. 

Consider these 3 main components to GRC: SAP Security, SAP Early Watch (pattern recognition), and Audit. Another way to think about GRC is establishing logical boundaries around roles and responsibilities and each employee’s related system access. In other words, no single person can complete all steps in the process. Here’s an example: If you cut the purchase order, you cannot be the one who approves the payment.

GRC can be difficult to design, implement, SAP GRC Best Practices for Business Securityand maintain successfully. It requires someone–or a team–with experience. You need to ensure that the right people have the right access to be able to do their jobs. At the same time, it is vital that the “slice of the pie” each employee sees is necessary to their role, defined, and secured. Also, this is not a “one and done” scenario. As the business evolves and changes, so do the roles and the unique access that each of the roles has within the organization. Strategic role design and maintenance is an ongoing process which is critical to the security of your organization.

Uniquely, the concern around establishing best practices in GRC is not about “getting hacked,” as it is for many aspects of digital business management. The focus is on limiting scenarios where someone may see a vulnerability and use it to defraud you. Controlling employee access is critical to limit opportunities for fraudulent behavior– but that access control is not limited to only employees.

In today’s interconnected environment, your vendors, suppliers, and customers may all have access points into your system. These access points all need security roles assigned to them to limit the view to only the appropriate and relevant information for the actor’s role. As an example, an external actor could see proprietary information and sell it to a competitor. Each partner or vendor should only see what is most relevant to and required for their specific role in the larger process.

Within your organization’s SAP framework, BPML–Business Process Mapping List–establishes employee and vendor access. GRC creates profiles in such a way that it encircles all relevant functionality before linking that role to a person. The truth of the matter is that many companies give people way too much access by accident!

GRC SAP Digital and Physical SecurityStandard SAP GRC risk detection and auditing settings compile reports and grant access to internal and external audits. This allows pattern recognition functionality to detect where key elements of your security infrastructure may have changed unexpectedly or where other gaps in the system may exist.

That brings us to Number 4: physical security. Identification procedures fall into this category–being sure that someone cannot get in, pretending to be someone they are not. Along those lines, when a consultant’s contract ends, it’s crucial to lock out their access immediately so that they can no longer access the premises, or the sensitive systems inside the premises. Whether you are building from the ground up, undergoing an expansion, or moving to a “new to you” space, make physical security a part of the discussion upfront.

As explored through our 3-part series, digital transformation and security is a broad-reaching topic that weaves into all aspects of your business. A successful digital ERP implementation or upgrade is based on a holistic view of security structure including external partners, project teams, and internal resources. Invest in bringing together these moving pieces to ensure a secure digital and physical environment for your organization’s assets. If you have questions about digital upgrades in SAP and Oracle, want to talk about staffing support options, or even need to fill a role immediately, be sure to contact us today. We look forward to helping you optimize your business operations as the digital world continues to grow and evolve.

Network Security & SAP Capabilities: Digital Transformation Series, Part II

Welcome to the second post in our blog series on digital transformation. As mentioned in our series kickoff, digital transformation security can be divided into four key areas: network security, SAP capabilities, SAP GRC (roles and access), and physical security. Let’s dive right into what those categories include, beginning with network security.

If you were to bring up the topic of technological security with a group of colleagues, chances are it’s network security that would first come up in discussion. Intrusion and phishing are a few of the main areas that fall into this category. In the case of intrusion, we’re talking about the detection of network entry without proper authorization. And, unfortunately, we’ve all seen phishing in action–fraudulent messages that seek to obtain personal, valuable information, and designed to look as though they were from a reputable organization. In order to maintain a truly secure system, all access points into your network, such as VPNs, need to be secured. The Vortex team is very aware of these threats and makes network security an integral part of every project, whether that’s including our own security experts in a full staffing scenario or collaborating with your on-staff security team during an SAP setup or upgrade.

