Mastering SAP Conference – 21 to 22 July 2022
Live is back! Soterion will be at the in-person Mastering SAP event hosted by the Eventful Group in Melbourne.
We are planning a sweet surprise at our stand so come and visit us at our stand!
In partnership with the Mastering SAP, Dudley Cartwright, Soterion CEO, will be hosting a session with Karen Maier from DXC on SAP User Access Provisioning (IAM vs GRC solutions) discussing and debating the options available to GRC/security practitioners.
Ben Murphy, IT Architecture Manager at SunRice Group will be discussing how SunRice adhered to compliance requirements and how they expanded their GRC footprint in the SAP space with Soterion.
More about the event:
More about our presentations:
Presentation 1: SAP User Access Provisioning (IAM vs GRC) – Understand your options
This topic will be hosted by Dudley Cartwright, CEO of Soterion and Karen Maier, Senior Consultant at DXC
Assigning SAP user access via an Identity Access Management solution versus the Access Control (GRC) solution. The pros and cons of both provisioning methodologies, as well as when to consider a hybrid approach. Identity Access Management solutions can bring about great efficiencies in the user access provisioning process but are less well equipped to identify access risk. On the other hand, access control solutions are well equipped to identify access risk but are less powerful at user provisioning.
What you’ll learn in this session:
In this session we will discuss some scenarios where the benefits of provisioning SAP access using an IAM solution outweigh that of GRC solution, as well as other scenarios where provisioning access using the Business Role concept (of the access control / GRC) solution are more beneficial than that of the IAM solution.
Gain an understanding of the advantages / disadvantages of each solution for user provisioning and user access reviews with an understanding of your organisation’s business objectives, be in a position to recommend the most appropriate provisioning strategy for your organisation
Presentation 2: Scaling the SunRice group’s security landscape for change
This topic will be presented by Ben Murphy, IT Architecture Manager at SunRice Group
In April 2019, the SunRice Group listed on the ASX. To adhere to the stringent compliance requirements that came along with that listing SunRice reviewed and expanded their GRC footprint in the SAP space. Already using the Access Risk Manager tool from Soterion to control their Segregation of Duties (SOD) risks, SunRice have now implemented the Elevated Rights and License Auditing modules from the same suite of products.
SunRice recently instigated a role review with the aim of tidying up over 20 years of role development and better structuring roles in preparation for the arrival of SAP S/4HANA. The review achieved tighter control of SOD risk without needing massive systems, enablement of production troubleshooting for the functional and Basis teams in a user and auditor friendly way, streamlined annual SAP License audit process and a reduction in SAP Professional license allocation.
Ben will explain:
- Why you don’t need to write your own SOD/GRC tool! (Your ABAPers may be awesome, but they can do better things with their time)
- You may not need as many SAP Professional Licenses as you think you do
- The next time your auditors ask you about your IT Team’s access in Production, be ready.
About Mastering SAP
The Mastering SAP conference is a platform for customers, partners, and technology experts to gather, find answers to pressing challenges, showcase solutions, and demonstrate how to harness the power of SAP.
Mastering SAP provides a forum for Security professionals to discuss: Security Awareness, Ownership & Accountability, SAP Identity Access Management (IAM) & Access Governance, Data Privacy, Protection and GDPR, Secure by Design, Security and the Cloud and Development Security.
We look forward to connecting with everyone in the Melbourne.
How can Soterion Help You?
Soterion is the market leader in business-centric GRC. By converting the technical GRC language into a language the business users can understand, we facilitate business buy-in and accountability.
Read more about our offerings. Soterion’s GRC modules include Access Risk Manager, Basis Review Manager, Elevated Rights Manager, Periodic Review Manager, Password Self-Service, and SAP Licensing Manager.
Feel free to email us on [email protected]. Let us help you take your GRC to the nexts