For the Vice President of Financial Systems for a Fortune 100 Insurance Company, the decision to implement an SAP compliance and reporting solution was initiated as a result of Sarbanes-Oxley (SOX).
According to the VP of Financial Systems, “As we considered the implications of SOX, and the sensitivity of the information in our SAP environment, we realized that as a company we needed to have complete visibility into user access to SAP. In order to provide that visibility we decided that we needed senior management to review and approve all SAP user access with a focus on segregation of duties (SODs) and sensitive transaction access (STAs). We knew that to do this effectively we needed a solution that integrated with our existing SAP environment and was both cost effective, easy to implement and use. It was also clear that, due to the complexity of their production environment with over 6,500 users, manually performing this function or building an in-house custom solution was not a viable long-term solution.”
The desire to implement a cost effective solution that was easy to implement and use was a paramount consideration throughout the evaluation process. Additionally, according to the VP of Financial Systems, “Another key criterion was a solution that integrated directly with SAP. We were not interested in implementing a complex addition to our infrastructure just to host a compliance solution”. Many of Security Weaver’s competitors require separate hardware, operating systems and databases in order to implement their solutions. With Security Weaver, the fact that it is installed as a simple SAP transport and logically acts as a custom transaction code within SAP was a substantial plus for the Security Weaver solution
With approximately 6,500 users in their SAP environment, compliance is a daily challenge and with SOX to be continually in compliance is imperative. According to the VP of Financial Systems, “Another key consideration was application engineering and design. We could not afford to implement a solution that was not capable of keeping our SAP compliance in real-time. We needed a solution that was capable of analyzing vast amounts of data in minutes while providing clear and concise reporting. Because of its efficient design, Security Weaver was able to quickly evaluate the roles of over their 6500 SAP users against the approximately 44,000 unique SAP transaction codes in minutes. This is in contrast to alternative solutions which would take any where from several hours or in some cases several days to complete a similar task. “Security Weaver was the clear choice from a total cost of ownership perspective. We knew Security Weaver could provide a cost-effective solution that was easy to implement and use.”
Now that the Security Weaver solution has been in place for approximately two years, the VP of Financial Systems is convinced that the decision to go with this solution was the best choice for his organization. He has experienced the benefits of Security Weaver in three distinct ways, and summarizes them as follows:
Security Weaver fue la mejor opción desde el punto de vista del coste total de propiedad. Sabíamos que Security Weaver podía proporcionar una solución rentable que era fácil de implementar y usar.
"Security Weaver monitorea los SODs en tiempo real. Si cambiamos el rol de un usuario, podemos usar el software para revisar inmediatamente cualquier conflicto o ramificación potencial de esa decisión, según sea necesario, para asegurarnos de que estamos continuamente en conformidad".
"Security Weaver no sólo fue la mejor opción desde el punto de vista funcional, sino también desde el punto de vista del coste total de propiedad, teniendo en cuenta todos los costes relacionados con su incorporación a nuestra infraestructura SAP. El software ha minimizado el coste de cumplimiento y nos ha permitido centrar nuestras energías en iniciativas que son estratégicas y no relacionadas con el cumplimiento".
"Security Weaver comprende las complejidades y detalles asociados con el modelo de seguridad de SAP. Proporciona la información crítica a todos los niveles de la organización para asegurar el cumplimiento. Desde el director financiero hasta un gerente de nivel medio o un administrador de sistemas que puede revisar los problemas de cumplimiento de SAP en detalle, Security Weaver nos permite comprender y resolver fácilmente nuestros problemas de SAP SOD y STA en tiempo real, a la vez que proporciona informes informativos con información relevante para la gerencia superior, de modo que podamos seguir cumpliendo plenamente con las normas".