SlideShare uma empresa Scribd logo

Implementing Process Controls and Risk Management for SAP Environments

Novell
Novell

The document discusses Novell's Compliance Management Platform and its extension for SAP environments. The platform provides integrated identity and security management through components like Identity Vault, Identity Manager, Sentinel, and Access Manager. The extension for SAP includes tools like a Role Mapping Administrator and enhanced SAP drivers. It aims to develop synergies between Identity Manager and SAP BusinessObjects Access Control for improved provisioning, access control, risk analysis, and monitoring capabilities. Three scenarios are presented showing how provisioning and access control can be integrated between the solutions.

1 de 41
Baixar para ler offline
Implementing Process Controls and Risk Management with Novell Compliance Management Platform ® extension for SAP Environments Mark Worwetz Volker Scheuber Senior Engineering Manager Consulting Engineer Novell Inc./mworwetz@novell.com Novell Inc./vscheuber@novell.com
Novell Compliance Management ® Platform • Integrated Identity and Security Management Platform – Software Components > Identity Vault > Novell Identity Manager with Roles Based Provisioning Module (RBPM) ® > Novell Sentinel ® ™ > Novell Access Manager ® ™ – Tools > Designer for Novell Identity Manager > Analyzer for Novell Identity Manager – Solution Content > Integrated Provisioning and Access Control Policies and Workflows > Identity Tracking > Identity and Security Monitoring and Reporting 2 © Novell, Inc. All rights reserved.
Extension for SAP Environments • Role Mapping Administrator – Tool for mapping SAP-specific authorizations to RBPM Business Roles • SAP Drivers – New or Enhanced – SAP User Management Fanout Driver – SAP Business Logic Driver – SAP Portal (UME) Driver – SAP BusinessObjects Access Control Driver • SAP Solution Pack – SAP-specific Sentinel Content • SAP-specific Identity Manager Content – Driver Configurations, Policies, Workflows 3 © Novell, Inc. All rights reserved.
Technical Integration Goals • Develop SAP-Oriented Solution Synergies – Allow Identity Manager customers to utilize the advanced Segregation of Duties and Risk Analysis/Remediation capabilities of SAP BusinessObjects Access Control – Extend the reach of SAP BusinessObjects Access Control to other Enterprise Systems via Identity Manager – Integrate Sentinel with the SAP Computing Center Management System ™ (CCMS) – Provide an SAP Solution Pack for Sentinel • Extend Existing Integrations with SAP Products – SAP ERP Human Capital Management (HCM) – SAP User Management – SAP User Management Engine (UME) • Provide a Roles-based Entitlement Content Framework 4 © Novell, Inc. All rights reserved.
Scenario 1: SAP User Provisioning
IDM Provisioning of SAP Users SAP HCM (ABAP) SAP Portal Abby Spencer Sales Rep SAP CRM (ABAP) Monitoring and Reporting 6 © Novell, Inc. All rights reserved.
IDM Provisioning of SAP Users SAP HCM (ABAP) SAP Portal Abby Spencer Mtn Region Sales Rep Sales Rep SAP CRM (ABAP) Monitoring and Reporting 7 © Novell, Inc. All rights reserved.
IDM Provisioning of SAP Users SAP HCM (Self-Service) SAP Portal Sales Rep Abby Spencer Mtn Region Sales Rep Sales Rep SAP CRM (Sales Rep) Monitoring and Reporting 8 © Novell, Inc. All rights reserved.
Role to Authorization Mapping Role “IT Specialist” • SAP System N4S (CRM) Client 100 – Single Role: SAP_ALM_ADMINISTRATOR – Single Role: SAP_BC_BASIS_ADMIN – Single Role: SAP_BC_DB_ADMIN – Composite Role: SAP_BC_MID_ALE_ADMIN • SAP System S7H (HR - SAPABAP) Client 300 – Profile: SAP_ALL • SAP Portal (CRM Portal) – Group: /VIRSA/VFAT_ADMINISTRATOR – Role: Administrator 9 © Novell, Inc. All rights reserved.
Role Mapping Administrator 10 © Novell, Inc. All rights reserved.
Scenario 2: SAP User Provisioning using SAP BusinessObjects Access Control
IDM Provisioning to Access Control Monitoring and Reporting 12 © Novell, Inc. All rights reserved.
Additional Security Benefits • Roles for all SAP systems are aggregated in Access Control • Risk Analysis can be run for all SAP role assignment requests • Risk Mitigation can be performed prior to approval of role assignments • IDM exposes the results of SAP Risk Analysis in Provisioning Workflow – Provides critical risk information to Role Approver – Provides information to guide tuning of Enterprise Role Model and Process Controls • Leaves the ultimate decision on SAP Provisioning Security in the domain of the SAP System and Business Owners 13 © Novell, Inc. All rights reserved.
SAP Risk Analysis Results 14 © Novell, Inc. All rights reserved.
IDM Provisioning Request Results 15 © Novell, Inc. All rights reserved.
Scenario 3: IDM User Provisioning using SAP BusinessObjects Access Control
Access Control Provisioning to IDM Monitoring and Reporting 17 © Novell, Inc. All rights reserved.
Scenario Characteristics • Roles for non-SAP systems are imported to Access Control • Risk Analysis Rules can be implemented for non-SAP systems • Risk Mitigation can be performed prior to requesting provisioning of role assignments to non-SAP systems • IDM can act as a Provisioning Agent to non-SAP systems 18 © Novell, Inc. All rights reserved.
Where Are We Going From Here?
Value Proposition Provide the Platform for a Comprehensive IT Compliance LifeCycle! 20 © Novell, Inc. All rights reserved.
IT Compliance Lifecycle Define business objectives, policies and Key Performance Indicators (KPIs) Evaluate processes and to help meet objectives business objectives to identify and qualify risks Monitor Real time risk and detect risk response Analyze risk versus thresholds Allow business to determine best long-term response 21 © Novell, Inc. All rights reserved.
