Presentation is loading. Please wait.

Presentation is loading. Please wait.

SAP Dynamic Authorization Management by NextLabs

Published byDwight O’Brien’ Modified over 6 years ago

Similar presentations

Presentation on theme: "SAP Dynamic Authorization Management by NextLabs"— Presentation transcript:

1 SAP Dynamic Authorization Management by NextLabs
Speaker’s Name/Department (delete if not needed) Month 00, 2015

2 Agenda The SAP GRC Portfolio of Solutions
Customer Challenges with Information Risk Management Introducing SAP Dynamic Authorization Management by NextLabs Customer Value

3 SAP Solutions for Governance, Risk and Compliance Simplify, gain insight, strengthen
SAP Risk Management application SAP Process Control application SAP Access Control application SAP Identity Analytics analytic application Preserve and grow value Ensure effective controls and ongoing compliance Manage access risk and prevent fraud Gain insights into user roles and optimize decision making SAP Fraud Management analytic application SAP Audit Management application SAP Global Trade Services application SAP Electronic Invoicing for Brazil application Better detect and prevent fraud Transform audit. Move beyond assurance Optimize global trade and screen restricted parties Meet electronic invoicing requirements for Brazil SAP Access Violation Management application by Greenlight SAP Regulation Management application by Greenlight SAP Dynamic Authorization Management application by NextLabs SAP Technical Data Export Compliance application by NextLabs Identify and quantify the impact of actual access risk violations Manage regulatory requirements and align with internal control activities Turn business policy into automated information controls for data access, use and sharing Automate trade compliance for digital goods and technical data 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 3

4 Agenda The SAP GRC Portfolio of Solutions
Customer Challenges with Information Risk Management Introducing SAP Dynamic Authorization Management by NextLabs Customer Value

5 How to effectively secure data and applications
Need to Share Need to Protect Secure Sensitive Data Defend Against Cyber Attacks Make Better and Faster Decisions Global Business Model External Partners Distributed Supply Chain Collaboration Competitiveness Accelerate Time to Market Streamline Business Processes Leverage Cloud and Mobility Prevent Violations Financial Management Health and Privacy Agility and Efficiency Governance and Compliance “How do I protect sensitive information and still share with my extended enterprise?”

6 Customer challenges Enhancing security to SAP applications
Protecting sensitive data throughout the enterprise Preventing policy violations, including fraud, compliance, security Increasing data security without increasing number of roles to an unmanageable level Eliminating manual tasks to automate processes and facilitate business goals

7 The expanding approach to access control
Systemic Access determined by software ABAC RBAC (Attribute-based Access Control) Administration Grant permission prior to access attempt Runtime Grant permission at time of access attempt (Role-based Access Control) Groups + ACLs Procedural Access determined by people TSCP; Scott Fitch, Lockheed Martin

8 Attribute-based access control enhances the scalability of roles
Attributes are now “how we role” Prediction: By 2020, 70% of all businesses will use Attribute-based Access Control (ABAC) as the dominant mechanism to protect critical assets, up from <5% today. Dynamic Authorization Management Privileged Access/User Management Provisioning integration Access Governance Dynamic Authorization Management Supporting static and dynamic access enforcement Provisioning integrating: Supporting more options for deeper connecting to target systems Privileged Access/User Management: Supporting all types of users Gartner predicts Attribute will be new role1 Kuppinger recommends Dynamic Authorization2 NIST Recommends ABAC 1: Gartner Predicts 2014: Identity and Access Management 2: Kuppinger Cole Leadership Compass for Access Governance 3: The status and expected evolution of Access Goverance.

