SlideShare a Scribd company logo

What’s Happening in Information Risk Management

Download as PPTX, PDF
Michael S. Gurican
Michael S. Gurican

I've been getting a lot of questions about where NextLabs fits within the SAP GRC Solutions or if NextLabs competes with SAP GRC. The short answer is; NextLabs is part of the overall SAP solutions for GRC and Security. NextLabs falls under Access Governance, and Cybersecurity & Data Protection. NextLabs Business Value: 1. Prevents SOD (Segregation of Duties) violations 2. Provides data level security 3. Removes the requirement for user provisioning 4. Classifies data within SAP and unstructured data outside of SAP

Software
1 of 33
What’s Happening in Information Risk Management
2CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ What’s Happening with Information Risk Management Overview of SAP Dynamic Authorization Management Why SAP Dynamic Authorization Management Summary Agenda
3CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ How to effectively secure data and applications Governance and compliance  Global business model  External partners  Distributed supply chain Collaboration  Secure sensitive data  Defend against cyberattacks  Make better and faster decisions Competitiveness  Prevent violations  Financial management  Health and privacy Agility and efficiency Need to share Need to protect  Accelerate time to market  Streamline business processes  Leverage cloud and mobility “How do I protect sensitive information and still share with my extended enterprise?”
4CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ  Enhancing security of SAP applications  Protecting sensitive data throughout the enterprise  Preventing policy violations, including fraud, compliance, security  Increasing data security without increasing number of roles to an unmanageable level  Eliminating manual tasks to automate processes and facilitate business goals Customer challenges
5CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ The expanding approach to access control (Role-based access control) (Attribute-based access control) ABAC RBAC Groups + Access control lists Administrative Grant permission prior to access attempt Systemic Access determined by software Runtime Grant permission at time of access attempt Procedural Access determined by people
6CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Attribute-based access control enhances the scalability of roles Gartner predicts attribute will be new role.1 Kuppinger recommends dynamic authorization.2 Attributes are now “how we role” Prediction: By 2020, 70% of all businesses will use attribute- based access control (ABAC) as the dominant mechanism to protect critical assets, up from <5% today. NIST highlights ABAC. 1: Gartner Predicts 2014: Identity and Access Management 2: Kuppinger Cole Leadership Compass for Access Governance 3: NIST: Guide to Attribute Based Access Control (ABAC) Definition and Considerations Dynamic authorization management Privileged access/user management Provisioning integration Access governance
Overview of SAP Dynamic Authorization Management
8CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ SAP Dynamic Authorization Management application by NextLabs Enhancing security for data and business applications Gain insight Monitor data and application activity and streamline business processes Automate controls Use single policy platform to centralize and automate data and application security Prevent violations Minimize fraud; prevent compliance and security violations Secure access Use consistent and on-the- fly access enforcement with dynamic authorization Access governance
9CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Automate controls SAP Dynamic Authorization Management Automated enforcement of data and application security controls  Incorporates an attribute-based access control model with fine-grained contextual information  Automates data classification and segregation  Provides ability to control access at the transaction or field level
10CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Fine-grained authorization  Access controls at – Transaction level – View level – Field level  Automated data classification – Ensures that sensitive data is categorized properly – Enables accurate policy enforcement  Policy management – Business level policy authoring tool – SAP GRC integration – Central management ABAC enhances traditional access control ACCESS DENIED: Only members of Project Y can access project data
11CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Features  Classification of structured and unstructured data in SAP software  User-driven classification of data  Classification based on content and/or association  Automatic policy-based classification  Classification that can be triggered at run time or through batch processes Automates data classification
12CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Secure access SAP Dynamic Authorization Management Enforce policy decisions consistently and on-the-fly  Real-time policy messages with explanation and corrective workflow  Integration with existing identity management, HR, and directory systems  Centralized policy management, ensuring consistent application across geographies and divisions
13CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ  Integrates with identity and attribute sources  Designs, deploys, and evaluates policies  Centrally manages policies  Allows drag-and-drop authoring  Uses business-friendly nomenclature  Provides reusable policy components Control center – policy engine
14CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ  Fine-grained access control takes into account contextual factors  Attributes are categorized into subject, environment, and resource  Attributes can be changed easily and can be applied dynamically Incorporates attribute-based access control
15CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Who is using or sharing what data? How, why, and with whom? Integrating identity, content, and context attributes  User  Recipient  Internal and external  Data type  Metadata  Custom tags  Data content  Computer  Network location  Channel/application  Connection  Time Identity ContentContext
16CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Business-level policies Who can access what, when, and where Allow Users View, edit “Secret”, “top secret” documents User clearance Document sensitivity User citizenship U.S. Auth. type ‘Multifactor’ is greater than or equal to is equal to is equal to ANDANDIF TO Allow U.S. citizens only To view and edit Secret and top secret documents If the user’s security clearance is higher than or equal to the sensitivity classification of the document And authentication scheme is multifactor User/subject attribute User/subject attribute Environment attribute Resource attribute
17CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ  Policies are evaluated dynamically during access request.  Policies use detailed attributes to more accurately determine what content should be accessed – what, why, when, and where.  Changes in attributes and policies are seamless to the end user. Policies use attributes during transaction for real-time authorization.
18CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Prevent violations SAP Dynamic Authorization Management Prevent fraud, compliance, and security violations  Automatically incorporates business rules and policies and applies them from a central system  Real-time contextual information prevents users from accessing unauthorized information  Integrates with SAP Access Control segregation of duties (SoD) rule set to prevent violations
19CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ  Rules and policies applied at time of update to ensure that the latest information is taken into account before allowing access  Central repository for authoring and applying business rules and policies to ensure changes are up-to-date and consistent – minimizes manual intervention Automatically incorporates business rules and policies for continuous governance
20CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Applies authorization policies from a central system  Organizations can update and enforce corporate policies across the extended enterprise  This is easier to implement and maintain Policy studio Reporter Administrator Control center Policy server CUA/LDAP/HRMS/ active directory Switch Policy controller SAP SCM Doc. mgt. system SAP PLM SAP ERP SAP GUI Mobile Web GUI
21CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Prevents role explosion  Functional roles cover broad static functions  Derived roles enable the next level of organizational detail for transactions  A new role needs to be created for every new transaction capability United States employee Canada employee UK employee Germany employee Netherlands employee Sweden employee Finland employee Sweden employee North America employee EU employee Employee Resulting in:  Exponential increase of derived roles
22CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Integrates with SAP Access Control  Combine SAP roles and access control information with attributes for dynamic authorization decisions incorporating location, HR info, computer, organization, time, and so on.  Attributes can now be pulled automatically using the attribute adapter provided as part SAP Access Control 10.1 Entitlement Manager Data c classification Data segregation Access control Audit Control Center Information control policies SAP ERP User attributes SAP Access Control User attributes Source of attributes AD/LDAP CUA HR
23CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Stops segregation of duties (SoD) violations before they occur  Activating SoD checks through configuration  Integrating with GRC access control SoD rule set  Stopping or warning the user during transaction Resulting in  Reduction in SoD violations  Reduction in effort and resources to mitigate SoD violations and enforce compliance Enhances SAP Access Control by preventing SoD violations You ran the reports and have 2,345,678 violations. Now what?
24CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Gain insight SAP Dynamic Authorization Management Monitor data and application activity and streamline business processes  Removal of barriers to improve efficiency  Centralized reporting and audit to detect patterns and anomalies  Dashboards, trend analysis, and incident investigation for preventive action
25CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ  All the activity is logged and reported across multiple applications  It tracks access across SAP applications  The centralized activity journal has customizable reporting and compliance dashboards  The alert system tracks abnormal activity and signals when it reaches threshold limit Centralized reporting on information usage and compliance
26CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ SAP Dynamic Authorization Management Key features for attribute-based access control  Incorporates an attribute-based access control model with fine- grained contextual information  Automates data classification and segregation  Provides ability to control access at the transaction or field level  Real-time policy messages with explanation and corrective workflow  Integration with existing identity management, HR, and directory systems  Centralized policy management, ensuring consistent application across geographies and divisions  Automatically incorporates business rules and policies and applies them from a central system  Real-time contextual information prevents users from accessing unauthorized information  Integrates with SAP Access Control SoD rule set to prevent violations  Removal of barriers to improve efficiency  Centralized reporting and audit to detect patterns and anomalies  Dashboards, trend analysis, and incident investigation for preventive action Automate controls Secure access Prevent violations Gain insight
Why SAP Dynamic Authorization Management
28CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ SAP Dynamic Authorization Management Benefits and capabilities Benefits Strengthens security for sensitive information to enable safe collaboration and regulatory compliance Reduces information management risk Centralized policy management ensures consistent application across geographies and divisions Simplified access administration greatly reduces the number of user roles under management Capabilities Attribute-based access control model with fine-grained contextual information Real-time policy messages with explanation and corrective workflow Integration with existing identity management, HR, and directory systems Centralized reporting and audit to detect patterns and anomalies
Summary
30CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Why SAP GRC solutions SafeIntegratedSimple  Do more with less: reduce the cost and effort of your GRC and security programs  Use a modular approach to deploy at your own speed  Gain an enterprise approach and view into your GRC and security activities and bring together disparate parts of the organization  Take advantage of native integration for real-time exception monitoring and decision making  Get up and running faster, leveraging industry and line-of- business content  Go lean with automated monitoring on very large amounts of data  Reduce risk by choosing an industry-recognized, leading GRC and security portfolio  Meet the requirements of your organization by choosing how you want to deploy ‒ in the cloud or on premise  Share and learn from a community and partner ecosystem that is second to none
31CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Take a look at www.sap.com/GRC www.sap.com/security www.sap.com/finance Follow our blogs GRC Tuesdays Find detailed information sap.com product page Follow us on Twitter #SAPGRC For more information Not Your Father’s Finance
Thank you. Contact information: Michael Gurican NextLabs, Inc. | Enterprise Account Executive 414-234-0249 | michael.gurican@nextlabs.com
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. The information contained herein may be changed without prior notice. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible future developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, and they should not be relied upon in making purchasing decisions. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies. See http://global.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices. © 2017 SAP SE or an SAP affiliate company. All rights reserved.