Typical IT Concerns Never Stop for(;;) { Are the Business Service Level Agreements being met? Are my Employees as Productive as Possible? Is My Infrastructure Compliant? Are my IT System and Application Administrators following established processes? Are my Controls Adequate and Efficient? Are my Control Policies Protected? Can I Verify all of this? } 22 © Novell, Inc. All rights reserved.
Data Gathering... • Novell Compliance Management Platform ability to ® deliver a great deal of data related to IT Systems, Users, Provisioning, Access, etc. 23 © Novell, Inc. All rights reserved.
Plus Risk Management... • Novell Compliance Management Platform ability to ® deliver a great deal of data related to IT Systems, Users, Provisioning, Access, etc. • SAP BusinessObjects Risk Management ability to Identify and Calculate Risk based on data from Key Risk Indicator (KRI) data providers 24 © Novell, Inc. All rights reserved.
SAP BusinessObjects Risk Management Integration • Novell Compliance Management Platform ability to ® deliver a great deal of data related to IT Systems, Users, Provisioning, Access, etc. • SAP BusinessObjects Risk Management ability to Identify and Calculate Risk based on data from Key Risk Indicator (KRI) data providers Enterprise IT Risk Management Solutions! 25 © Novell, Inc. All rights reserved.
Novell IT Key Risk Indicators ® (KRI) • Gather Information about Risky Behaviors – Bad Login Attempts – Password Changes – Authorization Changes • Gather IT Performance Values – Metrics for System Availability – Workflow Run-Times – Provisioning / Deprovisioning Statistics • Monitor the Need for, and Effectiveness of, Controls – Identify Out-of-Policy Administration Activity – Verification of Performance of Control Tasks 26 © Novell, Inc. All rights reserved.
Risk Management Integration • Development of Key Risk Indicator Components – CMP KRI Gateway Driver – IT-related KRIs – KRI Dashboards – KRI Reports • Integration with SAP BusinessObjects Risk Management – Implementation of Event-Based KRI Interfaces – Scenario Development and Documentation 27 © Novell, Inc. All rights reserved.
IT Risk Management Integration 28 © Novell, Inc. All rights reserved.
IT Risk Management Integration (cont.) 29 © Novell, Inc. All rights reserved.
Process Control Integration • Integration with SAP BusinessObjects Process Control – Development of Process Control Alert Adapters > Occurrence of High-Risk Activities > Occurrence of Process Violations > Occurrence of Critical System Outages – Development of Automated Mitigation Controls > Restart Identity Services > Roll-back of Improper Data Changes > Account Locking – Scenario Development and Documentation 30 © Novell, Inc. All rights reserved.
Use Case Scenarios
Scenario 1 Workflow Efficiency • Process Policies: – All Access Approvals are granted via IDM Workflows – All Access Workflows must be completed within 24 hours • Business Problems: – How Long do Workflows really take to complete? – Are there any Bottlenecks in Approval Chains? – What is the current state of my Workflows? – Are my current Policies optimal for the Business? – Are my current Policies meeting my Security Needs? 32 © Novell, Inc. All rights reserved.
Scenario 1 Current View System Assets, Accounts, and Authorizations Role Provisioning 80% = 15% = 5% = Average Time = 36 Hours 33 © Novell, Inc. All rights reserved.
Scenario 1 Workflow Efficiency • Process Policies: – All Access Approvals are Processed via IDM Workflows – All Access Workflows must be completed within 24 hours – All Low Threat Access will have Automated Approval – All Medium Threat Access must have 1 Approval – All High Threat Access must have 2 Approvals 34 © Novell, Inc. All rights reserved.
Scenario 1 Revised Policies Multiple Approvals based on Role Level System Asset Values and Authorization Threats Valued by Asset Owner Automated Approvals based on Role Level 80% = (12 mins) 15% = (8 hours) 5% = (24 hours) Average Time = 2.56 Hours 35 © Novell, Inc. All rights reserved.
Scenario 1 Workflow Efficiency • Process Policies: – All Access Approvals are Processed via IDM Workflows – All Access Workflows must be completed within 24 hours – All Low Threat Access will have Automated Approval – All Medium Threat Access must have 1 Approval – All High Threat Access must have 2 Approvals • Process Improvements: – All Access Approvals are completed faster! – Security Posture Improved! – Bottlenecks Removed! 36 © Novell, Inc. All rights reserved.
Scenario 2 Rogue Administration • Process Policies: – All Access Approvals are granted via IDM Workflows – All Access Rights changes are performed via IDM Drivers after approval • Business Problems: – Can I detect if these policies are violated? – Can I remediate violations at an IT level? – Can Process Owners receive notification of violations? 37 © Novell, Inc. All rights reserved.
Scenario 2 Process Control Jim requests IT to Jim's Acces is reset “Rogue Administration” Temporarily give him in the SAP CRM work flow is started to access rights to perform a system remediate IT security task Novell CMP receives event ® And begins IT and Process remediation Violating Policy, Natasha grants Jim SAP_ALL rights in the SAP CRM system. GRC Process control A notification is sent to forwards the item to Glen to Process administrators review the effect on SAP to remediate controls applications violation 38 © Novell, Inc. All rights reserved.
Questions and Answers
Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