This brings us to the second key area of digital security–SAP capabilities, our sweet spot. A core feature of SAP is that it helps to establish baseline security patterns, then detects when there are variations from those base guidelines. SAP is loaded with inherent process-based security capabilities that work toward detecting and preventing fraud and architecture issues:

  • Optical Scanning Tools, used in tandem with AI for managing and securing invoicing practices
  • Dispute Management tools for detecting irregularities in disputes or payments
  • Quality Management and audits for dealing with claims that there is an issue with your product quality
  • Accounts Receivable and Incoming Payments tools for analyzing who you owe and who owes you
  • Tools for detecting Internal Issues, such as identifying “bad apples” who may be trying to defraud the company
  • Tools for detecting Money Routing Irregularities by visualizing patterns where company money is moving

Machines and systems can recognize patterns in a way that humans cannot. Humans have the ingenuity, once these critical pieces of information are identified, to see things from different angles and make sense of situational information based on experience and expertise. It’s the experience of our senior leadership team and vast network of consultants that allows Vortex to recognize capabilities and apply them in unique ways for the benefit of our clients.

Network security and SAP capabilities are 2 of the 4 critical areas SAP Cloud symbol for network securitycomprising your holistic security architecture, and when discussing these, there’s another topic that cannot be excluded from the conversation–understanding security of cloud vs. on-premise. Simply said, the more you go on-premise with your SAP investment, the more SAP performance ability you give up. The powerful SAP cloud platform has stronger capabilities and is a sound, secure choice for your business in the long term.

What questions do you have about network security for SAP? Drop us a line or reach out on social media: LinkedIn and Twitter. Tune in for the next in our series on digital transformation security, where we’ll discuss GRC and physical security, coming soon here on the Vortex Consulting blog. 

Digital Transformation Security Goes Beyond Network Security

Digital transformation is a hot topic these days–but in reality it’s not a new one. Professionals in the ERP technology space have been moving businesses from old technology platforms to cutting edge software for over 30 years. Here at Vortex Consulting, we’ve been in business for 25 years, working in digital transformation–as seen in products like Oracle Cloud and SAP S/4HANA. Continue reading this first blog post in our new series and follow along for others in the upcoming months.

So why has research and development surrounding digital transformation been deemed so critical for over 3 decades? A key reason: efficiency. Digitizing workflow, storage, and processes in general means eliminating time-consuming, repetitive, inefficient tasks. It brings meaningful and successful automation to standard business processes, all while integrating data efficiently. As an example, let’s look at the process of invoicing. Long gone are the days of needing to manually scan an invoice, organize paper files, collect and match up payments, etc. All of this can be done digitally–it’s streamlined, takes less time and energy, and frees up employees to do more valuable work. Product orders are even transferred to third party logistics providers who automatically determine the most efficient delivery routes, can combine loads, and automatically select the lowest cost delivery options. 

Business owner with SAP compares low cost delivery options

There are newer technologies coming into play that add to the discussion of what is possible in digital transformation. The Internet of things (IoT), artificial intelligence (AI), data lakes, and improved pattern detection capabilities are each transformative in their own right. At the time of publishing this post, discussions about AI are dominating social spaces as its uses are tested in education, healthcare, information management, and beyond. 

Female business owner monitors SAP digital transformation

As application specialists, Vortex works in the realm of these digital technologies on every project. The SAP platform is at the core of the system, with SAP and third party satellites communicating as a network, enabling automation and digital flows of information–all of which must be secured. (Our work with Oracle-based clients functions in a similar way.) Adding to the complexity of the situation, there are always evolving technologies which require the integration of handheld devices, sensors, and portals that extend the network and must be integrated into SAP. With the introduction of more middleware tools to the SAP setup, those assets must be secured as well.

When it comes to digital transformation security, we’ve learned there are really 4 buckets: network security, SAP capabilities, SAP GRC (roles and access), and physical security. Throughout this blog post series, we’ll take a deep dive into each of those key areas. If you have questions you’d like us to address, reach out on Twitter or send an email to let us know. Watch for the next in our digital transformation security series soon.