Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Managaement
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Partners
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social Responsibility
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Careers
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Blogs
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
FAQs
We've put together a comprehensive list of frequently asked questions - along with our responses - to the most common GRC and SAP security issues.
26 July 2019

Managing today's SAP risks: the key questions

SAP security and GRC professionals now have the tools and technology available to be more effective than ever in securing their critical SAP environments. Yet at the same time, the threat landscape has never been as fierce as it is today. While those responsible focus on safeguarding SAP applications, business leaders also expect more from these teams in terms of adding value across the wider risk management agenda.

It’s also a time of great change for SAP customers generally, as the need to embrace SAP S/4 HANA moves more sharply into focus - bringing with it many significant and very different security considerations. Enhanced interconnectivity and mobility can bring clear benefits but also leave SAP applications and infrastructure increasingly open, so it is vital to make the make the right security decisions from the outset.

When Turnkey Consulting’s global management team met in Sydney, Australia, we discussed some of the biggest risk-related questions facing SAP customers today. Collectively the team has many, many years of experience in helping hundreds of SAP customers manage risks across the globe.

We explored key issues such as the new security challenges in migrating to SAP S/4 HANA, managing cyber threats and how to maximise your investment in SAP GRC. We’ve produced a seven-part video series, which captured the roundtable insights from our team of GRC experts. We also shared our views on the differences in maturity that we’ve seen in different corners of the world, as well as across different industries.

To watch the 7-part video series now click here.


Here’s a quick summary of what you’ll learn from the video series

Part 1: What are the security challenges with SAP implementations?

With more security considerations to make, it is vital that those responsible for SAP security are engaged early in the process.  

So, we cover the lessons to be learnt from previous ERP implementations - many of which were hampered with costly retrospective changes that could have been avoided if security was considered earlier on in the project. You’ll learn why security should be a main focus of any project, playing a vital role in system implementation right from conception.


Part 2: How can a security specialist work with systems integrators?

In this video we look at why few systems integrators possess the security skill set required to manage today’s threats effectively. And we explore the role of a security specialist that works alongside the integrator to minimise risk.

From this video, you’ll understand why managing SAP security requires an increasingly in-depth knowledge of risk and compliance processes and tools. Many organisations have already discovered that combining the strong functional and technical experience of a systems integrator with the specialist skills of an SAP security expert, could ensure nothing is missed when it comes to security. 


Parts 3 & 4: What security challenges are presented by moving to SAP S/4 HANA?

In the next two videos, we discuss the security implications involved in migrating to SAP S/4 HANA. With increasingly complex underlying architectures, ensuring the security of your SAP environment needs to be a key focus for any migration to SAP S/4 HANA.

You’ll see that whilst the interface and user experience of SAP S/4 HANA is far simpler, the underlying architecture is actually far more complex. Also, you’ll get a clearer view of the new cyber risks and security challenges that are potentially more wide-ranging - especially when you consider that S/4 HANA migrations are often run alongside the implementation of cloud-based SAP technologies.


Part 5: How can companies drive more value from their investment in SAP GRC?

In this discussion, we debate why access management and compliance is usually the primary focus for many SAP customers, and how some organisations are missing opportunities to drive more value from SAP GRC.

Like any investment, the best way to deliver ROI is to utilise and maximise all possible functionality within the system, which requires effective training and use of automation. And this video will help you identify where the opportunities may exist for you to unlock more value from your SAP GRC tools.


Part 6: How can clients minimise the cost of security remediation?

Six-monthly checks remain commonplace, but in reality, controls should be continuously reviewed in order to prevent excessive security costs and role remediation. In fact, many role remediation projects begin as a result of the changing security requirements of legacy implementations, organisational changes and business processes.

In this video, you’ll learn why security should be considered an ongoing priority, not a one-off investment. This will ensure the security function can develop in line with changes, evolve with the system and reduce the need for role remediation.    


Part 7: What cyber initiatives are SAP customers focusing on?

In our last video, we look at why SAP customers should consider key cyber risks, best practice cyber strategy, identity management, privilege access management and testing. The discussion moves into the lower layers of the system, such as the database, operating system and the coding configuration underlying the SAP application environment.

You’ll learn why many organisations are also putting a lot more focus on ‘worst-case scenarios’, with more disaster recovery and business continuity plans than ever before. With multiple applications (even within internal systems) and external clients/vendors increasingly sharing information in cloud applications, the risks are greater – and your security measures must reflect that.



View the video series

See all the answers to key questions surrounding SAP security by watching Turnkey’s video series.

RountableVideo