Solving SAP Application Access and Security Challenges with an Identity-Infused Enterprise

Similar documents
Minimize Access Risk and Prevent Fraud With SAP Access Control

How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions

Business-Driven, Compliant Identity Management

Automated User Provisioning

BUSINESS-DRIVEN, COMPLIANT IDENTITY MANAGEMENT USING SAP NetWeaver IDENTITY MANAGEMENT

Security management solutions White paper. Extend the value of SAP investments with Tivoli security management solutions.

Strengthen security with intelligent identity and access management

Sage ERP I White Paper. An ERP Guide to Driving Efficiency

Unleash the Full Value of Identity Data with an Identity-Aware Business Service Management Approach

Identity Access Management: Beyond Convenience

Security management White paper. Develop effective user management to demonstrate compliance efforts and achieve business value.

ACCELERATE INTERNATIONAL EXPANSION WITH ERP. Building a Cost-Effective Foundation to Enable Growth

How can Identity and Access Management help me to improve compliance and drive business performance?

The Role of Password Management in Achieving Compliance

Successful Real-World Implementations of Identity and Access Management

SAP Solution in Detail SAP NetWeaver SAP NetWeaver Identity Management. Business-Driven, Compliant Identity Management

Simplify SSL Certificate Management Across the Enterprise

Dell Mobile Clinical Computing

Quest One Identity Solution. Simplifying Identity and Access Management

Business-Driven, Compliant Identity Management

How can Content Aware Identity and Access Management give me the control I need to confidently move my business forward?

Provide access control with innovative solutions from IBM.

GUIDEBOOK MICROSOFT DYNAMICS SL

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

Improve Security, Lower Risk, and Increase Compliance Using Single Sign-On

TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS

Is Your Identity Management Program Protecting Your Federal Systems?

Oracle Role Manager. An Oracle White Paper Updated June 2009

Passlogix Sign-On Platform

MICROSOFT HIGHER SOLUTION

IBM Security Privileged Identity Manager helps prevent insider threats

WHITEPAPER. Identity Access Management: Beyond Convenience

Identity & Access Management in the Cloud: Fewer passwords, more productivity

Avoiding insider threats to enterprise security

SAP Identity Management Overview

mysap ERP FINANCIALS SOLUTION OVERVIEW

Select the right solution for identity and access governance

Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland

The Four "A's" of Information Security

The Challenges of Administering Active Directory

Laserfiche for Federal Government MEET YOUR AGENCY S MISSION

CONNECTING ACCESS GOVERNANCE AND PRIVILEGED ACCESS MANAGEMENT

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

Identity and Access Management

Alleviating Password Management Demands on Your IT Service Desk SOLUTION WHITE PAPER

How Accenture is taking SAP NetWeaver Identity Management to the next level. Kristian Lehment, SAP AG Matthew Pecorelli, Accenture

SAP NetWeaver Identity Management Experiences from an Implementation at Colgate-Palmolive Company

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta Inc. 301 Brannan Street San Francisco, CA 94107

SAP ERP FINANCIALS ENABLING FINANCIAL EXCELLENCE. SAP Solution Overview SAP Business Suite

Enterprise Information Management Services Managing Your Company Data Along Its Lifecycle

Enterprise-Wide Benefits of Automated Client Onboarding

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

The top ten reasons your organization needs Snow Optimizer for SAP Software. Snow optimizer for SAP software

How B2B Customer Self-Service Impacts the Customer and Your Bottom Line. zedsuite

Transforming Human Resources with People-Friendly Technologies. Brought to you by

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet

When millions need access: Identity management in an increasingly connected world

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet

Identity and Access Management Point of View

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

<Insert Picture Here> Oracle Identity And Access Management

secure user IDs and business processes Identity and Access Management solutions Your business technologists. Powering progress

Okta Identity Management for Portals Built on Salesforce.com. An Architecture Review. Okta Inc. 301 Brannan Street San Francisco, CA 94107

The Top 5 Federated Single Sign-On Scenarios

Sarbanes-Oxley: Beyond. Using compliance requirements to boost business performance. An RIS White Paper Sponsored by:

People-Focused Access Management. Software Consulting Support Services

Lots of workers, many applications, multiple locations......and you need one smart way to handle access for all of them.

