Security and compliance are a hot topic these days, which is why SAP Insider sat down with the SAP experts at Fastpath for a webcast Q&A and answered questions on everything from audits involving non-SAP systems in an SAP landscape to who owns a company’s security program and its budget.
This 9-part blog series provides insights into many aspects of dealing with security and audits in an SAP environment. SAP’s built-in functionality, supported by Fastpath and experts in security, helps you take the sting out of the process. By following 3 basic principles—implementing processes, taking a risk-based approach, and getting the right controls in place—your organization can meet your audit demands and ensure an excellent security program.
Security and Compliance for SAP, Part 7: Using Fastpath with SAP GRC and Non-SAP Identity Management Solutions
With SAP’s built-in functionality, supported by technology like Fastpath and experts in security, you can take the pain out of the process. By implementing processes, taking a risk-based approach, and getting the right controls in place, you can meet the demands of your auditors and ensure you have a top-notch security program. The series so far includes:
- Part 1: Using processes and a risk-based approach
- Part 2: How to handle custom transaction code
- Part 3: How to talk to auditors about non-SAP systems in an SAP landscape
- Part 4: Granting user access – who, why, and how much
- Part 5: Ownership of your security program and its budget
- Part 6: Cybersecurity is important, but don't forget about internal threats!
Part 7 discusses how Fastpath provides integration options for the SAP GRC solution as well as with non-SAP identity management solutions.
SAP Security: How to use Fastpath When You Also Have Other Identity Management Systems
When it comes to identity management, the idea is to be able to address risks in a preventative fashion on the front end. That’s why Fastpath focuses on integrating everything into one aspect.
Fastpath’s solutions are always built around risk and how we either prevent or detect risks. We offer native integrations to several identity management tools, but we have also connected to a number of additional applications as well by taking the analysis that is “born” in Fastpath—from our segregation of duties, application, and connection to SAP natively, where we're reading roles, permissions, and authorization objects, and identifying where there is segregation of duties to be concerned about—and delivering that back into an identity management solution, which is doing the provisioning.
However, not only does Fastpath integrate with SAP, S4 HANA, but we also integrate with GRC. We think of that as providing value, where we can analyze the SoD risk, analyze the rules that are set up in a GRC system already, and provide access to, for example, an open API to a third party that wants to just look into Fastpath and say, "Okay, we have this user, these are the permissions we want to add in our identity management tool."
You can use Fastpath to tell you what's going to happen by doing a simulation of what the GRC rule set looks like, and then report that back to the identity management software before it happens. So, you can be fully aware of the change being made, how many (if any) conflicts with SAP GRC are being created, and then provide that data to the third-party identity management tool, so the approver of that request can see what's going to happen before it actually happens.
Remember that you can tap into the power of Fastpath regardless of which identity management tool you’re using to help you stay on top of potential SoD issues before they happen.
Stay tuned for additional blogs in this series. Want them all at a glance? Check out the first blog which will have all 9 links once they are all published.