Recomendados

What an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud ProviderWhat an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud ProviderNovell
 
Novell Success Stories: Collaboration in Government
Novell Success Stories: Collaboration in GovernmentNovell Success Stories: Collaboration in Government
Novell Success Stories: Collaboration in GovernmentNovell
 
Best Practices for Administering Novell GroupWise 8
Best Practices for Administering Novell GroupWise 8Best Practices for Administering Novell GroupWise 8
Best Practices for Administering Novell GroupWise 8Novell
 
Novell Success Stories: Endpoint Management in Retail and Manufacturing
Novell Success Stories: Endpoint Management in Retail and ManufacturingNovell Success Stories: Endpoint Management in Retail and Manufacturing
Novell Success Stories: Endpoint Management in Retail and ManufacturingNovell
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell
 
Novell Success Stories: Endpoint Management for Nonprofits
Novell Success Stories: Endpoint Management for NonprofitsNovell Success Stories: Endpoint Management for Nonprofits
Novell Success Stories: Endpoint Management for NonprofitsNovell
 
A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...
A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...
A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...Novell
 
21st Century SOA
21st Century SOA21st Century SOA
21st Century SOABob Rhubart
 

Recomendados

What an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud ProviderWhat an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud ProviderNovell
 
Novell Success Stories: Collaboration in Government
Novell Success Stories: Collaboration in GovernmentNovell Success Stories: Collaboration in Government
Novell Success Stories: Collaboration in GovernmentNovell
 
Best Practices for Administering Novell GroupWise 8
Best Practices for Administering Novell GroupWise 8Best Practices for Administering Novell GroupWise 8
Best Practices for Administering Novell GroupWise 8Novell
 
Novell Success Stories: Endpoint Management in Retail and Manufacturing
Novell Success Stories: Endpoint Management in Retail and ManufacturingNovell Success Stories: Endpoint Management in Retail and Manufacturing
Novell Success Stories: Endpoint Management in Retail and ManufacturingNovell
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell
 
Novell Success Stories: Endpoint Management for Nonprofits
Novell Success Stories: Endpoint Management for NonprofitsNovell Success Stories: Endpoint Management for Nonprofits
Novell Success Stories: Endpoint Management for NonprofitsNovell
 
A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...
A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...
A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...Novell
 
21st Century SOA
21st Century SOA21st Century SOA
21st Century SOABob Rhubart
 
Security in a Cloudy Architecture
Security in a Cloudy ArchitectureSecurity in a Cloudy Architecture
Security in a Cloudy ArchitectureBob Rhubart
 
110531 newlease heads in the clouds feet on the ground v2.0 (partner ready) ...
110531 newlease heads in the clouds feet on the ground v2.0 (partner ready) ...110531 newlease heads in the clouds feet on the ground v2.0 (partner ready) ...
110531 newlease heads in the clouds feet on the ground v2.0 (partner ready) ...New Lease
 
Meta soft corporate profile
Meta soft corporate profileMeta soft corporate profile
Meta soft corporate profileMetasoftSolutionsPvtLtd
 
Deadly Sins Bcs Elite
Deadly Sins Bcs EliteDeadly Sins Bcs Elite
Deadly Sins Bcs EliteJon G. Hall
 
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudBob Rhubart
 
Microsoft Forefront - Unified Access Gateway (UAG) Presentation
Microsoft Forefront - Unified Access Gateway (UAG) PresentationMicrosoft Forefront - Unified Access Gateway (UAG) Presentation
Microsoft Forefront - Unified Access Gateway (UAG) PresentationMicrosoft Private Cloud
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
HP Cloud Business - Australia & New Zealand
HP Cloud Business - Australia & New ZealandHP Cloud Business - Australia & New Zealand
HP Cloud Business - Australia & New ZealandDamian Hamilton
 
RightScale Webinar: Compliance in the Cloud
RightScale Webinar: Compliance in the CloudRightScale Webinar: Compliance in the Cloud
RightScale Webinar: Compliance in the CloudRightScale
 
It infrastructure cost reduction vision v5 customer
It infrastructure cost reduction vision v5 customerIt infrastructure cost reduction vision v5 customer
It infrastructure cost reduction vision v5 customerddeschenes99
 
Day 3 p4 - cloud strategy
Day 3 p4 - cloud strategyDay 3 p4 - cloud strategy
Day 3 p4 - cloud strategyLilian Schaffer
 
Dedicated Hosting
Dedicated HostingDedicated Hosting
Dedicated Hostingwebhostingguy
 
How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7CA API Management
 
Communication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/SubscribeCommunication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/SubscribeSumant Tambe
 
2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 Predictions2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 PredictionsFlexera
 