Recommended

Managed It Services
Managed It ServicesManaged It Services
Managed It ServicesGss America
 
How to Evaluate a Managed Services Firm
How to Evaluate a Managed Services FirmHow to Evaluate a Managed Services Firm
How to Evaluate a Managed Services Firmoneneckitservices
 
Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureSABSAcourses
 
1cloudstar cloud track.v1.0
1cloudstar cloud track.v1.01cloudstar cloud track.v1.0
1cloudstar cloud track.v1.01CloudStar
 
GRC Essentials for Customers using SAP
GRC Essentials for Customers using SAP GRC Essentials for Customers using SAP
GRC Essentials for Customers using SAP Dudley Cartwright
 
Core optimization methodology_benefit ver 1.1
Core optimization methodology_benefit ver 1.1Core optimization methodology_benefit ver 1.1
Core optimization methodology_benefit ver 1.1M INTERGRAPH SYSTEMS PRIVATE LIMITED
 
8MANOverview
8MANOverview8MANOverview
8MANOverviewPaul James Thompson
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification PresentationDerroylo
 

Recommended

Managed It Services
Managed It ServicesManaged It Services
Managed It ServicesGss America
 
How to Evaluate a Managed Services Firm
How to Evaluate a Managed Services FirmHow to Evaluate a Managed Services Firm
How to Evaluate a Managed Services Firmoneneckitservices
 
Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureSABSAcourses
 
1cloudstar cloud track.v1.0
1cloudstar cloud track.v1.01cloudstar cloud track.v1.0
1cloudstar cloud track.v1.01CloudStar
 
GRC Essentials for Customers using SAP
GRC Essentials for Customers using SAP GRC Essentials for Customers using SAP
GRC Essentials for Customers using SAP Dudley Cartwright
 
Core optimization methodology_benefit ver 1.1
Core optimization methodology_benefit ver 1.1Core optimization methodology_benefit ver 1.1
Core optimization methodology_benefit ver 1.1M INTERGRAPH SYSTEMS PRIVATE LIMITED
 
8MANOverview
8MANOverview8MANOverview
8MANOverviewPaul James Thompson
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification PresentationDerroylo
 
Five Elements of Effective Data Access Governance
Five Elements of Effective Data Access Governance Five Elements of Effective Data Access Governance
Five Elements of Effective Data Access Governance Privacera
 
A Comprehensive Guide to Managed Services
A Comprehensive Guide to Managed ServicesA Comprehensive Guide to Managed Services
A Comprehensive Guide to Managed Servicessangerarayal
 
Managed Services - Explained
Managed Services - ExplainedManaged Services - Explained
Managed Services - ExplainedGhassan Chahine
 
IT Infrastructure Management and Outsourcing
IT Infrastructure Management and OutsourcingIT Infrastructure Management and Outsourcing
IT Infrastructure Management and OutsourcingYASH Technologies
 
SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0Maganathin Veeraragaloo
 
Case Study For Data Governance Portal
Case Study For Data Governance PortalCase Study For Data Governance Portal
Case Study For Data Governance PortalMike Taylor
 
SharePoint Governance and Compliance
SharePoint Governance and ComplianceSharePoint Governance and Compliance
SharePoint Governance and ComplianceAlistair Pugin
 
Proventiv Sales Presentation
Proventiv Sales PresentationProventiv Sales Presentation
Proventiv Sales PresentationMSI Services
 
IBM Software Capabilities
IBM Software CapabilitiesIBM Software Capabilities
IBM Software CapabilitiesNone
 
Effective data protection for businesses with multiple locations
Effective data protection for businesses with multiple locationsEffective data protection for businesses with multiple locations
Effective data protection for businesses with multiple locationsInTechnology Managed Services (part of Redcentric)
 
