Security and compliance are a hot topic these days, which is why SAP Insider sat down with the SAP experts at Fastpath for a webcast Q&A and answered questions on everything from audits involving non-SAP systems in an SAP landscape to the ownership of a company’s security program and its budget.
This 9-part blog series offers valuable insights into dealing with security and audits. With SAP’s built-in functionality, supported by technology like Fastpath and experts in security, you can take the pain out of the process. By implementing processes, taking a risk-based approach, and getting the right controls in place, you can meet the demands of your auditors and ensure you have a top-notch security program.
Security and Compliance for SAP, Part 8: Comparing the Risks Between SAP ECC and SAP CRM
With SAP’s built-in functionality, supported by technology like Fastpath and experts in security, you can take the pain out of the process. By implementing processes, taking a risk-based approach, and getting the right controls in place, you can meet the demands of your auditors and ensure you have a top-notch security program. The series so far includes:
- Part 1: Using processes and a risk-based approach
- Part 2: How to handle custom transaction code
- Part 3: How to talk to auditors about non-SAP systems in an SAP landscape
- Part 4: Granting user access – who, why, and how much
- Part 5: Ownership of your security program and its budget
- Part 6: Cybersecurity is important, but don't forget about internal threats!
- Part 7: Using Fastpath With SAP GRC And Non-SAP Identity Management Solutions
Part 8 compares the risks between SAP ECC and SAP CRM.
SAP Security: Comparing the Risks Between SAP ECC & SAP CRM
"We use SAP ECC and SAP CRM. is it possible to determine risks between these two systems?"
This is a popular, relevant, and very important question because access between multiple systems is critical for SAP users. As we all know, in SAP, users wear many hats. These users show up in not only SAP and potentially in CRM, but sometimes in a third party or different legacy system.
At Fastpath, the goal is for any solution you use to be able to analyze the risk between all of your systems. We integrate with SAP CRM as well as SAP ECC. We then map these two together, creating a rule set between the two that identifies the risk between those environments specifically.
This leads into a discussion about cross-platform that we covered in the third blog in this series, Talking to Auditors About Non-SAP Systems in Your SAP Landscape. The cross-platform concept is becoming more commonly discussed by auditors. They have questions not only around ERP, but around many different types of business systems—often about users who have profiles in SAP as well as other systems. You need the ability to look at your systems cumulatively, or cross-platform, for SoD conflicts. If you've taken a risk-based approach to evaluating your other key business systems, particularly the data they contain, you have put the appropriate controls in place to cover this need.
Keep in mind that ERP is changing: Best-of-breed systems are back, and they are all connected through the cloud, so you need to be able to analyze risk, identify your critical systems, and get those controls and cross-platform SoD analysis in place.
Another step in taking the sting out of dealing with a security program is having tools like Fastpath to help you prepare for SoD conflicts in multiple systems that work with SAP ECC and CRM.
Stay tuned for additional blogs in this series. Want them all at a glance? Check out the first blog which will have all 9 links once they are all published.