Diagnosability versus The Cloud, Toronto 2011-04-21
Diagnosability versus The Cloud, Toronto 2011-04-21Diagnosability versus The Cloud, Toronto 2011-04-21
Diagnosability versus The Cloud, Toronto 2011-04-21Cary Millsap
 
Repeater customer business presentation 5 nov-12
Repeater customer business presentation 5 nov-12Repeater customer business presentation 5 nov-12
Repeater customer business presentation 5 nov-12Nuno Alves
 
Eci Service Architecture Evolution 1
Eci Service Architecture Evolution 1Eci Service Architecture Evolution 1
Eci Service Architecture Evolution 1David Sprott
 
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...TransWare AG
 
Automating user provisioning with SAP NW BPM
Automating user provisioning with SAP NW BPMAutomating user provisioning with SAP NW BPM
Automating user provisioning with SAP NW BPMBalakrishnan Bala B
 
Hints and Tips for Monitoring SAP
Hints and Tips for Monitoring SAPHints and Tips for Monitoring SAP
Hints and Tips for Monitoring SAPCA Nimsoft
 
Extend SAP processes using IBM BPM Webinar July-2016
Extend SAP processes using IBM BPM Webinar July-2016Extend SAP processes using IBM BPM Webinar July-2016
Extend SAP processes using IBM BPM Webinar July-2016Logan Vadivelu
 

Mais conteúdo relacionado

Mais procurados

Security in a Cloudy Architecture
Security in a Cloudy ArchitectureSecurity in a Cloudy Architecture
Security in a Cloudy ArchitectureBob Rhubart
 
110531 newlease heads in the clouds feet on the ground v2.0 (partner ready) ...
110531 newlease heads in the clouds feet on the ground v2.0 (partner ready) ...110531 newlease heads in the clouds feet on the ground v2.0 (partner ready) ...
110531 newlease heads in the clouds feet on the ground v2.0 (partner ready) ...New Lease
 
Deadly Sins Bcs Elite
Deadly Sins Bcs EliteDeadly Sins Bcs Elite
Deadly Sins Bcs EliteJon G. Hall
 
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudBob Rhubart
 
Microsoft Forefront - Unified Access Gateway (UAG) Presentation
Microsoft Forefront - Unified Access Gateway (UAG) PresentationMicrosoft Forefront - Unified Access Gateway (UAG) Presentation
Microsoft Forefront - Unified Access Gateway (UAG) PresentationMicrosoft Private Cloud
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
HP Cloud Business - Australia & New Zealand
HP Cloud Business - Australia & New ZealandHP Cloud Business - Australia & New Zealand
HP Cloud Business - Australia & New ZealandDamian Hamilton
 
RightScale Webinar: Compliance in the Cloud
RightScale Webinar: Compliance in the CloudRightScale Webinar: Compliance in the Cloud
RightScale Webinar: Compliance in the CloudRightScale
 
It infrastructure cost reduction vision v5 customer
It infrastructure cost reduction vision v5 customerIt infrastructure cost reduction vision v5 customer
It infrastructure cost reduction vision v5 customerddeschenes99
 
Day 3 p4 - cloud strategy
Day 3 p4 - cloud strategyDay 3 p4 - cloud strategy
Day 3 p4 - cloud strategyLilian Schaffer
 
How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7CA API Management
 
Communication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/SubscribeCommunication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/SubscribeSumant Tambe
 
2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 Predictions2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 PredictionsFlexera
 
Diagnosability versus The Cloud, Toronto 2011-04-21
Diagnosability versus The Cloud, Toronto 2011-04-21Diagnosability versus The Cloud, Toronto 2011-04-21
Diagnosability versus The Cloud, Toronto 2011-04-21Cary Millsap
 
Repeater customer business presentation 5 nov-12
Repeater customer business presentation 5 nov-12Repeater customer business presentation 5 nov-12
Repeater customer business presentation 5 nov-12Nuno Alves
 
Eci Service Architecture Evolution 1
Eci Service Architecture Evolution 1Eci Service Architecture Evolution 1
Eci Service Architecture Evolution 1David Sprott
 

Mais procurados (18)

Security in a Cloudy Architecture
Security in a Cloudy ArchitectureSecurity in a Cloudy Architecture
Security in a Cloudy Architecture
 
110531 newlease heads in the clouds feet on the ground v2.0 (partner ready) ...
110531 newlease heads in the clouds feet on the ground v2.0 (partner ready) ...110531 newlease heads in the clouds feet on the ground v2.0 (partner ready) ...
110531 newlease heads in the clouds feet on the ground v2.0 (partner ready) ...
 
Meta soft corporate profile
Meta soft corporate profileMeta soft corporate profile
Meta soft corporate profile
 
Deadly Sins Bcs Elite
Deadly Sins Bcs EliteDeadly Sins Bcs Elite
Deadly Sins Bcs Elite
 
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
 
Microsoft Forefront - Unified Access Gateway (UAG) Presentation
Microsoft Forefront - Unified Access Gateway (UAG) PresentationMicrosoft Forefront - Unified Access Gateway (UAG) Presentation
Microsoft Forefront - Unified Access Gateway (UAG) Presentation
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfee
 
HP Cloud Business - Australia & New Zealand
HP Cloud Business - Australia & New ZealandHP Cloud Business - Australia & New Zealand
HP Cloud Business - Australia & New Zealand
 
