Internet Domain Names

Thank you for visiting this page. You may have reached it because the website you have visited has been discontinued. Please contact us if you think that the site should be re-instated or if you are interested to purchase or lease the domain for your business or blog.

Available domain names are:

  • Home4SAP.com
  • SAP-Directory.com
  • SBC-Directory.com
  • sapsecure.net
  • help4sap.com
  • jobs4sap.com
  • erpsecure.com
  • erpreviews.com

Thank you!

ERPM Executive Reporting

The true power of ERP Maestro™ Access Analyzer® lies in its reporting abilities for Segregation of Duties (SoD) and Sensitive Access conflicts. Each report is designed to help users make decisions regarding conflict risks that will facilitate and accelerate remediation.  This is an overview of the five key reports used to detect potential conflict risks when monitoring and auditing SAP access.

Read more by downloading the entire whitepaper or contact us for more information or a demo:

Please do not use this form for unsolicited offers as these are considered as spam and are deleted immediately.

Name
eMail
Company
Website

Message:

Code:

Please prove you are human by selecting the Tree.

ERPM Access Analyzer

In most organizations utilizing ERP systems, the segregation of duty (SoD) controls necessary to prevent fraud and pass corporate audits is managed through unreliable, manually-built tools. Manual management of access controls is a resource-draining and expensive process that is prone to human error and doesn't guarantee compliance – or resolution of risks.

ERP Maestro™ Access Analyzer® automates SoD access controls in a cloud-delivered subscription service. Users can expedite the identification of their access control conflicts, remediate internal control violations quickly and become compliant without the need for large capital projects.

Read more by downloading the entire whitepaper or contact us for more information or a demo:

Please do not use this form for unsolicited offers as these are considered as spam and are deleted immediately.

Name
eMail
Company
Website

Message:

Code:

Please prove you are human by selecting the House.

ERPM Preventative Controls

If appropriate detective controls are in place, what are you doing to prevent those risks from creeping back?  Emergency Access Controls and Secure Provisioning are two essential parts of ERP Maestro's access controls suite. These features leverage automated workflows to save your team time and prevent potential access risks from occurring in the first place, keeping your organization compliant with external auditors.

Read more by downloading the entire whitepaper or contact us for more information or a demo:

Please do not use this form for unsolicited offers as these are considered as spam and are deleted immediately.

Name
eMail
Company
Website

Message:

Code:

Please prove you are human by selecting the Tree.

Help us Help You

It is this time of the year for many companies: Everybody is nervous, stressed as the auditors are in, requesting countless documents you may or may not have.

External auditors are breathing down my neck…
I
need to get them on-time, accurate reports.

Many hours are spent digging into data, producing reports, generate data dumps for the auditors. Once they get the information, more countless man hours are spent providing additional information as the sampling did not produce the auditors were looking for.

Monitoring SoD security is tedious and reactionary.

Most of companies struggle or fail their audits because of the following challenges:

  • too many SoD violations
  • change control issues moving program changes to production that should not be there
  • the usage of your Emergency Id’s is not documented properly
  • User provisioning is done in a formal way
  • No accountability for changing user access due to lack of role ownership
  • Roles with conflicting transactions cause SoD issues
  • System Administrators and SAP Security staff have too much access
  • Manual methods are very time-consuming and require dedicated resources to pull reports.
  • Manually extracting data out of enterprise software products is complex and prone to errors.
  • Manual methods hurt the quality of the audit — often producing results with false positives, creating re-dos and more work for auditors.
  • Risks are managed mostly during the periodic audits and not proactively

This is just to mention a few. The most important issues, however ,that many companies have not kept up to date with SAP Security architecture for the following reasons:

  • SAP had been rolled out and the implementer has left the project without proper hand-over
  • Company has merged or business has been divested without considering SAP Security properly
  • Using of one-fits-all resource doing SAP Security, Basis and other chores at the same time
  • Business has changed and SAP Security has been patched as the original design doesn’t meet the new requirements
  • Users have changed position and new access has not been re-certified again but new roles have been added to previous job description
  • User access has been copied from user to user rather than redefined during on-boarding process

We are here to help you to make sense out of your SAP Security Landscape. Let us schedule a free discovery call to find out what your issues are and discuss what your option are.

We are now asking you to help us so that we can help you! As simple as that.

Our goal is to offer affordable solutions to SAP Customers that do not have the luxury of having a big SAP Security / Basis team. Sometimes small changes to your daily activities an free up more time for your team to perform tasks that are business critical and help them to focus on what is important.

If your main issue is a lack of a GRC solution to perform regular SoD analysis, including a pro-active SoD analysis before access is granted and/or manage your Emergency Requests, you may want to consider our State of the Art subscription based solution.

Identify Segregation of Duties Access Conflicts in Minutes

Having the proper Segregation of Duties (SoD) policies in place is only one small piece of the compliance puzzle. Reporting and auditing on SoD access in SAP® is a large, virtually impossible undertaking without the proper reporting tool. Meanwhile the need to identify potential access conflicts is required as part of the auditing process – and is even the law for public companies subject to Sarbanes-Oxley (SOX) legislation.

Segregation of Duties Analysis is a central feature of ERP Maestro’s online reporting service. The Conflict Risk Overview and User Conflict Matrix are two key reports that use 100% of SAP user data to provide business process owners (BPOs) all the visual intelligence they need to:

  • Quickly identify all potential access conflicts – not just a sample
  • Breaks down conflicts by risk level
  • Pinpoint conflicts from overused or underused access
  • Begin the remediation process immediately

Did this article trigger some interest? If yes, feel free to contact me and let me know how we can help you.

