For the Vice President of Financial Systems for a Fortune 100 Insurance Company, the decision to implement an SAP compliance and reporting solution was initiated as a result of Sarbanes-Oxley (SOX).
According to the VP of Financial Systems, “As we considered the implications of SOX, and the sensitivity of the information in our SAP environment, we realized that as a company we needed to have complete visibility into user access to SAP. In order to provide that visibility we decided that we needed senior management to review and approve all SAP user access with a focus on segregation of duties (SODs) and sensitive transaction access (STAs). We knew that to do this effectively we needed a solution that integrated with our existing SAP environment and was both cost effective, easy to implement and use. It was also clear that, due to the complexity of their production environment with over 6,500 users, manually performing this function or building an in-house custom solution was not a viable long-term solution.”
The desire to implement a cost effective solution that was easy to implement and use was a paramount consideration throughout the evaluation process. Additionally, according to the VP of Financial Systems, “Another key criterion was a solution that integrated directly with SAP. We were not interested in implementing a complex addition to our infrastructure just to host a compliance solution”. Many of Security Weaver’s competitors require separate hardware, operating systems and databases in order to implement their solutions. With Security Weaver, the fact that it is installed as a simple SAP transport and logically acts as a custom transaction code within SAP was a substantial plus for the Security Weaver solution
With approximately 6,500 users in their SAP environment, compliance is a daily challenge and with SOX to be continually in compliance is imperative. According to the VP of Financial Systems, “Another key consideration was application engineering and design. We could not afford to implement a solution that was not capable of keeping our SAP compliance in real-time. We needed a solution that was capable of analyzing vast amounts of data in minutes while providing clear and concise reporting. Because of its efficient design, Security Weaver was able to quickly evaluate the roles of over their 6500 SAP users against the approximately 44,000 unique SAP transaction codes in minutes. This is in contrast to alternative solutions which would take any where from several hours or in some cases several days to complete a similar task. “Security Weaver was the clear choice from a total cost of ownership perspective. We knew Security Weaver could provide a cost-effective solution that was easy to implement and use.”
Now that the Security Weaver solution has been in place for approximately two years, the VP of Financial Systems is convinced that the decision to go with this solution was the best choice for his organization. He has experienced the benefits of Security Weaver in three distinct ways, and summarizes them as follows:
When I saw what other companies were charging for similar stand-alone emergency access utilities, they wanted much more for them than I cared to spend. Since ER is included in our Security Weaver software license, we get the best of both worlds, a robust solution that solves our emergency access needs and doesn't add any additional cost to the process. Security Weaver ER is exactly the silver bullet that we have been seeking for some time.
Since all system activity is based on the user's ID and SAP roles, Security Weaver ER provides management with complete visibility into "high risk" system support activities.
Use of Security Weaver ER ensures that enterprises can maintain full federal regulatory compliance with all pertinent laws that apply to the access of sensitive information.
Since support is decentralized and tied to specific support events, Security Weaver ER decreases the related administrative overhead and costs by streamlining the process for resolving IT production problems, thereby eliminating the need for full-time, live support for maintenance user access.
Security Weaver ER's stronger process-related controls create more efficient audit trails, providing corporate auditors with readily available information and substantiation for regulatory compliance.