RightScale Webinar: Compliance in the Cloud
RightScale Webinar: Compliance in the CloudRightScale Webinar: Compliance in the Cloud
RightScale Webinar: Compliance in the Cloud
 
It infrastructure cost reduction vision v5 customer
It infrastructure cost reduction vision v5 customerIt infrastructure cost reduction vision v5 customer
It infrastructure cost reduction vision v5 customer
 
Day 3 p4 - cloud strategy
Day 3 p4 - cloud strategyDay 3 p4 - cloud strategy
Day 3 p4 - cloud strategy
 
Dedicated Hosting
Dedicated HostingDedicated Hosting
Dedicated Hosting
 
How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7
 
Communication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/SubscribeCommunication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/Subscribe
 
2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 Predictions2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 Predictions
 
Diagnosability versus The Cloud, Toronto 2011-04-21
Diagnosability versus The Cloud, Toronto 2011-04-21Diagnosability versus The Cloud, Toronto 2011-04-21
Diagnosability versus The Cloud, Toronto 2011-04-21
 
Repeater customer business presentation 5 nov-12
Repeater customer business presentation 5 nov-12Repeater customer business presentation 5 nov-12
Repeater customer business presentation 5 nov-12
 
Eci Service Architecture Evolution 1
Eci Service Architecture Evolution 1Eci Service Architecture Evolution 1
Eci Service Architecture Evolution 1
 

Semelhante a Implementing Process Controls and Risk Management for SAP Environments

Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...TransWare AG
 
Automating user provisioning with SAP NW BPM
Automating user provisioning with SAP NW BPMAutomating user provisioning with SAP NW BPM
Automating user provisioning with SAP NW BPMBalakrishnan Bala B
 
Hints and Tips for Monitoring SAP
Hints and Tips for Monitoring SAPHints and Tips for Monitoring SAP
Hints and Tips for Monitoring SAPCA Nimsoft
 
Extend SAP processes using IBM BPM Webinar July-2016
Extend SAP processes using IBM BPM Webinar July-2016Extend SAP processes using IBM BPM Webinar July-2016
Extend SAP processes using IBM BPM Webinar July-2016Logan Vadivelu
 
Sybase Complex Event Processing
Sybase Complex Event ProcessingSybase Complex Event Processing
Sybase Complex Event ProcessingSybase Türkiye
 
SAP Staffing Practice
SAP Staffing PracticeSAP Staffing Practice
SAP Staffing Practiceguest5c9d51
 
Mindtree SAP Practice.
Mindtree SAP Practice.Mindtree SAP Practice.
Mindtree SAP Practice.Mindtree Ltd.
 
SaaS PPM - How Do You Know When It's Right For You? EPM Live Webinar Presenta...
SaaS PPM - How Do You Know When It's Right For You? EPM Live Webinar Presenta...SaaS PPM - How Do You Know When It's Right For You? EPM Live Webinar Presenta...
SaaS PPM - How Do You Know When It's Right For You? EPM Live Webinar Presenta...EPM Live
 
Sap Supplier Risk Performance 2011
Sap Supplier Risk Performance 2011Sap Supplier Risk Performance 2011
Sap Supplier Risk Performance 2011Henner Schliebs
 
Become A Best Run Inecom Client - Remote Services Platform
Become A Best Run Inecom Client - Remote Services PlatformBecome A Best Run Inecom Client - Remote Services Platform
Become A Best Run Inecom Client - Remote Services PlatformInecom001
 
Be the Data Hero in Your Organization with SAP and CA Analytic Solutions
Be the Data Hero in Your Organization with SAP and CA Analytic SolutionsBe the Data Hero in Your Organization with SAP and CA Analytic Solutions
Be the Data Hero in Your Organization with SAP and CA Analytic SolutionsCA Technologies
 
Introduction to sap erp
Introduction to sap erpIntroduction to sap erp
Introduction to sap erpbabloo6
 

Semelhante a Implementing Process Controls and Risk Management for SAP Environments (20)

Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
 
Automating user provisioning with SAP NW BPM
Automating user provisioning with SAP NW BPMAutomating user provisioning with SAP NW BPM
Automating user provisioning with SAP NW BPM
 
Hints and Tips for Monitoring SAP
Hints and Tips for Monitoring SAPHints and Tips for Monitoring SAP
Hints and Tips for Monitoring SAP
 
Extend SAP processes using IBM BPM Webinar July-2016
Extend SAP processes using IBM BPM Webinar July-2016Extend SAP processes using IBM BPM Webinar July-2016
Extend SAP processes using IBM BPM Webinar July-2016
 
Sybase Complex Event Processing
Sybase Complex Event ProcessingSybase Complex Event Processing
Sybase Complex Event Processing
 
Sap
SapSap
Sap
 
SAP Staffing Practice
SAP Staffing PracticeSAP Staffing Practice
SAP Staffing Practice
 
Mindtree SAP Practice.
Mindtree SAP Practice.Mindtree SAP Practice.
Mindtree SAP Practice.
 
SaaS PPM - How Do You Know When It's Right For You? EPM Live Webinar Presenta...
SaaS PPM - How Do You Know When It's Right For You? EPM Live Webinar Presenta...SaaS PPM - How Do You Know When It's Right For You? EPM Live Webinar Presenta...
SaaS PPM - How Do You Know When It's Right For You? EPM Live Webinar Presenta...
 