Compliance & SAP Security. Secure SAP applications based on state-of-the-art user & system concepts. Driving value with IT

Installation Guide Identity Manager August 31, 2012

Leveraging Privileged Identity Governance to Improve Security Posture

Cybersecurity and Secure Authentication with SAP Single Sign-On

Transforming Accounts Payable into a Profit Center

Research. Identity and Access Management Defined

Improve business agility with WebSphere Message Broker

How to use identity management to reduce the cost and complexity of Sarbanes-Oxley compliance*

Best Practices for Auditing Changes in Active Directory WHITE PAPER

Leave Manager X. Basic Office Online TM Software Product Details

An Oracle White Paper December Implementing Enterprise Single Sign-On in an Identity Management System

Unifying IT How Dell Is Using BMC

VoiceTrust Whitepaper. Employee Password Reset for the Enterprise IT Helpdesk

Streamlining Human Capital Management with Identity and Access Management. An Oracle White Paper December 2008

Informatica Application Information Lifecycle Management

6 Ways Social Collaboration Can Boost Employee Engagement

ORACLE PROJECT ANALYTICS

The Challenges of Administering Active Directory

HiSoftware Policy Sheriff. SP HiSoftware Security Sheriff SP. Content-aware. Compliance and Security Solutions for. Microsoft SharePoint

Managing Access for External Users with ARMS

SOLUTION BRIEF Improving SAP Security With CA Identity and Access Management. improving SAP security with CA Identity and Access Management

SAP ERP Financials SOLUTION OVERVIEW

Take Control of Identities & Data Loss. Vipul Kumra

Novell Identity Manager

SAM Enterprise Identity Manager

MAKE THE MOVE FROM IBM LOTUS NOTES AND OPTIMIZE YOUR BUSINESS APPS

IBM Security & Privacy Services

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

MICROSOFT HIGHER EDUCATION CUSTOMER SOLUTION

SOLUTION BRIEF SEPTEMBER Healthcare Security Solutions: Protecting your Organization, Patients, and Information

Administration Challenges

Transcription:

Solving SAP Application Access and Security Challenges with an Identity-Infused Enterprise Contents Introduction. 1 The Challenge of Providing Secure Access to SAP Applications 2 The Advantages of Operating with Identity at the Core. 2 The Identity-Infused Enterprise in Action. 4 Novell Identity, Security and Compliance Solutions for SAP. 7 Bridge the Gap Between Business Processes and IT Security and Controls. 8 Brought to you compliments of: Introduction Today s computing era introduces a number of challenges for SAP application owners and IT groups. A constantly changing user base needs access to mission-critical SAP applications hosted internally, on the Web and in the cloud. Yet ensuring user access can be time-consuming and labor-intensive, especially when running multiple instances of SAP applications across a large enterprise. At the same time, through the normal course of business, organizations collect large amounts of valuable information about their employees, customers and partners, and that data must be protected. As governments around the world are regulating how that data should be safeguarded, companies are seeking ways to combat business and IT risks, including enterprise risk mitigation and controls; identity and fraud management; and governance and compliance. As a result, organizations must balance appropriate access with uncompromising security. 2011 Novell