Post-Mainframe Managed Services
Post-Mainframe Managed ServicesPost-Mainframe Managed Services
Post-Mainframe Managed ServicesModern Systems
 
Amazing Benefits of Hiring a Managed Service Provider
Amazing Benefits of Hiring a Managed Service ProviderAmazing Benefits of Hiring a Managed Service Provider
Amazing Benefits of Hiring a Managed Service ProviderDebojyoti Ghosh
 
CMS IT Services new ppt _j15
CMS IT Services new ppt _j15CMS IT Services new ppt _j15
CMS IT Services new ppt _j15CMS IT Training Institute
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitectureKris Kimmerle
 
ITIL4 - DIGITAL TRUST FRAMEWORK
ITIL4 - DIGITAL TRUST FRAMEWORKITIL4 - DIGITAL TRUST FRAMEWORK
ITIL4 - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseNextLabs, Inc.
 
It infrastructure management services @ yash
It infrastructure management services @ yashIt infrastructure management services @ yash
It infrastructure management services @ yashYASH Technologies
 
Birst for Recurring Revenue
Birst for Recurring RevenueBirst for Recurring Revenue
Birst for Recurring Revenueinside-BigData.com
 
Strata NYC 2015 - Transamerica and INFA v1
Strata NYC 2015 - Transamerica and INFA v1Strata NYC 2015 - Transamerica and INFA v1
Strata NYC 2015 - Transamerica and INFA v1Vishal Bamba
 
Managed Services
Managed ServicesManaged Services
Managed ServicesThe TNS Group
 
SAP Dynamic Authorization Management
SAP Dynamic Authorization Management SAP Dynamic Authorization Management
SAP Dynamic Authorization Management SAP Solution Extensions
 
Financial Services - New Approach to Data Management in the Digital Era
Financial Services - New Approach to Data Management in the Digital EraFinancial Services - New Approach to Data Management in the Digital Era
Financial Services - New Approach to Data Management in the Digital Eraaccenture
 

More Related Content

What's hot

Five Elements of Effective Data Access Governance
Five Elements of Effective Data Access Governance Five Elements of Effective Data Access Governance
Five Elements of Effective Data Access Governance Privacera
 
A Comprehensive Guide to Managed Services
A Comprehensive Guide to Managed ServicesA Comprehensive Guide to Managed Services
A Comprehensive Guide to Managed Servicessangerarayal
 
Managed Services - Explained
Managed Services - ExplainedManaged Services - Explained
Managed Services - ExplainedGhassan Chahine
 
IT Infrastructure Management and Outsourcing
IT Infrastructure Management and OutsourcingIT Infrastructure Management and Outsourcing
IT Infrastructure Management and OutsourcingYASH Technologies
 
Case Study For Data Governance Portal
Case Study For Data Governance PortalCase Study For Data Governance Portal
Case Study For Data Governance PortalMike Taylor
 
SharePoint Governance and Compliance
SharePoint Governance and ComplianceSharePoint Governance and Compliance
SharePoint Governance and ComplianceAlistair Pugin
 
Proventiv Sales Presentation
Proventiv Sales PresentationProventiv Sales Presentation
Proventiv Sales PresentationMSI Services
 
IBM Software Capabilities
IBM Software CapabilitiesIBM Software Capabilities
IBM Software CapabilitiesNone
 
Post-Mainframe Managed Services
Post-Mainframe Managed ServicesPost-Mainframe Managed Services
Post-Mainframe Managed ServicesModern Systems
 
Amazing Benefits of Hiring a Managed Service Provider
Amazing Benefits of Hiring a Managed Service ProviderAmazing Benefits of Hiring a Managed Service Provider
Amazing Benefits of Hiring a Managed Service ProviderDebojyoti Ghosh
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitectureKris Kimmerle
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseNextLabs, Inc.
 
It infrastructure management services @ yash
It infrastructure management services @ yashIt infrastructure management services @ yash
It infrastructure management services @ yashYASH Technologies
 
Strata NYC 2015 - Transamerica and INFA v1
Strata NYC 2015 - Transamerica and INFA v1Strata NYC 2015 - Transamerica and INFA v1
Strata NYC 2015 - Transamerica and INFA v1Vishal Bamba
 

What's hot (20)

Five Elements of Effective Data Access Governance
Five Elements of Effective Data Access Governance Five Elements of Effective Data Access Governance
Five Elements of Effective Data Access Governance
 
A Comprehensive Guide to Managed Services
A Comprehensive Guide to Managed ServicesA Comprehensive Guide to Managed Services
A Comprehensive Guide to Managed Services
 
