Naturally, companies that have been in business for decades have decades worth of user roles amassed in their systems landscape. When preparing for the upgrade to SAP S/4HANA, not every company will need to remediate all of their security roles, however this is the approach that one long-time SAP customer decided to take as part of their roadmap to meet the 2027 deadline.
Imagine remediating more than 20 years’ worth of security roles to prepare for the upgrade to SAP S/4HANA when you’ve been running SAP ERP Central Component (SAP ECC) since the late 1990s in an environment with over 4,000 roles and 11,000 users? That’s the reality for Newport News Shipbuilding (NNS), the sole designer, builder and refueler of U.S. Navy nuclear-powered aircraft carriers and one of two providers of U.S. Navy submarines. With approximately $4 billion in revenues and more than 25,000 employees, NNS is the largest industrial employer in Virginia and the largest shipbuilding company in the United States. NNS’ parent company, Huntington Ingalls Industries with locations in Louisiana and Mississippi, is America’s largest military shipbuilding company.
Deborah Rogers, Cybersecurity at NNS, recently explained to SAPinsider how the business redesigned roles for least privilege access, rebuilt security data around transaction code SU24, incorporated SAP Fiori interfaces, and addressed items from SAP’s simplification list for SAP S/4HANA 1909.
SAP S/4HANA speeds up processes a reduces costs
Rogers has been an employee of NNS since 2004, a speaker at multiple SAP conferences since 2016, and is an adjunct professor at Christopher Newport University. With a career spanning from programming to risk management to security to architecture, Rogers’ latest role revolves around making sure that NNS keeps everything up to date specifically around security and SAP and that the company stays within budget, on schedule, and is able to track everything within the SAP application.
“With NNS’ current challenges to meet government contractual obligations, speeding up some of our processes and reducing costs right now really puts us at an advantage. We’re looking to the SAP S/4HANA application to help us with that,” says Rogers.
While not every company will find it necessary to remediate all security roles for their SAP S/4HANA upgrade, NNS found that this approach is required to meet their business goals.
Analyzing custom transactions with zero material costs
NNS moved to the SAP Governance, Risk and Compliance (GRC) solution in 2016. The company is a highly customized SAP shop, having customized over 40% of its transactions in an environment with over 4,000 roles and 8,000 users in 2016. “We had 2,000 custom transactions and different areas of business would subjectively give two different answers for how a transaction worked. We needed a reliable, repeatable, automated way to put these into the GRC rule set and have confidence in them in a way that would help us pass audit,” says Rogers.
NNS was able to make this process easier and better with zero additional licensing costs and zero configurations or installation of new tools. “It took time, but there were no materials cost,” she says. “When I’m sitting in isolation in my office every week I tend to lose sight of the fact that many other SAP customers have also installed SAP and have the same challenges. The exchange of information at SAPinsider events is invaluable,” says Rogers.