>> The Hidden Costs of Application Access Because application access management often varies by users and roles, department, division and application, organizations find themselves reinventing security and controls on a per-application basis. As companies work to upgrade their controls over sensitive information, identity plays an increasingly critical role. With it, they can manage access policies, improve their security posture and simplify regulatory compliance efforts. This paper explains how organizations running SAP applications can provide appropriate, secure access by infusing identity throughout their environments, without adding to their daily workload. The Challenge of Providing Secure Access to SAP Applications The SAP Business Suite consists of several modules that encompass a wide range of business functions, from human resources and accounting to customer and supply chain relationship management. Oftentimes, the central point of access for the modules is SAP NetWeaver, a Web-based front end for the entire SAP system. Even with a rich portal interface, enterprise-wide identity and access management for SAP and other applications presents several challenges. The foremost of these is managing user accounts across SAP modules. Many enterprises running SAP applications rely on manual processes to grant application access. Employees requiring access often need to track down the application owner, fill out paperwork, and submit it for approval and processing. With different groups managing and granting application access sometimes across far-flung offices organizations often lack a central record of all access rights associated with any single employee. This lack of centralized records makes it difficult for IT to enforce security policies when employees change positions or leave the company. In a word, this time-consuming, expensive and often inaccurate process involves entering, modifying or deleting user information repeatedly in multiple systems across the enterprise. Moreover, it s difficult to determine which employees have access to which applications at any given time. As the enterprise grows and changes to meet market demands, the challenges of quickly and accurately granting and revoking access rights grow with it. In addition, monitoring processes to ensure compliance with corporate and governmental regulations only add to the burden and costs. The Advantages of Operating with Identity at the Core When an organization decides to manage and monitor identity and access management policy in a coherent, centralized fashion, the first step is to automate user account management and related business processes. This automation begins by making the identities stored in SAP ERP systems available to other enterprise applications. The essential role of SAP applications such as SAP ERP Human Capital Management (HCM) and SAP Customer Relationship Management (CRM) in the overall lifecycle of an identity makes them a critical starting point and a key success factor in many identity management deployments. In these areas, ERP software provides the starting point for creating user identities for new employees, customers and partners alike. 2 2011 Novell

With identity at the core, organizations can enable a number of capabilities that ultimately make administrative tasks easier, help improve security and support regulatory compliance efforts. For instance (starting at the top left and moving counterclockwise in Figure 1): Figure 1. Identity at the core streamlines tasks and strengthens security measures. 1. Defining who can do what: Organizations can define what each user can do within SAP applications and other enterprise systems and applications. 2. Controlling resource access: Organizations can assign users to resources and SAP applications based on their role or relationship with the organization. 3. Identifying who is doing what: Based on the applications and systems that users have access to, organizations can monitor what they are doing within those systems, and if it s risky or out-ofpolicy activity, remediate that activity as soon as it occurs. 4. Remediating security risks: Organizations can identify and remediate security risks as they occur, not days or months after the fact. 5. Certifying user access: Organizations can certify that users have appropriate access by infusing identity into systems and processes. 6. Proving compliance: With insight into who is doing what and the ability to control and certify resource access, organizations can confidently prove to auditors that they are in compliance with regulatory requirements. Moreover, organizations can ensure all of these capabilities regardless of whether their SAP and other enterprise applications reside in physical, virtual or cloud environments. 3 2011 Novell

