Date post: | 19-Dec-2015 |
Category: |
Documents |
View: | 221 times |
Download: | 5 times |
Rick Killpack
Senior Product Manager
Identity and Security
Novell, Inc.
sample for a
picture in the title
slide
SAP and Novell: Extending IT Governance and Compliance
Agenda
• Addressing Today’s GRC Challenges
• The Solution in Action
• Why the Novell/SAP Joint Solution?
Cost Competition
Co
mp
lian
ceC
om
plexity
Determining“Who has access
to what?”
LoweringIT Management
Costs
EliminatingSecurity
Vulnerabilities
AddressingComplianceDemands
IntegratingDisparateSystems
ReducingDuplicated Processes
Enablinga Mobile Workforce
Gaining Insight
Into Risk
Addressing Risk ManagementRequirements
Challenges Surround the Enterprise
PerformancePerformance
• Improves business predictability• Automates and enforces common controls while providing transparency to business processes across the enterprise
• Improves business predictability• Automates and enforces common controls while providing transparency to business processes across the enterprise
The Solution In ActionAssuranceAssurance
• Lowers audit risk and increases compliance• Offers customers a new level of confidence that the right controls are in place so only authorized employees have access to sensitive business information
• Lowers audit risk and increases compliance• Offers customers a new level of confidence that the right controls are in place so only authorized employees have access to sensitive business information
SimplificationSimplification
• Ensures enterprise-wide policy synchronization• Eliminates resource silos which produce inefficiencies• Automates the process of discovering and remediating high-risk business problems
• Ensures enterprise-wide policy synchronization• Eliminates resource silos which produce inefficiencies• Automates the process of discovering and remediating high-risk business problems
Business Relevance Meets IT Assurance
Problem: The CIO Cannot Provide Business-Relevant Risk Data to the CFO
Toni
CIO
The enterprise is setup with distributed security domainsIssue: Volumes of disparate data make it hard to assess the risk to the enterprise
Convert Raw Data into Information that Provides Full Visibility
Monitor all events in the enterprise, injecting identity into access events and correlating those to defined business processes and key risk indicators (KRIs).
Problem: The CIO Wastes Resources on Duplicate Efforts
Toni
CIO
PCI SOX Privacy … Information Security 3rd Party HIPAA
Line of Business Corporate IT
Functional Leads
Compliance Managers Legal Audit
Information Security
Service/ Arch Leads
Compliance Managers
Enterprise groups demand the same data from IT in separate requests
Issue: Duplication of efforts consume IT resources and create inconsistencies for the business
Enterprise groups demand the same data from IT in separate requests
Issue: Duplication of efforts consume IT resources and create inconsistencies for the business
Map controls to defined objectives and processes as well as mapping the process to business owners.
Eliminate Duplication of Controls
Cost ImpactBy the Numbers
Average cost to manually map controls
US$5,300 per control per year
- Source: PricewaterhouseCoopers
Problem: The CIO Cannot Sustain Compliance Demands
Toni
CIO
App Owner
User Entitlements & Security Controls
ProcessesRoles
UsersAudit
App OwnerApp Owner App Owner
Mainframe
Exchange Server
Site 1
ProcessesRoles
UsersAudit
ProcessesRoles
UsersAudit
ProcessesRoles
UsersAudit
PeopleSoft HR DB
Exchange Server
Site 2
SOAP
Exchange Server
Site 3
Java App
Exchange Server
Site n…
User Entitlements & Security Controls
User Entitlements & Security Controls
User Entitlements & Security Controls
Auditor
The enterprise is structured with siloed security domains
Issue: The sheer volume of disparate processes makes it costlyto provide compliance-related data
The enterprise is structured with siloed security domains
Issue: The sheer volume of disparate processes makes it costlyto provide compliance-related data
Automate and enforce common controls while providing transparencyto business processes across the enterprise.
Processes Users
Roles Audit
User Entitlementsand Security Controls
Contain Compliance Costs Through a Sustainable Infrastructure
App Owner App OwnerApp Owner App Owner
Exchange ServerMainframe SOAP PeopleSoft HR DB Java App
Auditor
Cost ImpactBy the Numbers
Average cost savings of automation
US$10,936 per 100 users per year
- Source: IDC analysis of Novell IDM Technology
Building the Crucial Bridge Between Strategic Applications
Strategic Business Applications
Strategic Business Applications
IT SystemsIT Systems
IT InfrastructureIT Infrastructure
IT ProcessesIT Processes
Novell Compliance Management
Platformextension for
SAP environments
SAP BusinessObjects
SAP ERP
SAP NetWeaver
HCM FIN OPS
Process Control
Risk Management
Access Control
New Accounting ManagerRole-Based Access to SAP System
Business Role: Accounting Manager
ERP FinancialsRole: AM1
• ReviewPmt
BPCRole: Fin23
• CreateFinFile
Active DirectoryRole:
ADAcctMgr• AccessFinFile
SAP PortalRole:
AcctMgr1• ViewReports
SAP Portal
Bill
Accounting Manager
I need to see the latest
financial reports
Bill goes into the Financial Reporting Area of the SAP Portal to see historical reports that show trends and other information.