Sap Supplier Risk Performance 2011
Sap Supplier Risk Performance 2011Sap Supplier Risk Performance 2011
Sap Supplier Risk Performance 2011
 
Become A Best Run Inecom Client - Remote Services Platform
Become A Best Run Inecom Client - Remote Services PlatformBecome A Best Run Inecom Client - Remote Services Platform
Become A Best Run Inecom Client - Remote Services Platform
 
101 ab 1600-1630
101 ab 1600-1630101 ab 1600-1630
101 ab 1600-1630
 
101 ab 1600-1630
101 ab 1600-1630101 ab 1600-1630
101 ab 1600-1630
 
Sap overview
Sap overviewSap overview
Sap overview
 
Sap overview
Sap overviewSap overview
Sap overview
 
RoadMap de Integración SAP BW & SAP BO
RoadMap de Integración SAP BW & SAP BORoadMap de Integración SAP BW & SAP BO
RoadMap de Integración SAP BW & SAP BO
 
Be the Data Hero in Your Organization with SAP and CA Analytic Solutions
Be the Data Hero in Your Organization with SAP and CA Analytic SolutionsBe the Data Hero in Your Organization with SAP and CA Analytic Solutions
Be the Data Hero in Your Organization with SAP and CA Analytic Solutions
 
Sap mobile apps_catalog
Sap mobile apps_catalogSap mobile apps_catalog
Sap mobile apps_catalog
 
NetWeaver Gateway- Extend the Reach of SAP Applications
NetWeaver Gateway- Extend the Reach of SAP ApplicationsNetWeaver Gateway- Extend the Reach of SAP Applications
NetWeaver Gateway- Extend the Reach of SAP Applications
 
Introduction to sap erp
Introduction to sap erpIntroduction to sap erp
Introduction to sap erp
 

Mais de Novell

Filr white paper
Filr white paperFilr white paper
Filr white paperNovell
 
Social media class 4 v2
Social media class 4 v2Social media class 4 v2
Social media class 4 v2Novell
 
Social media class 3
Social media class 3Social media class 3
Social media class 3Novell
 
Social media class 2
Social media class 2Social media class 2
Social media class 2Novell
 
Social media class 1
Social media class 1Social media class 1
Social media class 1Novell
 
Social media class 2 v2
Social media class 2 v2Social media class 2 v2
Social media class 2 v2Novell
 
LinkedIn training presentation
LinkedIn training presentationLinkedIn training presentation
LinkedIn training presentationNovell
 
Twitter training presentation
Twitter training presentationTwitter training presentation
Twitter training presentationNovell
 
Getting started with social media
Getting started with social mediaGetting started with social media
Getting started with social mediaNovell
 
Strategies for sharing and commenting in social media
Strategies for sharing and commenting in social mediaStrategies for sharing and commenting in social media
Strategies for sharing and commenting in social mediaNovell
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHNovell
 
Workload iq final
Workload iq finalWorkload iq final
Workload iq finalNovell
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused EnterpriseNovell
 
Shining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of SocialShining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of SocialNovell
 
Accelerate to the Cloud
Accelerate to the CloudAccelerate to the Cloud
Accelerate to the CloudNovell
 
The New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration TrendsThe New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration TrendsNovell
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementNovell
 
Iaas for a demanding business
Iaas for a demanding businessIaas for a demanding business
Iaas for a demanding businessNovell
 
Workload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachWorkload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachNovell
 
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...Novell
 

Mais de Novell (20)

Filr white paper
Filr white paperFilr white paper
Filr white paper
 
Social media class 4 v2
Social media class 4 v2Social media class 4 v2
Social media class 4 v2
 
Social media class 3
Social media class 3Social media class 3
Social media class 3
 
Social media class 2
Social media class 2Social media class 2
Social media class 2
 
Social media class 1
Social media class 1Social media class 1
Social media class 1
 
Social media class 2 v2
Social media class 2 v2Social media class 2 v2
Social media class 2 v2
 
LinkedIn training presentation
LinkedIn training presentationLinkedIn training presentation
LinkedIn training presentation
 
Twitter training presentation
Twitter training presentationTwitter training presentation
Twitter training presentation
 
Getting started with social media
Getting started with social mediaGetting started with social media
Getting started with social media
 
Strategies for sharing and commenting in social media
Strategies for sharing and commenting in social mediaStrategies for sharing and commenting in social media
Strategies for sharing and commenting in social media
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
 
Workload iq final
Workload iq finalWorkload iq final
Workload iq final
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused Enterprise
 
Shining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of SocialShining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of Social
 
Accelerate to the Cloud
Accelerate to the CloudAccelerate to the Cloud
Accelerate to the Cloud
 
The New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration TrendsThe New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration Trends
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
 
Iaas for a demanding business
Iaas for a demanding businessIaas for a demanding business
Iaas for a demanding business
 
Workload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachWorkload IQ: A Differentiated Approach
Workload IQ: A Differentiated Approach
 