Managed Services - Explained
Managed Services - ExplainedManaged Services - Explained
Managed Services - Explained
 
IT Infrastructure Management and Outsourcing
IT Infrastructure Management and OutsourcingIT Infrastructure Management and Outsourcing
IT Infrastructure Management and Outsourcing
 
SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0
 
Case Study For Data Governance Portal
Case Study For Data Governance PortalCase Study For Data Governance Portal
Case Study For Data Governance Portal
 
SharePoint Governance and Compliance
SharePoint Governance and ComplianceSharePoint Governance and Compliance
SharePoint Governance and Compliance
 
Proventiv Sales Presentation
Proventiv Sales PresentationProventiv Sales Presentation
Proventiv Sales Presentation
 
IBM Software Capabilities
IBM Software CapabilitiesIBM Software Capabilities
IBM Software Capabilities
 
Effective data protection for businesses with multiple locations
Effective data protection for businesses with multiple locationsEffective data protection for businesses with multiple locations
Effective data protection for businesses with multiple locations
 
Post-Mainframe Managed Services
Post-Mainframe Managed ServicesPost-Mainframe Managed Services
Post-Mainframe Managed Services
 
Amazing Benefits of Hiring a Managed Service Provider
Amazing Benefits of Hiring a Managed Service ProviderAmazing Benefits of Hiring a Managed Service Provider
Amazing Benefits of Hiring a Managed Service Provider
 
CMS IT Services new ppt _j15
CMS IT Services new ppt _j15CMS IT Services new ppt _j15
CMS IT Services new ppt _j15
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
ITIL4 - DIGITAL TRUST FRAMEWORK
ITIL4 - DIGITAL TRUST FRAMEWORKITIL4 - DIGITAL TRUST FRAMEWORK
ITIL4 - DIGITAL TRUST FRAMEWORK
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended Enterprise
 
It infrastructure management services @ yash
It infrastructure management services @ yashIt infrastructure management services @ yash
It infrastructure management services @ yash
 
Birst for Recurring Revenue
Birst for Recurring RevenueBirst for Recurring Revenue
Birst for Recurring Revenue
 
Strata NYC 2015 - Transamerica and INFA v1
Strata NYC 2015 - Transamerica and INFA v1Strata NYC 2015 - Transamerica and INFA v1
Strata NYC 2015 - Transamerica and INFA v1
 
Managed Services
Managed ServicesManaged Services
Managed Services
 

Similar to What’s Happening in Information Risk Management

Financial Services - New Approach to Data Management in the Digital Era
Financial Services - New Approach to Data Management in the Digital EraFinancial Services - New Approach to Data Management in the Digital Era
Financial Services - New Approach to Data Management in the Digital Eraaccenture
 
Introducing Smartsheet Gov: The Trusted Work Execution Platform for Government
Introducing Smartsheet Gov: The Trusted Work Execution Platform for GovernmentIntroducing Smartsheet Gov: The Trusted Work Execution Platform for Government
Introducing Smartsheet Gov: The Trusted Work Execution Platform for GovernmentAmazon Web Services
 
SAP Data Hub – What is it, and what’s new? (Sefan Linders)
SAP Data Hub – What is it, and what’s new? (Sefan Linders)SAP Data Hub – What is it, and what’s new? (Sefan Linders)
SAP Data Hub – What is it, and what’s new? (Sefan Linders)Twan van den Broek
 
Sap PdMS Predictive Maintenance Service
Sap PdMS Predictive Maintenance ServiceSap PdMS Predictive Maintenance Service
Sap PdMS Predictive Maintenance ServiceBranding Maintenance
 
Guardian analytics vs. actimize 2016
Guardian analytics vs. actimize 2016Guardian analytics vs. actimize 2016
Guardian analytics vs. actimize 2016Laurent Pacalin
 
Sap increase your return on information by focusing on data governance - ma...
Sap increase your return on information by focusing on data governance - ma...Sap increase your return on information by focusing on data governance - ma...
Sap increase your return on information by focusing on data governance - ma...Bertille Laudoux
 
Leverage Sage Business Intelligence for Your Organization
Leverage Sage Business Intelligence for Your OrganizationLeverage Sage Business Intelligence for Your Organization
Leverage Sage Business Intelligence for Your OrganizationRKLeSolutions
 
Sap Grc Security
Sap Grc SecuritySap Grc Security
Sap Grc SecurityAppsian
 
SAP Inside Track Walldorf 2018 - Demistify SAP Leonardo Machine Learning Foun...
SAP Inside Track Walldorf 2018 - Demistify SAP Leonardo Machine Learning Foun...SAP Inside Track Walldorf 2018 - Demistify SAP Leonardo Machine Learning Foun...
SAP Inside Track Walldorf 2018 - Demistify SAP Leonardo Machine Learning Foun...Abdelhalim DADOUCHE
 
