2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc...
-
Upload
expertum-consulting-excellence -
Category
Documents
-
view
171 -
download
0
description
Transcript of 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc...
![Page 1: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/1.jpg)
Process Automation and Cost Savings with
SAP GRC Access Control
the Tenneco case
Sigrid Conix
Tenneco
1
Chris Walravens
Expertum
SAPience.be TECHday ‘14
![Page 2: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/2.jpg)
Agenda
SAPience.be TECHday ‘14 2
The Players
SAP GRC Access Control
HR Triggers
Role Request Process (PMU)
Periodic Review Automation
Benefits
![Page 3: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/3.jpg)
Tenneco
SAPience.be TECHday ‘14 3
![Page 4: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/4.jpg)
Tenneco
SAPience.be TECHday ‘14 4
![Page 5: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/5.jpg)
SAPience.be TECHday ‘14 5
![Page 6: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/6.jpg)
Expertum
History
• Founded in April 2006 by 2 ex-SAP BeLux employees
• Partnerships
Today
• Team of 50+ SAP Experts and Project Managers
Mission
• Exceed client expectations by providing top-quality expertise
• Provide our people a safe environment for personal and professional growth
Strenght
• Highly skilled & experienced SAP consultants in all SAP areas, combined with a
wide industry knowledge in several domains
SAPience.be TECHday’13 6
![Page 7: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/7.jpg)
Expertum
SAPience.be TECHday’13 7
Knowledge Management
- Product & Service
Development
![Page 8: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/8.jpg)
Agenda
SAPience.be TECHday ‘14 8
The Players
SAP GRC Access Control
HR Triggers
Role Request Process (PMU)
Periodic Review Automation
Benefits
![Page 9: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/9.jpg)
SAP GRC Access Control
SAPience.be User Day ‘14 9
![Page 10: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/10.jpg)
Already Implemented…
Analyze & Manage Risk functionality (Phase 1)
• Already used to monitor 4 productive backend systems
• Worldwide systems
• Dashboards used on a daily basis
• Merged 4 rulesets into one single ruleset, but still considering
the specifics of each system
Emergency Access Management
• Was already set up, but in a limited way
• Extended the implementation to full scope, meaning:
• Multiple FF-IDs per backend system
• Specific authorizations per FF-ID
SAPience.be TECHday ‘14 10
![Page 11: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/11.jpg)
Agenda
SAPience.be TECHday ‘14 11
The Players
SAP GRC Access Control
HR Triggers
Role Request Process (PMU)
Periodic Review Automation
Benefits
![Page 12: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/12.jpg)
HR Triggers
Automatic creation of user-Ids
• IT 0105 / 0001 is the trigger
• An ABAP on the backend system automatically creates:
• The user-ID using the correct naming convention
• The e-mail address with the correct naming
• Creation of an employee in the HRM system triggers the
creation of a user-ID on SAP GRC
• As from that moment the new user can start requesting
access to other backend systems
SAPience.be TECHday ‘14 12
![Page 13: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/13.jpg)
HR Triggers
Automatic termination of user-Ids
• Delimiting IT 0105 / 0001 is the trigger
• The accesses are automatically revoked on all backend
systems
SAPience.be TECHday ‘14 13
![Page 14: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/14.jpg)
HR Triggers
Position changes of employees
• Whenever an employee changes positions within HR a role
change request per system is triggered and sent to the user
• The current role assignments are automatically delimited to
30 days in the future
• The current role assignments are sent to the end user to:
• Keep / remove existing role assignments
• Add new roles for the new position
• Subsequent flow is identical to the regular PMU flow
SAPience.be TECHday ‘14 14
![Page 15: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/15.jpg)
Agenda
SAPience.be TECHday ‘14 15
The Players
SAP GRC Access Control
HR Triggers
Role Request Process (PMU)
Periodic Review Automation
Benefits
![Page 16: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/16.jpg)
Role Request Process (PMU)
Any user (worldwide) can request roles
• The end user is forced to run a risk analysis to create awareness
Supervisor approval
• Of the requester
• The risk analysis at this level is also mandatory
• The request can not be approved with open risks
• The supervisor needs to:
• Either remove risks
• Propose a mitigating control
SAPience.be TECHday ‘14 16
![Page 17: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/17.jpg)
Role Request Process (PMU)
Data owner approval
• The role owners need to give their approval as well
Plant Controller approval
• When (new) risks occur
• The Plant Controller needs to approve the risk mitigation
SBU Controller approval
• Final approval of mitigations
SAPience.be TECHday ‘14 17
![Page 18: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/18.jpg)
Role Request Process (PMU)
Mitigating control approval
• In case a new mitigating control is needed
• The request is routed towards the mitigating control
administrator
SAPience.be TECHday ‘14 18
![Page 19: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/19.jpg)
Agenda
SAPience.be TECHday ‘14 19
The Players
SAP GRC Access Control
HR Triggers
Role Request Process (PMU)
Periodic Review Automation
Benefits
![Page 20: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/20.jpg)
Periodic Review Automation
User Access Reviews
• Most common periodic review
• Data / role owners are requested to review the role
assignments
• In case the assignment needs to be revoked, the de-
provisioning is performed automatically
SAPience.be TECHday ‘14 20
![Page 21: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/21.jpg)
Periodic Review Automation
Critical Access Reviews
• This type of review is risk based
• A specific ruleset with only critical access is used
• In case risks need to be removed, root cause analysis needs
to determine what roles to remove
SAPience.be TECHday ‘14 21
![Page 22: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/22.jpg)
Periodic Review Automation
Mitigating Control Re-certification
• In this review the mitigations are reviewed
• To ensure that no invalid mitigations remain in the system
SAPience.be TECHday ‘14 22
![Page 23: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/23.jpg)
Agenda
SAPience.be TECHday ‘14 23
The Players
SAP GRC Access Control
HR Triggers
Role Request Process (PMU)
Periodic Review Automation
Benefits
![Page 24: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/24.jpg)
Benefits
Manual user administration and role provisioning is reduced to
an absolute minimum
Communication between HR department and Entitlement
team is automated in the system
The request and approval process is highly standardized and
automated
Risk awareness is created thoughout the company
SAPience.be TECHday ‘14 24
![Page 25: 2014 10 08 expertum - sapience tech day 2014 - process automation and cost savings with sap grc access control - the tenneco case](https://reader033.fdocuments.net/reader033/viewer/2022060110/5560d2b8d8b42a13088b5225/html5/thumbnails/25.jpg)
Thank you!
SAPience.be TECHday ‘14 25
Sigrid Conix Global IT Security / Risk Management Tenneco
+32 475 89 48 77 [email protected] www.tenneco.com
Chris Walravens GRC Community Lead Expertum
+32 474 475 983 [email protected] www.expertum.net