Aligning SAP with enterprise identity and access management (IAM) has become increasingly important in today's digital landscape. With SAP being a critical IT asset for many organisations, it holds sensitive information and operates key business processes, making it a target for cybercriminals. Integrating SAP into IAM can reduce the risk of cyber-attacks and improve user experience and operational efficiency, therefore providing a return on investment.
However, despite the many benefits, SAP is often excluded from IAM programmes due to the shortage of specialist skills and tools, and perceived complexity. Often SAP teams don’t have the necessary resources or expertise to contribute to the identity programme, resulting in SAP being moved to later stages of IAM integration. And yet SAP is a critical asset to most organisations. Due to SAP’s criticality, it is highly recommended organisations prioritise SAP integration in the early stages of IAM deployment to start addressing the cyber risk related to excessive privilege and unauthorised access. With the right guidance, support, and targeted IAM solutions, SAP integration can be simplified and addressed early.
A recent survey of 800 organisations, jointly commissioned by SailPoint and Turnkey, found that while almost all have some form of enterprise identity management, only half integrate SAP and their enterprise IAM system. The report also found that while almost all organisations perform some form of risk analysis on access requests, only 42% perform a risk analysis of the SAP access across other applications to which they have access. Also, interestingly, 40% indicated they believe their SAP roles were not fit for purpose or don't accurately align with the business process they support. This impacts the ability to adapt as IAM becomes a constraint on how quickly change can occur in these critical applications.
To address these challenges, SailPoint offers Access Risk Management (ARM), which provides a centralised approach to managing identity and performing risk analysis on access requests specific to SAP. The solution integrates with SAP systems and runs a risk analysis in real time providing visibility of access risks prior to provisioning. ARM is integrated with SailPoint’s Identity Governance and Administration (IGA) solutions providing the ability to incorporate SAP access risk input into the whole of enterprise access risk. Additionally, risk analysis of SAP permissions guides the role design process, the output of which builds roles that support the flexibility of business operations and changes in identity during the user lifecycle process.
In addition to assessing access risk, ARM provides SAP privileged access management capability. Designed for SAP firefighter access, it significantly reduces the associated risk by managing and closely monitoring this access.
Offering the specialist capability of ARM, SailPoint acknowledges that integrating SAP into IGA can be challenging, but with a targeted software solution and experienced guidance, the process can be planned and executed efficiently. The risk reduction benefits of integrating SAP into the enterprise IAM programme are crucial, and it is therefore essential for organisations to prioritise SAP integration in the early stages of the IAM programme.
In conclusion, aligning SAP with enterprise IAM can have significant benefits, including reduced cyber risk, improved user experience, and enhanced operational efficiency. Organisations should prioritise SAP integration in the early stages of IAM deployment to realise the full benefits of this integration.
Watch Rob Tyler's talk from SailPoint Navigate 2022
About Turnkey Consulting
Turnkey Consulting’s mission is to make the world a safer place to do business. A specialist risk and security company, it combines business consulting with technical implementation to supply information security solutions that support systems running complex ERP and business critical solutions. Turnkey focuses on delivering specialised services around risk, security and identity management, working with service providers, audit partners and clients directly to provide the security controls and solutions that safeguard and complement the implementation of enterprise systems. Clients include some of the world's largest blue-chip companies alongside systems integrators and a number of government agencies.
The company was established in 2004 and has offices in the UK, Australia, France, Germany, Malaysia, Singapore and the US.