New Accounting ManagerRole-Based Access to SAP System
Business Role: Accounting Manager
ERP FinancialsRole: AM1
• ReviewPmt
BPCRole: Fin23
• CreateFinFile
Active DirectoryRole:
ADAcctMgr• AccessFinFile
SAP PortalRole:
AcctMgr1• ViewReports
SAP Portal
Bill
Accounting Manager
I need to see the latest
financial reports
These reports are stored on a SharePoint portal system. A link in the SAP Portal takes users to the page for viewing the historical reports.
New Accounting ManagerRole-Based Access to SAP System
Business Role: Accounting Manager
ERP FinancialsRole: AM1
• ReviewPmt
BPCRole: Fin23
• CreateFinFile
Active DirectoryRole:
ADAcctMgr• AccessFinFile
SAP PortalRole:
AcctMgr1• ViewReports
Bill
Accounting Manager
Why don’t I have access?
Bill clicks the link to view the historical reports, but finds he does not have access.
SAP Portal
New Accounting ManagerRole-Based Access to SAP System
SAP Portal
Business Role: Accounting Manager
ERP FinancialsRole: AM1
• ReviewPmt
BPCRole: Fin23
• CreateFinFile
Active DirectoryRole:
ADAcctMgr• AccessFinFile
SAP PortalRole:
AcctMgr1• ViewReports
Bill
Accounting Manager
Why don’t I have access?
Instead of showing an “access denied” message, the Compliance Management Platform asks Bill if he would like to request access.
New Accounting ManagerAccess Request
Business Role: Accounting Manager
ERP FinancialsRole: AM1
• ReviewPmt
BPCRole: Fin23
• CreateFinFile
Active DirectoryRole:
ADAcctMgr• AccessFinFile
SAP PortalRole:
AcctMgr1• ViewReports
Bill
Accounting Manager
I guess I will request it.
Bill requests access by providing the necessary information in the request form, and then submits it for approval.
CMP
New Accounting ManagerRequest Approval
CMP
The Compliance Management Platform sees Bill’s access request and sends it to SAP Risk Analysis to check for SoD violations.
SAP GRCAC
New Accounting ManagerRequest Approval
CMP
The results from the check show no SoD violations.
SAP GRCAC
New Accounting ManagerRequest Approval
I don’t see issues with giving him
access.
John
Controller
Access Request
System: SharePoint
Complete tasks assigned by my manager.
Requestor: Bill
Reason for Request:
Approve
Reject
CMP
Bill’s boss, John, sees Bill’s access request for the SharePoint system and the results of the SoD check. He approves the request.
SAP GRCAC
New Accounting ManagerGranted Access through Bill’s Automated Role
Bill
Accounting Manager
Wow, that was fast. I am glad that there is not a lot of red tape in this organization.
Business Role: Accounting Manager
SharePointAccess: Approved
Bill receives notification that he has been granted access to the SharePoint system.
New Accounting ManagerGranted Access through Bill’s Automated Role
SAP Portal
Bill
Accounting Manager
Wow, that was fast. I am glad that there is not a lot of red tape in this organization.
Business Role: Accounting Manager
SharePointAccess: Approved
Bill clicks the “View Historical Reports” link in the SAP portal. He finds that he is now properly provisioned to begin working with the reports in the SharePoint system.
A Best-in-Class Joint Solution
• Enterprise control enforcement (passwords, rights, roles)
• Automate and enforce business security process
• Continuous controls monitoring of user access to enterprise resources
• Provides risk analysis and compliance processes across the enterprise
• Control user access within the SAP application
• Increase productivity for managed compliance
• Manage process for compliance and risk remediation
• Continuous controls monitoring for applications
Compliance Management
Platform
The joint solution extends identity and security
information across SAP and non-SAP systems.
SAP GRC
The Novell Difference
Proven Interoperability
Novell is the first and only vendor to provide SAP-certified integration for all technologies required to provide IT Governance solutions:
• Identity Management integration with SAP GRC• User Provisioning integration with NetWeaver• SIEM integration with NetWeaver Audit and
Monitoring• LDAP Authentication integration with NetWeaver
Looking Forward
2007: SAP and Novell deepen a long-standing
partnership with a focus on Linux
2009: CMP becomes the first solution certified with
Access Control
2010: Integration with Process Control,
Risk Management
The Novell Difference
Innovation and Leadership
User Provisioning
Web Access Management
Security Information and Event Management