Authorization Help

Security Administrators Get the Data They Need When They Need It

AT A GLANCE

Streamline Authorization Requests and Eliminate Research Headaches Authorization Help from Security Weaver reduces the time and energy security administrators spend to resolve access issues. Authorization Help enables both IT teams and end users to be more productive because it automatically captures and shares contextual information, determines the most appropriate roles to be assigned to users, and recommends to both IT and end users peers and model users who currently have the required access.

KEY BENEFITS

Increased Productivity: Authorization Help dramatically reduces the frequency of issues and the time needed to resolve them by capturing relevant information, including both error messages and user activities, and then recommending courses of action to both security administrators and end users. Rich data automatically collected and consistently formatted allows for faster identification of the exact access issue and less disruptive communication between IT and users.

Improved User Satisfaction: Too often security policies delay operations.  Authorization Help recommends peers in the user's department who have the necessary access, allowing users to get pressing work done in parallel with having their access request processed.  Authorization Help is also intelligent enough to hide peer recommendations when the request would constitute a segregation of duties (SOD) conflict or sensitive access.

Improved Role Design and Reuse: Authorization Help's model user identification and role recommendations allow administrators to quickly determine if there is an existing role that would appropriately solve an access issue.  These recommendations, coupled with the robust data automatically collected by Authorization Help, increases role reuse, reduces testing issues, and facilitates role design improvements.

Download the entire whitepaper or contact us for more information:

Please do not use this form for unsolicited offers as these are considered as spam and are deleted immediately.

Name
eMail
Company
Website

Message:

Code:

Please prove you are human by selecting the Cup.

Security Weaver Validation Workbench

Reduce the time, complexity, and costs of authorization testing

AT A GLANCE

Efficiently address authorization issues before they get into production Validation Workbench from Security Weaver reduces the time it takes to test authorizations and roles while simultaneously improving control over access in production systems. It is an ABAP solution that runs within the SAP environment and thus requires no additional hardware, middleware, or special maintenance skills.

ELIMINATE PAIN

Avoid the tedious and time-wasting requirements associated with authorization testing Access issues can be showstoppers for a business and can determine how users judge the quality of IT. Because complex role designs and missing role assignments are often the reasons behind access issues, they are on the critical path for solving access related problems.

However, because role designs and assignments are considered configuration items, any changes to them need to follow a proper release process, regardless of the time required. For those IT teams who wish to minimize highly visible access issues, authorization testing is mandatory.

However, testing is expensive and can create its own challenges. For example, even before authorizations and roles can be tested, a test  environment must be created. This requires creating test user accounts across systems, establishing passwords that must be changed by testers, and then remembered, reset, and synchronized across systems throughout the testing period. Further challenges arise because of the constant need for communication and coordination between IT operations teams, security teams, and the end users doing the testing. Communication and coordination are hindered, schedules delayed, and tests skipped because of the inevitable ambiguity of what is in scope to be tested, the tediousness of some  tests, and the lack of a single repository for reporting status and capturing issues.

Read more by downloading the entire whitepaper or contact us for more information or a demo:

Please do not use this form for unsolicited offers as these are considered as spam and are deleted immediately.

Name
eMail
Company
Website

Message:

Code:

Please prove you are human by selecting the Star.

SAP Security Assessment

We now offer SAP Security Assessments and subscription based Risk Analysis.

If you run an ERP system such as SAP, it is critical to consider your security design proactively rather than fixing issues year after year when the auditors point out that users have serious SoD conflicts. To prevent this from happening, you need a sound SAP Security strategy. This applies most importantly for new SAP implementations, when SAP Security needs to be taken into consideration early on, as well as if your business is transformed due to mergers, reorganizations and new acquisitions. Organizational changes happen all the times and you need to be flexible enough to address these changes by maintaining your users risk free without huge overhead.

read more….

9 deadly sins in SAP Security

by Andreas Wiegenstein, Virtuall Forge

There are probably a million things SAP customers can do wrong, when it comes to SAP security.

I have collected the most critical mistakes my team has observed in SAP Penetration testing projects over the past 10 years.

Here is the definitive list of the most deadly sins:

1. Hard-coded SAP* user active

The moment a malicious user gets a network connection to a login mechanism of your SAP system (e.g. SAP GUI, BSP, Web Dynpro, RFC) he can login with the hard coded username (‘SAP*’) and password (‘PASS’), gaining SAP_ALL privileges and has full control of the SAP system. Continue reading 9 deadly sins in SAP Security

Why you need a SAP Risk Assessment

For smaller companies, purchasing and implementing a GRC solution can be very costly. However, not being compliant and having a lot of risks can be more costly over time if someone with excessive access commits fraudulent activities.

During one of our assessments, we noticed that one of the system administrator wanted to give access to a transaction that allows to maintain data to a end-user who requested that specific transaction, but believing it was a display transaction. Most likely, the user did remember an incorrect transaction code as the one the user requested is not related to what the user wanted to do.

The administrator suggested to give access to the transaction anyways as the user may need it and that someone may have suggested this particular transaction. The access had been approved by a VP was another reason why the admin wanted still go to ahead with this request. Today, this transaction may not be an issue as the user will request another one after finding out that the transaction was not what they really wanted. The bad thing about this is, that new transactions are introduced which the user may never need and may cause Segregation of Duties conflicts down the road and cause additional usage analysis cleanup efforts in the future.

If this sounds familiar, you may want to consider a complimentary Risk Analysis for up to 100 users to see how many risks your organization has. Please contact us for more information.