SAP GRC: Digital Transformation Series, Part III

Today we continue our blog series on digital transformation. (For an overview on the topic, be sure to check out the first post in the series.) In our most recent post, we walked through 2 of 4 key areas to consider when it comes to digital transformation: Network security and SAP capabilities. Now, let’s take a look at the remaining key areas: Governance, risk management, and compliance–collectively known as GRC–and physical security. 

Consider these 3 main components to GRC: SAP Security, SAP Early Watch (pattern recognition), and Audit. Another way to think about GRC is establishing logical boundaries around roles and responsibilities and each employee’s related system access. In other words, no single person can complete all steps in the process. Here’s an example: If you cut the purchase order, you cannot be the one who approves the payment.

GRC can be difficult to design, implement, SAP GRC Best Practices for Business Securityand maintain successfully. It requires someone–or a team–with experience. You need to ensure that the right people have the right access to be able to do their jobs. At the same time, it is vital that the “slice of the pie” each employee sees is necessary to their role, defined, and secured. Also, this is not a “one and done” scenario. As the business evolves and changes, so do the roles and the unique access that each of the roles has within the organization. Strategic role design and maintenance is an ongoing process which is critical to the security of your organization.

Uniquely, the concern around establishing best practices in GRC is not about “getting hacked,” as it is for many aspects of digital business management. The focus is on limiting scenarios where someone may see a vulnerability and use it to defraud you. Controlling employee access is critical to limit opportunities for fraudulent behavior– but that access control is not limited to only employees.

In today’s interconnected environment, your vendors, suppliers, and customers may all have access points into your system. These access points all need security roles assigned to them to limit the view to only the appropriate and relevant information for the actor’s role. As an example, an external actor could see proprietary information and sell it to a competitor. Each partner or vendor should only see what is most relevant to and required for their specific role in the larger process.

Within your organization’s SAP framework, BPML–Business Process Mapping List–establishes employee and vendor access. GRC creates profiles in such a way that it encircles all relevant functionality before linking that role to a person. The truth of the matter is that many companies give people way too much access by accident!

GRC SAP Digital and Physical SecurityStandard SAP GRC risk detection and auditing settings compile reports and grant access to internal and external audits. This allows pattern recognition functionality to detect where key elements of your security infrastructure may have changed unexpectedly or where other gaps in the system may exist.

That brings us to Number 4: physical security. Identification procedures fall into this category–being sure that someone cannot get in, pretending to be someone they are not. Along those lines, when a consultant’s contract ends, it’s crucial to lock out their access immediately so that they can no longer access the premises, or the sensitive systems inside the premises. Whether you are building from the ground up, undergoing an expansion, or moving to a “new to you” space, make physical security a part of the discussion upfront.

As explored through our 3-part series, digital transformation and security is a broad-reaching topic that weaves into all aspects of your business. A successful digital ERP implementation or upgrade is based on a holistic view of security structure including external partners, project teams, and internal resources. Invest in bringing together these moving pieces to ensure a secure digital and physical environment for your organization’s assets. If you have questions about digital upgrades in SAP and Oracle, want to talk about staffing support options, or even need to fill a role immediately, be sure to contact us today. We look forward to helping you optimize your business operations as the digital world continues to grow and evolve.

Digital Transformation Security Goes Beyond Network Security

Digital transformation is a hot topic these days–but in reality it’s not a new one. Professionals in the ERP technology space have been moving businesses from old technology platforms to cutting edge software for over 30 years. Here at Vortex Consulting, we’ve been in business for 25 years, working in digital transformation–as seen in products like Oracle Cloud and SAP S/4HANA. Continue reading this first blog post in our new series and follow along for others in the upcoming months.

So why has research and development surrounding digital transformation been deemed so critical for over 3 decades? A key reason: efficiency. Digitizing workflow, storage, and processes in general means eliminating time-consuming, repetitive, inefficient tasks. It brings meaningful and successful automation to standard business processes, all while integrating data efficiently. As an example, let’s look at the process of invoicing. Long gone are the days of needing to manually scan an invoice, organize paper files, collect and match up payments, etc. All of this can be done digitally–it’s streamlined, takes less time and energy, and frees up employees to do more valuable work. Product orders are even transferred to third party logistics providers who automatically determine the most efficient delivery routes, can combine loads, and automatically select the lowest cost delivery options. 

Business owner with SAP compares low cost delivery options

There are newer technologies coming into play that add to the discussion of what is possible in digital transformation. The Internet of things (IoT), artificial intelligence (AI), data lakes, and improved pattern detection capabilities are each transformative in their own right. At the time of publishing this post, discussions about AI are dominating social spaces as its uses are tested in education, healthcare, information management, and beyond. 

Female business owner monitors SAP digital transformation

As application specialists, Vortex works in the realm of these digital technologies on every project. The SAP platform is at the core of the system, with SAP and third party satellites communicating as a network, enabling automation and digital flows of information–all of which must be secured. (Our work with Oracle-based clients functions in a similar way.) Adding to the complexity of the situation, there are always evolving technologies which require the integration of handheld devices, sensors, and portals that extend the network and must be integrated into SAP. With the introduction of more middleware tools to the SAP setup, those assets must be secured as well.

When it comes to digital transformation security, we’ve learned there are really 4 buckets: network security, SAP capabilities, SAP GRC (roles and access), and physical security. Throughout this blog post series, we’ll take a deep dive into each of those key areas. If you have questions you’d like us to address, reach out on Twitter or send an email to let us know. Watch for the next in our digital transformation security series soon.