The Identity-Infused Enterprise in Action In this section, we ll explore four scenarios in which organizations can benefit tremendously by infusing identity throughout their environments: User lifecycle management Password management Continuous controls monitoring Access management User Lifecycle Management Let s start with a common use case: managing the identity of users throughout the lifecycle of their relationship with an organization from the time they are hired (zero-day start) to the time they leave the company (zero-day stop). To do that, the company needs to establish various roles that specify different sets of entitlements so employees get immediate access to resources based on need. If employees change roles or leave the company, their access needs to be changed based on those events. In this scenario, we ll see how a large retailer greatly simplified the overall user-lifecycle management process even with a constantly changing user base by using SAP ERP HCM as the authoritative source for identity information. The retailer s rapid growth had led to a proliferation of operating systems and applications, accessed by over 36,000 employees in 68 locations. Specifically, the company was running multiple instances of SAP and non-sap applications, including SAP ERP HCM, SAP CRM, SAP ERP Financials, e-mail, file storage and homegrown custom applications. To support its sprawling employee base, the retailer maintained multiple identity stores. Because of constant staff changes, it was continually updating these stores. But with no automated method for user provisioning and management, the IT team spent countless hours manually adding, modifying and deleting users tasks that were slow, costly and difficult to manage. >> SAP ERP HCM is a logical place to focus an identity management project, since it s often the hub of employee records. To enable efficient application access control and free up its IT staff, the company implemented an identity management solution that enabled it to manage users including revoking application access centrally from a single point of control. By allowing the retailer to create enterprise roles with specific entitlements and access rights, the solution empowered the company to provide users with role-based access to applications. Using authoritative identity data stored in master employee records within SAP ERP HCM, the solution monitors the company s other applications for any lifecycle changes, such as change of role, title, base location or employment status. As these organizational changes occur, the solution automatically grants and removes individuals IT account names and IT resource access rights, depending on the entitlements attached to the employee s job role. In addition, any employee information change is reflected across all of the applications where that information is stored, including SAP ERP HCM, SAP CRM and homegrown applications. By synchronizing identity information across multiple platforms and automating user administration, the retailer was able to increase security while cutting manual administration. 4 2011 Novell

After deploying the solution to manage enterprise-wide account deletion in a single step, the retailer then rolled out identity management across other business-critical systems, including network access, e-mail and personal file storage. Now the company can provide role-based access for users, creating standardized sets of permissions and access rights that can be changed centrally for groups of people, according to business policy. This enables fast and flexible response to new business requirements, and minimizes the administrative burden. Password Management Now let s take a more granular look at this issue by seeing how one organization addressed password management. Though the majority of companies use a username/password combination to secure access to their applications, it s not an ideal solution. Problems arise when users have dozens of unique usernames and passwords to remember. With so many credentials to remember, they may resort to writing them down or calling the helpdesk to reset them which places a huge burden and cost on the helpdesk. >> Passwords Under Pressure Approximately 80% of companies use user ID/password combinations for authenticating users, mainly due to compliance pressures. Yet only 65% 70% of companies are satisfied with passwords and recognize that they re not an ideal solution. Andras Cser, Forrester Research, Demystifying Password Management webinar, September 2010 Managing the user throughout the lifecycle of their relationship with the organization involves assigning users one or more passwords that are synchronized across the connected systems in the identity management environment. While this helps reduce the number of passwords users must remember, it s not a foolproof approach, since passwords themselves are not compatible from system to system. This was exactly the challenge facing one of the largest independent banks in the U.S. To support the firm s nearly 150,000 users including both employees and customers IT staff manually managed access to dozens of systems and applications, including SAP ERP HCM, SAP ERP Financials, e-mail and the company s intranet, to name a few. In addition to IT employing inconsistent means to manage user credentials, users had to remember multiple IDs and passwords. Moreover, because the bank operates in a highly regulated industry, it needs to ensure the security of confidential customer information. But managing customer information across multiple systems increases the potential for data inaccuracies and poses security risks. The firm implemented a single sign-on solution, covering identity and access management. With identity management, it synchronized user information across multiple systems, replacing silos of user data with a single repository for user identity information. By integrating its customerfacing applications for online banking and online cash management, the bank can now provide thousands of retail and commercial customers with a holistic view of their accounts. With centralized user identity management, customers no longer need to remember multiple IDs and passwords to access their many different services with the bank. Now customers can use single sign-on to access all applications via a portal. Plus, by creating federated identities across many internal systems and using SAP ERP HCM as the authoritative source for 3,500 employee identities, the IT team can provision new users with same-day access to applications based on their role in the organization. Providing single sign-on access for customers and employees reduced the number of passwords by 75% and reduced password-related helpdesk requests by 30%. Plus, centralized user management lowered IT administration time by 25%, while greatly improving data accuracy 5 2011 Novell

