Enterprise First, Second or Last?
Many customers are busy managing their SAP GRC Application on their SAP infrastructures which run their financial operations. When Sarbanes Oxley Compliance was the main driver, the financial systems were always the ones in scope. Part of the GRC journey is extending segregation of duties to other systems in the SAP infrastructure, like HR, CRM, and BI platforms. All these require additional connectivity to help normalize the diverse security models as well as transaction models used by Governance Risk and Compliance Solutions.
If customers only look at the extension to other systems strictly from an Access Risk perspective the Enterprise reach of the program outside the financial scope is usually a nice-to-have and considered the last thing on the priority list. However, if we extend the purpose to help manage risks beyond the Financial Scope, it becomes very important to have an enterprise reach. The annual IBM risk study of 1800 firms confirms that operational risks in the enterprise are much bigger and frequent occurrences. In addition the operational risks are top of mind for Executive Management.
There are many customers who have extensive end-user applications which are not even included in their IT infrastructure but are valued for everyday operations. The ultimate goal is to manage risk across all these diverse areas. If we consider what part of the program is most basic to our long-term goals, then Enterprise Reach becomes the first priority. Even securing all the data in the enterprise has become a challenge with the move to the cloud and on-demand applications which reside outside the normal infrastructure confines of organizations.
Here are some products that enable the reach to many systems and computing islands in your infrastructure:
DB Luminous is a recent product on the market which helps identify Unique Data Elements across multiple data bases. Companies who are concerned about the treatment of certain data once it leaves the controlled source systems should explore this product. http://www.dbluminous.com/
Greenlight’s Design Studio supplies integration to normalize not only security models but also transaction models for ease of analysis and monitoring. Often this is thought of after Access and Control Solutions are purchased, but it should be the primary part of any company with complex environments. http://www.greenlightcorp.net/rta-design-studio
If you have others that have helped you, post them on our Customer Forum.
Assorted Members of the CAG Team providing insightful information on current topics related to GRC, Security, and Audit.