9 Agenda The SAP GRC Portfolio of Solutions
Customer Challenges with Information Risk Management Introducing SAP Dynamic Authorization Management by NextLabs Customer Value

10 SAP Dynamic Authorization Management by NextLabs Enhancing security for data and business applications Monitor data and application activity and streamline business processes Single policy platform to centralize and automate data and application security Automate Controls Secure Access Gain Insight Violations Prevent Minimize fraud, compliance and security violations Consistent and on-the-fly access enforcement with dynamic authorization

11 Controls Automate Secure Access Gain Insight Violations Prevent SAP Dynamic Authorization Management Automated Enforcement of Data and Application Security Controls Incorporates an attribute-based access control model with fine-grained contextual information Automate Controls Automates data classification and segregation Ability to control access at the transaction or field level

12 ABAC enhances traditional access control
Fine-grained authorization Access Controls at Transaction level View level Field level Automated data classification Ensures sensitive data is categorized properly Enables accurate policy enforcement Policy management Business level policy authoring tool SAP GRC integration Central management ACCESS DENIED: Only members of Project Y can access project data

13 Automates data classification
Features Classifies structured and unstructured data in SAP Allows user driven classification of data Classification based on content and/or association Automatic policy based classification Classification can be triggered at run time or through batch processes

14 SAP Dynamic Authorization Management Enforce policy decisions consistently and on-the-fly
Controls Automate Secure Access Gain Insight Violations Prevent Real-time policy messages with explanation and corrective workflow Secure Access Integration with existing identity management, HR and directory systems Centralized policy management ensures consistent application across geographies and divisions

15 Control center – policy engine
Integrates with Identity and Attribute sources Designs, deploys and evaluates policies Centrally manages policies Drag & Drop authoring Business friendly nomenclature Reusable policy components

16 Incorporates attribute-based access control
Fine grained access control which takes into account contextual factors Attributes are categorized into Subject, Environment and Resource Attributes can be changed easily and can be applied dynamically

17 Integrating identity, content and context attributes
User Recipient Internal and External Computer Network Location Channel/Application Connection Time Data Type Metadata Custom Tags Data Content Who is using or sharing what data, how, why and with whom

18 Business-level policies
Who can access What ,When and Where IF AND AND View, Edit User Clearance User Citizenship Allow AuthN Type User / Subject Attribute User / Subject Attribute Environment Attribute TO ‘Secret’, ‘Top Secret’ Documents Users is greater than or equal to is equal to is equal to Document Sensitivity ‘U.S.’ ‘MultiFactor’ Resource Attribute Allow U.S. citizens only TO view and edit Secret & Top Secret documents IF the user’s security clearance is higher or equal to the sensitivity classification of the document AND authentication scheme is multifactor

19 Policies use attributes during transaction for real-time authorization
Policies are evaluated dynamically during access request Policies use detailed attributes to more accurately determine what content should be accessed – what, why, when and where Changes in attributes and policies are seamless to the end user

20 SAP Dynamic Authorization Management Prevent fraud, compliance and security violations
Controls Automate Secure Access Gain Insight Violations Prevent Automatically incorporates business rules and policies and applies them from a central system Prevent Violations Real-time contextual information prevents users from accessing unauthorized information Integrates with SAP Access Control SoD rule set to prevent violations

21 Automatically incorporates business rules and policies for continuous governance
Rules and policies are applied at time of update to ensure the latest information is taken into account before allowing access Central repository for authoring and applying business rules and policies to ensure changes are up to date and consistent – minimizes manual intervention

22 Applies authorization policies from a central system
Organizations can update and enforce corporate policies across the extended enterprise Easier to implement and maintain SAP CUA/LDAP/ AD/HRMS SAP ECC Policy Studio Web GUI Policy Server SAP PLM Mobile Reporter Switch Policy Controller SAP DMS SAP GUI Control Center SAP SCM Administrator

23 Prevents role explosion
US Employee CA Employee UK Employee DE Employee NL Employee SE Employee SF Employee SE Employee North America Employee EU Employee Employee Functional roles cover broad static functions Derived roles enable the next level of organizational detail for transactions Need to create a new role for every new transaction capability Resulting in: Exponential increase of derived roles

24 Integrates with SAP Access Control
Combine SAP roles and access control information with attributes for dynamic authorization decisions incorporating location, HR info, computer, organization, time, etc. Attributes can now be pulled automatically using the Attribute adapter provided as part SAP Access Control 10.1 SAP Entitlement Manager Data Classification Data Segregation Access Control Audit SAP Access Control Source of Attributes Control Center User Attributes Information Control Policies SAP ECC AD/LDAP CUA HR User Attributes

25 Enhances SAP Access Control by Preventing SoDs
Stops Segregation of Duties violations before they occur Activating SoD checks through configuration Integrating with GRC AC SoD Rule set Stopping or warning the user during transaction Resulting in Reduction in Segregation of Duties violations Reduction in effort and resources to mitigate SoD violations and enforce compliance You ran the reports and have 2,345,678 violations. Now what?

