ERP Access Management: It’s come a long way!
Remember when ERP access risks were managed manually? No one wants to go back to that. But, have you ever wondered what the next wave of ERP access management looks like? It was a solid step forward when access governance went from mostly manual to mostly tool supported. But it is a huge step forward to go from ERP Access Management 1.0 to 2.0. We are excited to put together a series of blog posts showing the evolution of access governance and the difference between what was then and what is now.
One quick example from the past that most experienced managers will remember is how they had to maintain their access management rules in a clunky spreadsheet or desktop database. These tools were never quite up to the task. The result? A lot of wasted time spent debating if reported risks were even real.
And who can forget the sampling required and the time intensive research? The batches of transactions that had to be identified, extracted, imported, stored, and analyzed. All the midnight oil burned. Forgetting that would be like forgetting your last root canal.
So when the first access management tools came to market, enterprises saw a light at the end of their (very dark and long) compliance tunnel. Everyone expected things would get better, processes easier, complexity lower, work reduced – less pain. Things did improve, but alas, new problems surfaced.
For example, early ERP access management tools made it possible for auditors to see all the access risks. This visibility meant security administrators were forced to:
• Design crazy complex role architectures
• Manage non-stop temporary access management requests and the daily distractions they caused
• Increase their time spent on documenting their mitigations so newly empowered auditors would have the evidence they needed to prove adequate remediation efforts
• Patiently engage angry business managers who felt that IT’s many rules were major hurdles to their team’s productivity
Fortunately, the next iteration of access management is not on the horizon – it’s already here! One example of this is the new Automated Mitigations module from Security Weaver. It provides an elegant solution to many of the residual issues surrounding the first wave of SAP access management tools. Those who use it see a marked reduction in their workload, improvement in their security, and increased user productivity.
One way Automated Mitigations improves compliance management is by making it possible for auditors and IT security administrators to prioritize addressing access risks based on the actual financial exposure of the risk. With Automated Mitigations IT and auditors avoid having to jump through hoops to address risks that pose no material threat to the organization.
Stay tuned for our next posts in this series where we will go into more depth about just how far ERP access governance has evolved.
For more information on Automated Mitigations or any of Security Weaver’s other SAP innovations, Click here to request a custom demonstration.