>> Best Practices for User Lifecycle Management Automate user management tasks to efficiently address zero-day starts and stops Centralize user identity information in a single identity vault Use an HR application (like SAP ERP HCM) as the authoritative source for identity information Manage users consistently across SAP and non-sap applications Harmonize usernames to gain a consolidated view of user access Leverage roles to make sure users get appropriate access to resources Synchronize passwords to eliminate password headaches Allow users to manage and change their own passwords and security, making it possible for the bank to complete its audits significantly faster and react quickly to new regulatory requirements. Continuous Controls Monitoring Identity information enables continuous controls monitoring a combination of identity and access management policies (who should have access to applications) with security management data (who is accessing organizational resources). This blend helps close the gap between what should be happening based on established controls and what is happening. With this insight, organizations can stop users who try to circumvent established organizational policies and controls, and maintain compliance. Gaining a complete picture into who is doing what activity is an especially useful approach for detecting and remediating risky activity. By determining whether a user should be engaged in a particular activity based on policy, organizations can stop unwanted behavior and satisfy compliance requirements. Let s look at a use case involving an IT service provider for the German insurance industry, which continuously monitors user activity to achieve better security and support its compliance initiatives. In its work with large insurance companies, the company needs to provide over 22,500 users with reliable, secure access to business-critical systems, including SAP HCM, SAP CRM, IBM Lotus Notes, Oracle and custom applications. Some of the organization s clients run more than 200 different applications, which made managing and securing user identities and access rights a complex task. The company was relying on manual, paper-based processes for user administration. As the number of users, systems and companies grew, it was spending too much time on basic tasks like creating new user accounts and resetting forgotten passwords. Moreover, in 2009, the German government released a new directive on risk management in the insurance industry, which increased the need for a more auditable approach to IT security and access management. Using identity management and a solution that automates the security monitoring of IT systems and controls in real time, the organization was able to create a centralized identity and security management solution that automates most user management processes and provides greater insight into which users are accessing which systems. Because the solution is flexible enough to work with a range of applications, the company gained a single method of managing user identities regardless of its clients specific infrastructure. Now, when a new employee is created in a client s HR system, the solution automatically creates the appropriate user accounts in other systems, based on the employee s role. Plus, the solution consolidates access logs from all the different systems for real-time analysis and reporting. This provides a full audit trail and helps to reduce the risk of unauthorized or malicious users accessing systems. If unusual activity is detected, the system can take immediate action, such as immediately revoking access privileges. By automating the creation and deletion of user accounts, and providing a self-service portal that allows users to reset their own passwords, the organization reduced the amount of time spent 6 2011 Novell

