Support  |  1-800-620-4210  |  

Customer:
Fortune 100 Financial Services Company

Customer Environment:
SAP R/3 v4.7 Software - Enterprise Release

Customer Challenge:
To automate a newly imposed, semi-annual SAP user access compliance requirement
"Our environment runs on a very tight production window. We only have a short amount of time to process and issue literally thousands of checks and EFTs as part of our nightly production run so they will arrive at their destinations on schedule. We can't afford to have this process held up as the result of some minor production-related issue. With Security Weaver ER, the people who handle the production queues can assign a role on their own that will quickly fix the problem and get the payments out on time without requiring me to perform the task for them."

Bill Johnson
VP of Financial Systems
SAP Security Administrator

A real-world example of Security Weaver's Compliance Solution for SAP Enterprise Software.

Background

For the Vice President of Financial Systems for a Fortune 100 Insurance Company, the decision to implement an SAP compliance and reporting solution was initiated as a result of Sarbanes-Oxley (SOX).

According to the VP of Financial Systems, “As we considered the implications of SOX, and the sensitivity of the information in our SAP environment, we realized that as a company we needed to have complete visibility into user access to SAP. In order to provide that visibility we decided that we needed senior management to review and approve all SAP user access with a focus on segregation of duties (SODs) and sensitive transaction access (STAs). We knew that to do this effectively we needed a solution that integrated with our existing SAP environment and was both cost effective, easy to implement and use. It was also clear that, due to the complexity of their production environment with over 6,500 users, manually performing this function or building an in-house custom solution was not a viable long-term solution.”

 

{quote1}

 

The Evaluation Process

The desire to implement a cost effective solution that was easy to implement and use was a paramount consideration throughout the evaluation process. Additionally, according to the VP of Financial Systems, “Another key criterion was a solution that integrated directly with SAP. We were not interested in implementing a complex addition to our infrastructure just to host a compliance solution”. Many of Security Weaver’s competitors require separate hardware, operating systems and databases in order to implement their solutions. With Security Weaver, the fact that it is installed as a simple SAP transport and logically acts as a custom transaction code within SAP was a substantial plus for the Security Weaver solution

With approximately 6,500 users in their SAP environment, compliance is a daily challenge and with SOX to be continually in compliance is imperative. According to the VP of Financial Systems, “Another key consideration was application engineering and design. We could not afford to implement a solution that was not capable of keeping our SAP compliance in real-time. We needed a solution that was capable of analyzing vast amounts of data in minutes while providing clear and concise reporting. Because of its efficient design, Security Weaver was able to quickly evaluate the roles of over their 6500 SAP users against the approximately 44,000 unique SAP transaction codes in minutes. This is in contrast to alternative solutions which would take any where from several hours or in some cases several days to complete a similar task. “Security Weaver was the clear choice from a total cost of ownership perspective. We knew Security Weaver could provide a cost-effective solution that was easy to implement and use.”

{quote2}

The Benefits of Security Weaver

Now that the Security Weaver solution has been in place for approximately two years, the VP of Financial Systems is convinced that the decision to go with this solution was the best choice for his organization. He has experienced the benefits of Security Weaver in three distinct ways, and summarizes them as follows:

The Benefits of Security Weaver

Provides Greater Control

Since all system activity is based on the user's ID and SAP roles, Security Weaver ER provides management with complete visibility into "high risk" system support activities.

Ensures Regulatory Compliance

Use of Security Weaver ER ensures that enterprises can maintain full federal regulatory compliance with all pertinent laws that apply to the access of sensitive information.

Reduces Operating Costs

Since support is decentralized and tied to specific support events, Security Weaver ER decreases the related administrative overhead and costs by streamlining the process for resolving IT production problems, thereby eliminating the need for full-time, live support for maintenance user access.

Creates More Efficient and Effective Audits

Security Weaver ER's stronger process-related controls create more efficient audit trails, providing corporate auditors with readily available information and substantiation for regulatory compliance.