Overview of Workday Prism Analytics Training
Overview of Workday Prism Analytics TrainingOverview of Workday Prism Analytics Training
Overview of Workday Prism Analytics TrainingERP Cloud Training
 
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070retheauditors
 
#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance
#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance
#askSAP GRC Innovations Community Call: Cybersecurity Risk and GovernanceSAP Analytics
 
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]TrustArc
 
Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019Appsian
 
Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019Appsian
 

Similar to What’s Happening in Information Risk Management (20)

SAP Dynamic Authorization Management
SAP Dynamic Authorization Management SAP Dynamic Authorization Management
SAP Dynamic Authorization Management
 
Financial Services - New Approach to Data Management in the Digital Era
Financial Services - New Approach to Data Management in the Digital EraFinancial Services - New Approach to Data Management in the Digital Era
Financial Services - New Approach to Data Management in the Digital Era
 
Better technology for better cloud
Better technology for better cloudBetter technology for better cloud
Better technology for better cloud
 
One Vision
One VisionOne Vision
One Vision
 
Introducing Smartsheet Gov: The Trusted Work Execution Platform for Government
Introducing Smartsheet Gov: The Trusted Work Execution Platform for GovernmentIntroducing Smartsheet Gov: The Trusted Work Execution Platform for Government
Introducing Smartsheet Gov: The Trusted Work Execution Platform for Government
 
SAP Data Hub – What is it, and what’s new? (Sefan Linders)
SAP Data Hub – What is it, and what’s new? (Sefan Linders)SAP Data Hub – What is it, and what’s new? (Sefan Linders)
SAP Data Hub – What is it, and what’s new? (Sefan Linders)
 
Sap PdMS Predictive Maintenance Service
Sap PdMS Predictive Maintenance ServiceSap PdMS Predictive Maintenance Service
Sap PdMS Predictive Maintenance Service
 
Guardian analytics vs. actimize 2016
Guardian analytics vs. actimize 2016Guardian analytics vs. actimize 2016
Guardian analytics vs. actimize 2016
 
Sap increase your return on information by focusing on data governance - ma...
Sap increase your return on information by focusing on data governance - ma...Sap increase your return on information by focusing on data governance - ma...
Sap increase your return on information by focusing on data governance - ma...
 
Leverage Sage Business Intelligence for Your Organization
Leverage Sage Business Intelligence for Your OrganizationLeverage Sage Business Intelligence for Your Organization
Leverage Sage Business Intelligence for Your Organization
 
Finest course for finest career
Finest course for finest careerFinest course for finest career
Finest course for finest career
 
Sap Grc Security
Sap Grc SecuritySap Grc Security
Sap Grc Security
 
SAP Inside Track Walldorf 2018 - Demistify SAP Leonardo Machine Learning Foun...
SAP Inside Track Walldorf 2018 - Demistify SAP Leonardo Machine Learning Foun...SAP Inside Track Walldorf 2018 - Demistify SAP Leonardo Machine Learning Foun...
SAP Inside Track Walldorf 2018 - Demistify SAP Leonardo Machine Learning Foun...
 
Overview of Workday Prism Analytics Training
Overview of Workday Prism Analytics TrainingOverview of Workday Prism Analytics Training
Overview of Workday Prism Analytics Training
 
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
 
#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance
#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance
#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance
 
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
 
Fix nix, inc
Fix nix, incFix nix, inc
Fix nix, inc
 
Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019
 
Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019
 

Recently uploaded

%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024VictoriaMetrics
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfkalichargn70th171
 
tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Hararemasabamasaba
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...masabamasaba
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...masabamasaba
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benonimasabamasaba
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...masabamasaba
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxAnnaArtyushina1
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 

Recently uploaded (20)