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
 

Implementing Process Controls and Risk Management for SAP Environments

  • 1. Implementing Process Controls and Risk Management with Novell Compliance Management Platform ® extension for SAP Environments Mark Worwetz Volker Scheuber Senior Engineering Manager Consulting Engineer Novell Inc./mworwetz@novell.com Novell Inc./vscheuber@novell.com
  • 2. Novell Compliance Management ® Platform • Integrated Identity and Security Management Platform – Software Components > Identity Vault > Novell Identity Manager with Roles Based Provisioning Module (RBPM) ® > Novell Sentinel ® ™ > Novell Access Manager ® ™ – Tools > Designer for Novell Identity Manager > Analyzer for Novell Identity Manager – Solution Content > Integrated Provisioning and Access Control Policies and Workflows > Identity Tracking > Identity and Security Monitoring and Reporting 2 © Novell, Inc. All rights reserved.
  • 3. Extension for SAP Environments • Role Mapping Administrator – Tool for mapping SAP-specific authorizations to RBPM Business Roles • SAP Drivers – New or Enhanced – SAP User Management Fanout Driver – SAP Business Logic Driver – SAP Portal (UME) Driver – SAP BusinessObjects Access Control Driver • SAP Solution Pack – SAP-specific Sentinel Content • SAP-specific Identity Manager Content – Driver Configurations, Policies, Workflows 3 © Novell, Inc. All rights reserved.
  • 4. Technical Integration Goals • Develop SAP-Oriented Solution Synergies – Allow Identity Manager customers to utilize the advanced Segregation of Duties and Risk Analysis/Remediation capabilities of SAP BusinessObjects Access Control – Extend the reach of SAP BusinessObjects Access Control to other Enterprise Systems via Identity Manager – Integrate Sentinel with the SAP Computing Center Management System ™ (CCMS) – Provide an SAP Solution Pack for Sentinel • Extend Existing Integrations with SAP Products – SAP ERP Human Capital Management (HCM) – SAP User Management – SAP User Management Engine (UME) • Provide a Roles-based Entitlement Content Framework 4 © Novell, Inc. All rights reserved.
  • 5. Scenario 1: SAP User Provisioning
  • 6. IDM Provisioning of SAP Users SAP HCM (ABAP) SAP Portal Abby Spencer Sales Rep SAP CRM (ABAP) Monitoring and Reporting 6 © Novell, Inc. All rights reserved.
  • 7. IDM Provisioning of SAP Users SAP HCM (ABAP) SAP Portal Abby Spencer Mtn Region Sales Rep Sales Rep SAP CRM (ABAP) Monitoring and Reporting 7 © Novell, Inc. All rights reserved.
  • 8. IDM Provisioning of SAP Users SAP HCM (Self-Service) SAP Portal Sales Rep Abby Spencer Mtn Region Sales Rep Sales Rep SAP CRM (Sales Rep) Monitoring and Reporting 8 © Novell, Inc. All rights reserved.
  • 9. Role to Authorization Mapping Role “IT Specialist” • SAP System N4S (CRM) Client 100 – Single Role: SAP_ALM_ADMINISTRATOR – Single Role: SAP_BC_BASIS_ADMIN – Single Role: SAP_BC_DB_ADMIN – Composite Role: SAP_BC_MID_ALE_ADMIN • SAP System S7H (HR - SAPABAP) Client 300 – Profile: SAP_ALL • SAP Portal (CRM Portal) – Group: /VIRSA/VFAT_ADMINISTRATOR – Role: Administrator 9 © Novell, Inc. All rights reserved.
  • 10. Role Mapping Administrator 10 © Novell, Inc. All rights reserved.
  • 11. Scenario 2: SAP User Provisioning using SAP BusinessObjects Access Control
  • 12. IDM Provisioning to Access Control Monitoring and Reporting 12 © Novell, Inc. All rights reserved.
  • 13. Additional Security Benefits • Roles for all SAP systems are aggregated in Access Control • Risk Analysis can be run for all SAP role assignment requests • Risk Mitigation can be performed prior to approval of role assignments • IDM exposes the results of SAP Risk Analysis in Provisioning Workflow – Provides critical risk information to Role Approver – Provides information to guide tuning of Enterprise Role Model and Process Controls • Leaves the ultimate decision on SAP Provisioning Security in the domain of the SAP System and Business Owners 13 © Novell, Inc. All rights reserved.
  • 14. SAP Risk Analysis Results 14 © Novell, Inc. All rights reserved.
  • 15. IDM Provisioning Request Results 15 © Novell, Inc. All rights reserved.
  • 16. Scenario 3: IDM User Provisioning using SAP BusinessObjects Access Control
  • 17. Access Control Provisioning to IDM Monitoring and Reporting 17 © Novell, Inc. All rights reserved.
  • 18. Scenario Characteristics • Roles for non-SAP systems are imported to Access Control • Risk Analysis Rules can be implemented for non-SAP systems • Risk Mitigation can be performed prior to requesting provisioning of role assignments to non-SAP systems • IDM can act as a Provisioning Agent to non-SAP systems 18 © Novell, Inc. All rights reserved.
  • 19. Where Are We Going From Here?
  • 20. Value Proposition Provide the Platform for a Comprehensive IT Compliance LifeCycle! 20 © Novell, Inc. All rights reserved.
  • 21. IT Compliance Lifecycle Define business objectives, policies and Key Performance Indicators (KPIs) Evaluate processes and to help meet objectives business objectives to identify and qualify risks Monitor Real time risk and detect risk response Analyze risk versus thresholds Allow business to determine best long-term response 21 © Novell, Inc. All rights reserved.