>> Best Practices for Continuous Controls Monitoring Centralize user management for SAP and non-sap applications Leverage identity to enrich security and reporting Integrate identity management with the security infrastructure to: Understand who is accessing applications and whether that access is authorized Remove inactive accounts and save licensing costs Stop potentially harmful activity as it occurs on basic user management work. Just as important, the combination of identity management and security monitoring makes it easier for the service provider to demonstrate compliance with IT security and risk management legislation, and provides greater visibility into user activity. Access Management/Web Single Sign-on Access management is critical to ensuring that users have appropriate, role-based access to applications. Let s see how one company used identity and access management to more quickly and efficiently manage identities, enhance security and ensure that IT is more responsive to requests from the business. The company, the official Caterpillar equipment distributor in Italy, uses a mix of SAP and non- SAP Web-based applications including SAP ERP HCM, SAP NetWeaver, Lotus Domino and non-sap applications distributed across two autonomous divisions. With approximately 1,350 employees across its two divisions, the company found it challenging to manage user identities and access rights across dozens of different corporate applications and databases. Updating a user s profile to reflect a change in personal information or provide access to new applications was a slow, largely manual process that required significant effort from the IT department. This created delays and left users frustrated, since requests could take several days to execute. Equally, users needed multiple, separate logins for the applications, and spent significant amounts of time logging in and out of systems. The company now uses an identity management solution to centrally control user identities and largely automate the provisioning of new user accounts. It uses that solution in combination with access management to extend authentication seamlessly over the Web, simplifying and securing remote work via the SAP NetWeaver Portal. Once users log into the SAP NetWeaver portal, they have role-based access to the company s various SAP and non-sap applications. Any changes to user information are automatically synchronized across all connected directories and systems. >> Best Practices for Access Management Protect all Web-based applications behind a portal interface Use an identity vault to deliver consistent role-based access If needed, federate identities between internally hosted and externally hosted applications By housing these applications within a secure enterprise portal, the IT group can be certain that systems are protected from non-authorized access. Plus, with greater clarity into who is accessing systems, the organization has gained enhanced security. In fact, this transparency empowers the IT department to provide better information to the business and enables greater responsiveness to change requests. It also resolves potential security issues around expired users still having access to some corporate systems. Novell Identity, Security and Compliance Solutions for SAP Now organizations can tightly integrate SAP applications like SAP ERP HCM, SAP CRM and the SAP BusinessObjects GRC suite with Novell technologies that are ideally suited for enhancing identity, security and compliance controls in the SAP business environment: Novell Identity Manager. Ensure efficient, consistent, secure and compliant access to corporate assets across physical, virtual and cloud environments. Novell Access Manager. Provide secure, hassle-free access for all types of users including employees, customers and partners regardless of location or time of day. Novell Sentinel. Ensure security and compliance with proven policy monitoring, enforcement and reporting. 7 2011 Novell

Figure 2. Novell s identity and security technologies integrate seamlessly with SAP applications. Because these solutions are fully certified by SAP Labs, organizations can seamlessly integrate the security and identity information in their SAP solutions with other business applications. As a result, business policy becomes an automated IT practice, regardless of the systems involved. Novell technologies create an automated link between the SAP authoritative source such as SAP ERP HCM and the identity vault. This link enables data flow within a business based on its unique requirements, and eliminates the labor-intensive and error-prone practice of re-entering the same data into multiple databases. As new records are added, modified or deactivated/disabled in the authoritative source, network tasks associated with these events can be processed automatically. Tapping into the authoritative SAP source of personnel information, the data can be propagated to other non-sap business applications and databases without the need for custom integration solutions. Administrators can decide what data will be shared and how data will be presented within their organizations. Bridge the Gap Between Business Processes and IT Security and Controls In many organizations, business and IT groups have different mind-sets when it comes to application access and controls. This misalignment leads to inconsistency across the enterprise for user provisioning, identity management and security management. Even when dealing with a fluctuating user base, an identity-based foundation enables organizations to confidently grant user access to SAP applications regardless of where the users or applications reside. While SAP NetWeaver enables application-to-application processes, business-to-business processes and business process management and inserts real-world awareness into businesses processes, Novell provides a unique capability to inject identity throughout these processes. 8 2011 Novell

>> The Novell identity and security management stack is the first to achieve SAPcertified integration with SAP NetWeaver and SAP Business- Objects Governance, Risk and Compliance (GRC) solutions. SAP certification proves that Novell user provisioning, access management and security event monitoring technologies can integrate seamlessly with your SAP infrastructure. As a result, companies can extend and leverage SAP roles to provision the enterprise and provide automated, secure access to critical applications. By automating and centralizing user management for SAP and other applications, organizations can better secure their applications and ensure that the right people have the right access. Moreover, they can better understand what s happening at the application level, specifically who is accessing applications and whether or not they are in compliance with internal policies. Taking this approach allows companies to implement a more holistic security strategy across the enterprise, for stronger security and lower operational costs. Best of all, by leveraging identity, organizations can automate the entire process and minimize administration time. 9 2011 Novell

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information