%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 

What’s Happening in Information Risk Management

  • 1. What’s Happening in Information Risk Management
  • 2. 2CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ What’s Happening with Information Risk Management Overview of SAP Dynamic Authorization Management Why SAP Dynamic Authorization Management Summary Agenda
  • 3. 3CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ How to effectively secure data and applications Governance and compliance  Global business model  External partners  Distributed supply chain Collaboration  Secure sensitive data  Defend against cyberattacks  Make better and faster decisions Competitiveness  Prevent violations  Financial management  Health and privacy Agility and efficiency Need to share Need to protect  Accelerate time to market  Streamline business processes  Leverage cloud and mobility “How do I protect sensitive information and still share with my extended enterprise?”
  • 4. 4CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ  Enhancing security of SAP applications  Protecting sensitive data throughout the enterprise  Preventing policy violations, including fraud, compliance, security  Increasing data security without increasing number of roles to an unmanageable level  Eliminating manual tasks to automate processes and facilitate business goals Customer challenges
  • 5. 5CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ The expanding approach to access control (Role-based access control) (Attribute-based access control) ABAC RBAC Groups + Access control lists Administrative Grant permission prior to access attempt Systemic Access determined by software Runtime Grant permission at time of access attempt Procedural Access determined by people
  • 6. 6CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Attribute-based access control enhances the scalability of roles Gartner predicts attribute will be new role.1 Kuppinger recommends dynamic authorization.2 Attributes are now “how we role” Prediction: By 2020, 70% of all businesses will use attribute- based access control (ABAC) as the dominant mechanism to protect critical assets, up from <5% today. NIST highlights ABAC. 1: Gartner Predicts 2014: Identity and Access Management 2: Kuppinger Cole Leadership Compass for Access Governance 3: NIST: Guide to Attribute Based Access Control (ABAC) Definition and Considerations Dynamic authorization management Privileged access/user management Provisioning integration Access governance
  • 7. Overview of SAP Dynamic Authorization Management
  • 8. 8CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ SAP Dynamic Authorization Management application by NextLabs Enhancing security for data and business applications Gain insight Monitor data and application activity and streamline business processes Automate controls Use single policy platform to centralize and automate data and application security Prevent violations Minimize fraud; prevent compliance and security violations Secure access Use consistent and on-the- fly access enforcement with dynamic authorization Access governance
  • 9. 9CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Automate controls SAP Dynamic Authorization Management Automated enforcement of data and application security controls  Incorporates an attribute-based access control model with fine-grained contextual information  Automates data classification and segregation  Provides ability to control access at the transaction or field level
  • 10. 10CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Fine-grained authorization  Access controls at – Transaction level – View level – Field level  Automated data classification – Ensures that sensitive data is categorized properly – Enables accurate policy enforcement  Policy management – Business level policy authoring tool – SAP GRC integration – Central management ABAC enhances traditional access control ACCESS DENIED: Only members of Project Y can access project data
  • 11. 11CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Features  Classification of structured and unstructured data in SAP software  User-driven classification of data  Classification based on content and/or association  Automatic policy-based classification  Classification that can be triggered at run time or through batch processes Automates data classification
  • 12. 12CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Secure access SAP Dynamic Authorization Management Enforce policy decisions consistently and on-the-fly  Real-time policy messages with explanation and corrective workflow  Integration with existing identity management, HR, and directory systems  Centralized policy management, ensuring consistent application across geographies and divisions
  • 13. 13CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ  Integrates with identity and attribute sources  Designs, deploys, and evaluates policies  Centrally manages policies  Allows drag-and-drop authoring  Uses business-friendly nomenclature  Provides reusable policy components Control center – policy engine
  • 14. 14CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ  Fine-grained access control takes into account contextual factors  Attributes are categorized into subject, environment, and resource  Attributes can be changed easily and can be applied dynamically Incorporates attribute-based access control
  • 15. 15CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Who is using or sharing what data? How, why, and with whom? Integrating identity, content, and context attributes  User  Recipient  Internal and external  Data type  Metadata  Custom tags  Data content  Computer  Network location  Channel/application  Connection  Time Identity ContentContext
  • 16. 16CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Business-level policies Who can access what, when, and where Allow Users View, edit “Secret”, “top secret” documents User clearance Document sensitivity User citizenship U.S. Auth. type ‘Multifactor’ is greater than or equal to is equal to is equal to ANDANDIF TO Allow U.S. citizens only To view and edit Secret and top secret documents If the user’s security clearance is higher than or equal to the sensitivity classification of the document And authentication scheme is multifactor User/subject attribute User/subject attribute Environment attribute Resource attribute
  • 17. 17CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ  Policies are evaluated dynamically during access request.  Policies use detailed attributes to more accurately determine what content should be accessed – what, why, when, and where.  Changes in attributes and policies are seamless to the end user. Policies use attributes during transaction for real-time authorization.
  • 18. 18CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Prevent violations SAP Dynamic Authorization Management Prevent fraud, compliance, and security violations  Automatically incorporates business rules and policies and applies them from a central system  Real-time contextual information prevents users from accessing unauthorized information  Integrates with SAP Access Control segregation of duties (SoD) rule set to prevent violations
