Compliance with RBE Plus
IT compliance figures high on corporate agendas. These days employees are storing, editing and sharing ever increasing volumes of data in SAP systems. Our RBE Plus analyses are essential tools that support your company in complying with laws and regulations, and documenting this compliance. What’s more, we’ll help you review and restructure your authorization concept and tailor your licensing concept to your specific needs.
Security and compliance requirements are increasing, but managing access authorization is tricky. Problems must be detected and remedied immediately.
An industry-independent study conducted by IBIS Prof. Thome shows that on average, employees have far more authorizations than they need. Approximately 23 percent of these proved wholly unnecessary. In the organizations examined, employees were typically assigned more than 5,000 non-essential functions and/or transactions.
This reckless distribution of authorizations gives employees access to activities in the system that they don’t need and shouldn’t have – and worse still, this access cannot be reliably monitored. Besides negatively impacting business processes, indiscriminate distribution of authorizations can result in massive breaches in data security, not to mention unwarranted costs.
RBE Access analysis helps you:
- establish authorization management that conforms to your company’s needs and meets compliance and security requirements
- ensures that employees’ physical and network access matches current task profiles and activities
Cutting costs by regularly checking licenses against user activities and reassessing the need for purchased licenses.
The SAP licensing model is usage-based, so licenses should reflect the users’ actual activities. We advise corporations to gear their purchases toward what we term the “least-license” principle – keeping licensing to a minimum by assigning users only the licenses they need.
When system configuration does not reflect real needs, you’re at risk for over-licensing. But assigning licenses based on actual system usage requires periodic reviews and reassessment of licensing needs. Thanks to RBE Plus, this is simple.
The analysis makes it easy to fit users with the proper number and types of license. What’s more, it reveals shortcomings in your current licensing strategy and points out how to improve them.
Access to company-critical data must be strictly regulated and mutually incompatible functions segregated.
As corporations embrace all that the digital age has to offer – with increasing quantities of data being stored, edited and shared across the world – segregation of duties takes on greater significance than ever before. Because ERP systems store masses of company-critical data, access to this data must be strictly regulated and mutually incompatible functions segregated.
The SoD analysis helps you:
- to segregate functions to comply with internal and external regulations.
- to check activities executed
- to proactively review and detect breaches enabled by employees’ access authorizations
Checking physical and network access against your security regulations
Key figures, detailed evaluations and integrated recommendations help you match physical and network access authorizations to corporate security regulations.
Restructuring the licensing model
Use RBE Plus SAP analyses to restructure your licensing model to reflect your current corporate needs
Preventing SoD violations
Verifying that SoD rules are observed is not enough. Define your role concept to prevent violations.
“RBE Plus SAP analyses give us profound insight into user behavior in our system.”
Torsten J. Somann, IT-Chef (Witzenmann Group)