Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
We've put together a comprehensive list of frequently asked questions - along with our responses - to the most common GRC and SAP security issues.
1 March 2023

Why SAP should be included in your Enterprise Identity Strategy

Aligning SAP with enterprise identity and access management (IAM) has become increasingly important in today's digital landscape.  With SAP being a critical IT asset for many organisations, it holds sensitive information and operates key business processes, making it a target for cybercriminals. Integrating SAP into IAM can reduce the risk of cyber-attacks and improve user experience and operational efficiency, therefore providing a return on investment.

However, despite the many benefits, SAP is often excluded from IAM programmes due to the shortage of specialist skills and tools, and perceived complexity.  Often SAP teams don’t have the necessary resources or expertise to contribute to the identity programme, resulting in SAP being moved to later stages of IAM integration.  And yet SAP is a critical asset to most organisations. Due to SAP’s criticality, it is highly recommended organisations prioritise SAP integration in the early stages of IAM deployment to start addressing the cyber risk related to excessive privilege and unauthorised access.  With the right guidance, support, and targeted IAM solutions, SAP integration can be simplified and addressed early. 

A recent survey of 800 organisations, jointly commissioned by SailPoint and Turnkey, found that while almost all have some form of enterprise identity management, only half integrate SAP and their enterprise IAM system. The report also found that while almost all organisations perform some form of risk analysis on access requests, only 42% perform a risk analysis of the SAP access across other applications to which they have access. Also, interestingly, 40% indicated they believe their SAP roles were not fit for purpose or don't accurately align with the business process they support.  This impacts the ability to adapt as IAM becomes a constraint on how quickly change can occur in these critical applications.

To address these challenges, SailPoint offers Access Risk Management (ARM), which provides a centralised approach to managing identity and performing risk analysis on access requests specific to SAP.  The solution integrates with SAP systems and runs a risk analysis in real time providing visibility of access risks prior to provisioning.  ARM is integrated with SailPoint’s Identity Governance and Administration (IGA) solutions providing the ability to incorporate SAP access risk input into the whole of enterprise access risk.  Additionally, risk analysis of SAP permissions guides the role design process, the output of which builds roles that support the flexibility of business operations and changes in identity during the user lifecycle process.

In addition to assessing access risk, ARM provides SAP privileged access management capability. Designed for SAP firefighter access, it significantly reduces the associated risk by managing and closely monitoring this access.  

Offering the specialist capability of ARM, SailPoint acknowledges that integrating SAP into IGA can be challenging, but with a targeted software solution and experienced guidance, the process can be planned and executed efficiently. The risk reduction benefits of integrating SAP into the enterprise IAM programme are crucial, and it is therefore essential for organisations to prioritise SAP integration in the early stages of the IAM programme.

In conclusion, aligning SAP with enterprise IAM can have significant benefits, including reduced cyber risk, improved user experience, and enhanced operational efficiency. Organisations should prioritise SAP integration in the early stages of IAM deployment to realise the full benefits of this integration.


Watch Rob Tyler's talk from SailPoint Navigate 2022




About Turnkey Consulting

Turnkey Consultings mission is to make the world a safer place to do business. A specialist risk and security company, it combines business consulting with technical implementation to supply information security solutions that support systems running complex ERP and business critical solutions. Turnkey focuses on delivering specialised services around risk, security and identity management, working with service providers, audit partners and clients directly to provide the security controls and solutions that safeguard and complement the implementation of enterprise systems. Clients include some of the world's largest blue-chip companies alongside systems integrators and a number of government agencies.

The company was established in 2004 and has offices in the UK, Australia, France, Germany, Malaysia, Singapore and the US.

Follow Turnkey Consulting on LinkedIn and Twitter