26 SAP Dynamic Authorization Management Monitor data / application activity and streamline business processes Controls Automate Secure Access Gain Insight Violations Prevent Removes barriers to improve efficiency Gain Insight Centralized reporting and audit to detect patterns and anomalies Dashboards, trend analysis, incident investigation for preventative action

27 Centralized reporting on information usage and compliance
All of the activity is logged and reported across multiple applications Tracks access across SAP applications Centralized activity journal with customizable reporting and compliance dashboards Alert system tracks abnormal activity and signals when it reaches threshold limit

28 Agenda The SAP GRC Portfolio of Solutions
Customer Challenges with Information Risk Management Introducing SAP Dynamic Authorization Management by NextLabs Customer Value

29 Customer value Make sure the right people get the right data when they need it
Enables automatic enforcement of business rules and policies Centralizes enforcement and streamlines authorization process / changes Provides real-time monitoring for insight into data access and helps prevent fraud Strengthens security for sensitive information to enable safe collaboration and regulatory compliance Simplifies access administration by greatly reducing the number of roles under management Helps prevent Segregation of Duties violations Enables automatic enforcement of business rules and policies Centralizes enforcement and streamlines authorization process / changes Provides real-time monitoring for insight into data access and helps prevent fraud Strengthens security for sensitive information to enable safe collaboration and regulatory compliance Simplifies access administration by greatly reducing the number of roles under management Helps prevent Segregation of Duties violations

30 Thank you Contact information: F name MI. L name Title Address Phone number

31

Download ppt "SAP Dynamic Authorization Management by NextLabs"

Similar presentations

Travel and Expense Management Scenario Overview

Travel and Expense Management Scenario Overview
DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.
Travel and Expense Management Scenario Overview

Travel and Expense Management Scenario Overview
Www.lumension.com © Copyright 2008 - Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
Understanding Active Directory

Understanding Active Directory
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.

Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.
© 2009 IBM Corporation Delivering Quality Service with IBM Service Management April 13 th, 2009.

© 2009 IBM Corporation Delivering Quality Service with IBM Service Management April 13 th, 2009.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Cloud Computing! Aber sicher ?!? Ralf Schnell Customer Solutions Architect Principal Cloud Strategist

Cloud Computing! Aber sicher ?!? Ralf Schnell Customer Solutions Architect Principal Cloud Strategist
© 2011 IBM Corporation Smarter Software for a Smarter Planet The Capabilities of IBM Software Borislav Borissov SWG Manager, IBM.

© 2011 IBM Corporation Smarter Software for a Smarter Planet The Capabilities of IBM Software Borislav Borissov SWG Manager, IBM.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Unify and Simplify: Security Management

Unify and Simplify: Security Management
©2011 Quest Software, Inc. All rights reserved. Patrick Hunter EMEA IDAM Team Lead 7 th February 2012 Creating simple, effective and lasting IDAM solutions.

©2011 Quest Software, Inc. All rights reserved. Patrick Hunter EMEA IDAM Team Lead 7 th February 2012 Creating simple, effective and lasting IDAM solutions.
Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.

Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
© 2008 IBM Corporation ® IBM Cognos Business Viewpoint Miguel Garcia - Solutions Architect.

© 2008 IBM Corporation ® IBM Cognos Business Viewpoint Miguel Garcia - Solutions Architect.
Delivering business value through Context Driven Content Management Karsten Fogh Ho-Lanng, CTO.

Delivering business value through Context Driven Content Management Karsten Fogh Ho-Lanng, CTO.

Similar presentations

Ads by Google