Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
Bedrock Managed Service
Scalable support and on-demand expertise that seamlessly integrates with your existing operations.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Partners
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Careers
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Blogs
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
7 January 2021

Challenges of integrating SAP ERP's with Identity Management strategy

Striking a balance between risk, security and business enablement is a constant challenge for any organisation. SAP ERP solutions are typically business-critical to the organisation so ensuring that these critical platforms and their modules are available, accessible and delivering key functions to the organisation, whilst balancing the risks associated to granting access, at all times is imperative to the operation of the company.

SAP environments are often comprised of multiple applications, many of which are customised specifically to the business requirements of each customer. 

Access to SAP modules and systems often grows organically, as new functionality is introduced by each phase of implementation, or acquisitions. This can result in a lack of a single, homogenous and job-aligned access strategy across the estate - similar to the challenges in provisioning across the whole IT estate, and what we're trying to solve with enterprise Identity Access Management.

In order to control access to these applications, a complex access hierarchy is required to govern thousands of transaction codes and authorisation objects for multiple role types. This gives people the access that they need to perform their role. 

This complexity makes it difficult to enforce consistent access policies to ensure the right users have access to the right resources, eventually leading to gaps in security and compliance. This is where SAP GRC (or other SoD Tooling) helps to balance the fine-grained access hierarchy, with the ability to  identify segregation of duty and sensitive access risks, not available to such a detailed level in Identity Access Management (IAM) platforms.

Integrating SAP and GRC systems to an appropriate IAM system solves these issues. IAM systems can automate provisioning, help reduce compliance risk by integrating with SoD tooling and simplify employee changes in the organisation from when they join the organisation, as they move between different roles, and help manage their off-boarding. 

However, this integration comes with a few challenges which you need to be aware of: 

Data

Data consistency across all SAP systems cannot be taken for granted, especially when dealing with old SAP estates. This can lead to difficulties in data unification. 

This is less problematic when SAP HR is in place, however this isn't necessarily integrated across the estate.

 

User Access Risk

Maintaining the fine-grained risk management and control over user and role access, including the appropriate management of Segregation of Duties and Critical and Sensitive risk, requires the right set of skills and an understanding of the least privileged role concepts. This needs to be maintained whilst also balancing the needs for the user community to perform tasks related to their day job. 

 

Technical Skills

Implementing the integration between SAP systems and the IAM solution requires a range of skills and some knowledge about the architecture of the solutions involved. It also requires knowledge of the business processes, and the associated risks, in order to be able to interpret the risk output in context of the jobs being provisioned.

 

Change Management

Keeping consistency between SAP and IAM user experience can impact the success on the processing that happens behind the UIs. 

 

Meeting Business Goals

Choosing the right IAM product can be challenging. This needs to offer the flexibility to meet the business goals of the SAP systems, as any delay or complexity in the delivery of the integration will impact the ability to realise the benefits to the SAP application(s) to help you meet your strategic business goals.