SAP GRC: Digital Transformation Series, Part III

Today we continue our blog series on digital transformation. (For an overview on the topic, be sure to check out the first post in the series.) In our most recent post, we walked through 2 of 4 key areas to consider when it comes to digital transformation: Network security and SAP capabilities. Now, let’s take a look at the remaining key areas: Governance, risk management, and compliance–collectively known as GRC–and physical security. 

Consider these 3 main components to GRC: SAP Security, SAP Early Watch (pattern recognition), and Audit. Another way to think about GRC is establishing logical boundaries around roles and responsibilities and each employee’s related system access. In other words, no single person can complete all steps in the process. Here’s an example: If you cut the purchase order, you cannot be the one who approves the payment.

GRC can be difficult to design, implement, SAP GRC Best Practices for Business Securityand maintain successfully. It requires someone–or a team–with experience. You need to ensure that the right people have the right access to be able to do their jobs. At the same time, it is vital that the “slice of the pie” each employee sees is necessary to their role, defined, and secured. Also, this is not a “one and done” scenario. As the business evolves and changes, so do the roles and the unique access that each of the roles has within the organization. Strategic role design and maintenance is an ongoing process which is critical to the security of your organization.

Uniquely, the concern around establishing best practices in GRC is not about “getting hacked,” as it is for many aspects of digital business management. The focus is on limiting scenarios where someone may see a vulnerability and use it to defraud you. Controlling employee access is critical to limit opportunities for fraudulent behavior– but that access control is not limited to only employees.

In today’s interconnected environment, your vendors, suppliers, and customers may all have access points into your system. These access points all need security roles assigned to them to limit the view to only the appropriate and relevant information for the actor’s role. As an example, an external actor could see proprietary information and sell it to a competitor. Each partner or vendor should only see what is most relevant to and required for their specific role in the larger process.

Within your organization’s SAP framework, BPML–Business Process Mapping List–establishes employee and vendor access. GRC creates profiles in such a way that it encircles all relevant functionality before linking that role to a person. The truth of the matter is that many companies give people way too much access by accident!

GRC SAP Digital and Physical SecurityStandard SAP GRC risk detection and auditing settings compile reports and grant access to internal and external audits. This allows pattern recognition functionality to detect where key elements of your security infrastructure may have changed unexpectedly or where other gaps in the system may exist.

That brings us to Number 4: physical security. Identification procedures fall into this category–being sure that someone cannot get in, pretending to be someone they are not. Along those lines, when a consultant’s contract ends, it’s crucial to lock out their access immediately so that they can no longer access the premises, or the sensitive systems inside the premises. Whether you are building from the ground up, undergoing an expansion, or moving to a “new to you” space, make physical security a part of the discussion upfront.

As explored through our 3-part series, digital transformation and security is a broad-reaching topic that weaves into all aspects of your business. A successful digital ERP implementation or upgrade is based on a holistic view of security structure including external partners, project teams, and internal resources. Invest in bringing together these moving pieces to ensure a secure digital and physical environment for your organization’s assets. If you have questions about digital upgrades in SAP and Oracle, want to talk about staffing support options, or even need to fill a role immediately, be sure to contact us today. We look forward to helping you optimize your business operations as the digital world continues to grow and evolve.

Network Security & SAP Capabilities: Digital Transformation Series, Part II

Welcome to the second post in our blog series on digital transformation. As mentioned in our series kickoff, digital transformation security can be divided into four key areas: network security, SAP capabilities, SAP GRC (roles and access), and physical security. Let’s dive right into what those categories include, beginning with network security.

If you were to bring up the topic of technological security with a group of colleagues, chances are it’s network security that would first come up in discussion. Intrusion and phishing are a few of the main areas that fall into this category. In the case of intrusion, we’re talking about the detection of network entry without proper authorization. And, unfortunately, we’ve all seen phishing in action–fraudulent messages that seek to obtain personal, valuable information, and designed to look as though they were from a reputable organization. In order to maintain a truly secure system, all access points into your network, such as VPNs, need to be secured. The Vortex team is very aware of these threats and makes network security an integral part of every project, whether that’s including our own security experts in a full staffing scenario or collaborating with your on-staff security team during an SAP setup or upgrade.

This brings us to the second key area of digital security–SAP capabilities, our sweet spot. A core feature of SAP is that it helps to establish baseline security patterns, then detects when there are variations from those base guidelines. SAP is loaded with inherent process-based security capabilities that work toward detecting and preventing fraud and architecture issues:

  • Optical Scanning Tools, used in tandem with AI for managing and securing invoicing practices
  • Dispute Management tools for detecting irregularities in disputes or payments
  • Quality Management and audits for dealing with claims that there is an issue with your product quality
  • Accounts Receivable and Incoming Payments tools for analyzing who you owe and who owes you
  • Tools for detecting Internal Issues, such as identifying “bad apples” who may be trying to defraud the company
  • Tools for detecting Money Routing Irregularities by visualizing patterns where company money is moving

Machines and systems can recognize patterns in a way that humans cannot. Humans have the ingenuity, once these critical pieces of information are identified, to see things from different angles and make sense of situational information based on experience and expertise. It’s the experience of our senior leadership team and vast network of consultants that allows Vortex to recognize capabilities and apply them in unique ways for the benefit of our clients.

Network security and SAP capabilities are 2 of the 4 critical areas SAP Cloud symbol for network securitycomprising your holistic security architecture, and when discussing these, there’s another topic that cannot be excluded from the conversation–understanding security of cloud vs. on-premise. Simply said, the more you go on-premise with your SAP investment, the more SAP performance ability you give up. The powerful SAP cloud platform has stronger capabilities and is a sound, secure choice for your business in the long term.

What questions do you have about network security for SAP? Drop us a line or reach out on social media: LinkedIn and Twitter. Tune in for the next in our series on digital transformation security, where we’ll discuss GRC and physical security, coming soon here on the Vortex Consulting blog.