For the Vice President of Financial Systems for a Fortune 100 Insurance Company, the decision to implement an SAP compliance and reporting solution was initiated as a result of Sarbanes-Oxley (SOX).
For the SAP Security Administrator the issue of managing emergency access for the company's SAP system presented a challenge between the issues of flexibility and control:
"The issue of emergency access to our SAP system was one that we have been trying to resolve for some time, specifically how to provide the flexibility for our technical people to support the production environment while maintaining the control that we need over the process of granting them access to the system."
He added, "What I like about Security Weaver ER is that control is directly tied to the user's production ID, and we know exactly who that person is. ER forces all support staff that need more than read-only access to the production system to document why they need that access before they are granted access on a temporary basis."
The Situation Before Security Weaver
For the SAP Security Administrator, granting emergency access to the SAP system presented certain maintenance challenges, especially when the requests occurred late at night. "Prior to the implementation of Security Weaver ER, it was not uncommon to have two or three late night phone calls during the week requesting emergency access to the system for production related issues. In each of these instances, I had to spend 20 minutes or more starting up my laptop from home, accessing the system and assigning the system access to the appropriate support person. Now with ER, the system automatically takes care of the problem itself. As a result, call volume has dropped to maybe one per week, and those can be solved quickly."
More importantly, Security Weaver ER has reduced the time delays associated with support for critical financial functions such as processing checks and electronic file transfers (EFTs).
Providing emergency access to the SAP system is a necessity, especially when critical software modifications are needed after normal business hours. However, in gaining emergency access, temporarily authorized users may also have the opportunity to access and/or modify sensitive financial, personal, or health-related information. Protection against unauthorized access must be secured with appropriate controls, and must be accompanied by detailed documentation in case of compliance audits regarding federal regulations such as SOX, HIPAA, or GLBA.
The Security Weaver ER solution for SAP enterprise software environments solves these security issues by providing an automated and secure means of ensuring that emergency access to sensitive information can be fully controlled, documented, and audited. ER also leverages existing SAP interface resources in a way that facilitates IT support effectiveness while reducing operating costs at the same time.
In summary, Security Weaver ER provides four important business benefits for emergency access to an SAP enterprise system:
When I saw what other companies were charging for similar stand-alone emergency access utilities, they wanted much more for them than I cared to spend. Since ER is included in our Security Weaver software license, we get the best of both worlds, a robust solution that solves our emergency access needs and doesn't add any additional cost to the process. Security Weaver ER is exactly the silver bullet that we have been seeking for some time.
Security Weaver ER also offers the benefit of complete regulatory compliance. According to the SAP Security Administrator, "Since SOX became a requirement, auditors have been granted a great deal of authority over our production process in an effort to ensure that our user access to our production environment is in full compliance. We are committed to a production environment that is 100% free of any compliance deficiencies, and Security Weaver ER provides us with what we need to ensure that our system will meet all of our auditor's requirements for Sarbanes-Oxley (SOX) compliance." One other aspect that Bill Johnson likes about Security Weaver ER is its affordability. "When I saw what other companies were charging for similar stand-alone emergency access utilities, they wanted much more for them than I cared to spend. Since ER is included in our Security Weaver software license, we get the best of both worlds, a robust solution that solves our emergency access needs and doesn't add any additional cost to the process. Security Weaver ER is exactly the silver bullet that we have been seeking for some time."
Since all system activity is based on the user's ID and SAP roles, Security Weaver ER provides management with complete visibility into "high risk" system support activities.
Use of Security Weaver ER ensures that enterprises can maintain full federal regulatory compliance with all pertinent laws that apply to the access of sensitive information.
Since support is decentralized and tied to specific support events, Security Weaver ER decreases the related administrative overhead and costs by streamlining the process for resolving IT production problems, thereby eliminating the need for full-time, live support for maintenance user access.
Security Weaver ER's stronger process-related controls create more efficient audit trails, providing corporate auditors with readily available information and substantiation for regulatory compliance.