  • 22. Typical IT Concerns Never Stop for(;;) { Are the Business Service Level Agreements being met? Are my Employees as Productive as Possible? Is My Infrastructure Compliant? Are my IT System and Application Administrators following established processes? Are my Controls Adequate and Efficient? Are my Control Policies Protected? Can I Verify all of this? } 22 © Novell, Inc. All rights reserved.
  • 23. Data Gathering... • Novell Compliance Management Platform ability to ® deliver a great deal of data related to IT Systems, Users, Provisioning, Access, etc. 23 © Novell, Inc. All rights reserved.
  • 24. Plus Risk Management... • Novell Compliance Management Platform ability to ® deliver a great deal of data related to IT Systems, Users, Provisioning, Access, etc. • SAP BusinessObjects Risk Management ability to Identify and Calculate Risk based on data from Key Risk Indicator (KRI) data providers 24 © Novell, Inc. All rights reserved.
  • 25. SAP BusinessObjects Risk Management Integration • Novell Compliance Management Platform ability to ® deliver a great deal of data related to IT Systems, Users, Provisioning, Access, etc. • SAP BusinessObjects Risk Management ability to Identify and Calculate Risk based on data from Key Risk Indicator (KRI) data providers Enterprise IT Risk Management Solutions! 25 © Novell, Inc. All rights reserved.
  • 26. Novell IT Key Risk Indicators ® (KRI) • Gather Information about Risky Behaviors – Bad Login Attempts – Password Changes – Authorization Changes • Gather IT Performance Values – Metrics for System Availability – Workflow Run-Times – Provisioning / Deprovisioning Statistics • Monitor the Need for, and Effectiveness of, Controls – Identify Out-of-Policy Administration Activity – Verification of Performance of Control Tasks 26 © Novell, Inc. All rights reserved.
  • 27. Risk Management Integration • Development of Key Risk Indicator Components – CMP KRI Gateway Driver – IT-related KRIs – KRI Dashboards – KRI Reports • Integration with SAP BusinessObjects Risk Management – Implementation of Event-Based KRI Interfaces – Scenario Development and Documentation 27 © Novell, Inc. All rights reserved.
  • 28. IT Risk Management Integration 28 © Novell, Inc. All rights reserved.
  • 29. IT Risk Management Integration (cont.) 29 © Novell, Inc. All rights reserved.
  • 30. Process Control Integration • Integration with SAP BusinessObjects Process Control – Development of Process Control Alert Adapters > Occurrence of High-Risk Activities > Occurrence of Process Violations > Occurrence of Critical System Outages – Development of Automated Mitigation Controls > Restart Identity Services > Roll-back of Improper Data Changes > Account Locking – Scenario Development and Documentation 30 © Novell, Inc. All rights reserved.
  • 32. Scenario 1 Workflow Efficiency • Process Policies: – All Access Approvals are granted via IDM Workflows – All Access Workflows must be completed within 24 hours • Business Problems: – How Long do Workflows really take to complete? – Are there any Bottlenecks in Approval Chains? – What is the current state of my Workflows? – Are my current Policies optimal for the Business? – Are my current Policies meeting my Security Needs? 32 © Novell, Inc. All rights reserved.
  • 33. Scenario 1 Current View System Assets, Accounts, and Authorizations Role Provisioning 80% = 15% = 5% = Average Time = 36 Hours 33 © Novell, Inc. All rights reserved.
  • 34. Scenario 1 Workflow Efficiency • Process Policies: – All Access Approvals are Processed via IDM Workflows – All Access Workflows must be completed within 24 hours – All Low Threat Access will have Automated Approval – All Medium Threat Access must have 1 Approval – All High Threat Access must have 2 Approvals 34 © Novell, Inc. All rights reserved.
  • 35. Scenario 1 Revised Policies Multiple Approvals based on Role Level System Asset Values and Authorization Threats Valued by Asset Owner Automated Approvals based on Role Level 80% = (12 mins) 15% = (8 hours) 5% = (24 hours) Average Time = 2.56 Hours 35 © Novell, Inc. All rights reserved.
  • 36. Scenario 1 Workflow Efficiency • Process Policies: – All Access Approvals are Processed via IDM Workflows – All Access Workflows must be completed within 24 hours – All Low Threat Access will have Automated Approval – All Medium Threat Access must have 1 Approval – All High Threat Access must have 2 Approvals • Process Improvements: – All Access Approvals are completed faster! – Security Posture Improved! – Bottlenecks Removed! 36 © Novell, Inc. All rights reserved.
  • 37. Scenario 2 Rogue Administration • Process Policies: – All Access Approvals are granted via IDM Workflows – All Access Rights changes are performed via IDM Drivers after approval • Business Problems: – Can I detect if these policies are violated? – Can I remediate violations at an IT level? – Can Process Owners receive notification of violations? 37 © Novell, Inc. All rights reserved.
  • 38. Scenario 2 Process Control Jim requests IT to Jim's Acces is reset “Rogue Administration” Temporarily give him in the SAP CRM work flow is started to access rights to perform a system remediate IT security task Novell CMP receives event ® And begins IT and Process remediation Violating Policy, Natasha grants Jim SAP_ALL rights in the SAP CRM system. GRC Process control A notification is sent to forwards the item to Glen to Process administrators review the effect on SAP to remediate controls applications violation 38 © Novell, Inc. All rights reserved.
  • 40.
  • 41. Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.