Today's enterprises act on an increasingly global scale. Their business & technology processes have become more and more complex and require a more comprehensive integration of systems, processes, People and Data across system boundaries and beyond. Spectacular crashes such as Enron and the Banking & Financial system in the US have made regulators pass tough legislations and now this has become a global norm.

We know that employees who store and deal with business data operate the SAP ERP and all underlying systems that deliver information (Financial, HR processes etc.). It is this exact data that forms an essential part of an enterprise's value and thus is considered to be an asset. Employees who use the information within their business processes can read, modify and print data on a daily basis, and systems are set up to support this, which is normal. But the new angle to take into consideration is what happens when an unauthorized person gains access to sensitive data? What is the impact of critical financial, IP related information if or when it leaks out?

SAP now provides a product in the Identity Management (SAP IdM) area that allows for active management of all users and authorizations within an SAP run enterprise, ensuring complete data & access governance. Prior to the introduction of SAP IdM, SAP users managed their ABAP and JAVA systems using CUA – Central User Administration. The new product – SAP IdM , allows for the management of user data, user accounts and authorizations of systems not only on the SAP Platform but also on the entire heterogeneous landscape.

The reasons for implementing SAP IdM are very compelling:

  1. To comply with laws and external audits
  2. To reduce security risks
  3. To reduce costs through automation and process optimization
  4. To manage the lifecycle of an identity in the enterprise

 

 

We will discuss the detailed functionality and features of the SAP IdM solution in my next blog. Meanwhile. I will leave you with a high level architecture of the SAP IdM as food for thought.

Author

Dr. Jagan Nathan Vaman PhD CGEIT CISA
Chief Consulting Officer
Aujas Risk Management Services