  • 19. 19CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ  Rules and policies applied at time of update to ensure that the latest information is taken into account before allowing access  Central repository for authoring and applying business rules and policies to ensure changes are up-to-date and consistent – minimizes manual intervention Automatically incorporates business rules and policies for continuous governance
  • 20. 20CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Applies authorization policies from a central system  Organizations can update and enforce corporate policies across the extended enterprise  This is easier to implement and maintain Policy studio Reporter Administrator Control center Policy server CUA/LDAP/HRMS/ active directory Switch Policy controller SAP SCM Doc. mgt. system SAP PLM SAP ERP SAP GUI Mobile Web GUI
  • 21. 21CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Prevents role explosion  Functional roles cover broad static functions  Derived roles enable the next level of organizational detail for transactions  A new role needs to be created for every new transaction capability United States employee Canada employee UK employee Germany employee Netherlands employee Sweden employee Finland employee Sweden employee North America employee EU employee Employee Resulting in:  Exponential increase of derived roles
  • 22. 22CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Integrates with SAP Access Control  Combine SAP roles and access control information with attributes for dynamic authorization decisions incorporating location, HR info, computer, organization, time, and so on.  Attributes can now be pulled automatically using the attribute adapter provided as part SAP Access Control 10.1 Entitlement Manager Data c classification Data segregation Access control Audit Control Center Information control policies SAP ERP User attributes SAP Access Control User attributes Source of attributes AD/LDAP CUA HR
  • 23. 23CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Stops segregation of duties (SoD) violations before they occur  Activating SoD checks through configuration  Integrating with GRC access control SoD rule set  Stopping or warning the user during transaction Resulting in  Reduction in SoD violations  Reduction in effort and resources to mitigate SoD violations and enforce compliance Enhances SAP Access Control by preventing SoD violations You ran the reports and have 2,345,678 violations. Now what?
  • 24. 24CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Gain insight SAP Dynamic Authorization Management Monitor data and application activity and streamline business processes  Removal of barriers to improve efficiency  Centralized reporting and audit to detect patterns and anomalies  Dashboards, trend analysis, and incident investigation for preventive action
  • 25. 25CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ  All the activity is logged and reported across multiple applications  It tracks access across SAP applications  The centralized activity journal has customizable reporting and compliance dashboards  The alert system tracks abnormal activity and signals when it reaches threshold limit Centralized reporting on information usage and compliance
  • 26. 26CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ SAP Dynamic Authorization Management Key features for attribute-based access control  Incorporates an attribute-based access control model with fine- grained contextual information  Automates data classification and segregation  Provides ability to control access at the transaction or field level  Real-time policy messages with explanation and corrective workflow  Integration with existing identity management, HR, and directory systems  Centralized policy management, ensuring consistent application across geographies and divisions  Automatically incorporates business rules and policies and applies them from a central system  Real-time contextual information prevents users from accessing unauthorized information  Integrates with SAP Access Control SoD rule set to prevent violations  Removal of barriers to improve efficiency  Centralized reporting and audit to detect patterns and anomalies  Dashboards, trend analysis, and incident investigation for preventive action Automate controls Secure access Prevent violations Gain insight
  • 28. 28CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ SAP Dynamic Authorization Management Benefits and capabilities Benefits Strengthens security for sensitive information to enable safe collaboration and regulatory compliance Reduces information management risk Centralized policy management ensures consistent application across geographies and divisions Simplified access administration greatly reduces the number of user roles under management Capabilities Attribute-based access control model with fine-grained contextual information Real-time policy messages with explanation and corrective workflow Integration with existing identity management, HR, and directory systems Centralized reporting and audit to detect patterns and anomalies
  • 30. 30CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Why SAP GRC solutions SafeIntegratedSimple  Do more with less: reduce the cost and effort of your GRC and security programs  Use a modular approach to deploy at your own speed  Gain an enterprise approach and view into your GRC and security activities and bring together disparate parts of the organization  Take advantage of native integration for real-time exception monitoring and decision making  Get up and running faster, leveraging industry and line-of- business content  Go lean with automated monitoring on very large amounts of data  Reduce risk by choosing an industry-recognized, leading GRC and security portfolio  Meet the requirements of your organization by choosing how you want to deploy ‒ in the cloud or on premise  Share and learn from a community and partner ecosystem that is second to none
  • 31. 31CUSTOMER© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Take a look at www.sap.com/GRC www.sap.com/security www.sap.com/finance Follow our blogs GRC Tuesdays Find detailed information sap.com product page Follow us on Twitter #SAPGRC For more information Not Your Father’s Finance
  • 32. Thank you. Contact information: Michael Gurican NextLabs, Inc. | Enterprise Account Executive 414-234-0249 | michael.gurican@nextlabs.com
  • 33. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. The information contained herein may be changed without prior notice. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible future developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, and they should not be relied upon in making purchasing decisions. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies. See http://global.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices. © 2017 SAP SE or an SAP affiliate company. All rights reserved.