archive

Least Privilege 2.0: Controlling Risk in a Dynamic Environment

A growing landscape of laptops and smartphones, widespread internet access, and remote workforces throughout the world have increased the need for risk and identity management and has changed how security models should operate. Continuing to focus on only two dimensions, the “Who” (users and user groups) and the “What” (roles and authorizations), leaves organizations vulnerable to new and emerging security threats. Today, businesses must consider a third dimension to user access risks: the “When.” How can companies better control the assignment of access rights related to tasks, rather than unilaterally granting privileges to users?

 In this session, join Appsian’s SAP Security experts as they discuss how SAP ERP customers can address and manage Least Privilege in today’s digital world, while explaining why access governance is critical to SAP security and how organizations can take steps to minimize their risk exposure.

 Attend this session to learn how to:

  • Strengthen Least Privilege by incorporating context into controls
  • Minimize risk exposure while enabling flexible, user-friendly access
  • Protect critical data and transactions in untrusted environments
  • Adapt to changing security and compliance requirements



MEET THE AUTHORS

Rajesh Rengarethinam Appsian Security
Read More

Rajesh Rengarethinam has over 23 years of experience building innovative SAP Products and Applications for large enterprise organizations. He has been responsible for driving technical strategy and architectural direction for various SAP certified products that have extended the SAP solution in the areas of GRC Access Control. Rajesh is an experienced SAP solutions architect with deep knowledge of SAP Application Security, Risk Management and Compliance.

Greg Wendt Appsian Security
Read More

Greg Wendt is one of the top ERP security experts with knowledge across multiple ERP platforms. During his 22-year career, he has been recognized as a leader in data security, application architecture and business operations.



Governance Risk and Compliance: State of the Market 2021 Benchmark Report

Governance, risk, and compliance (GRC) systems and professionals are increasingly important as regulations around data become stricter and corporate systems become a more frequent target of cybersecurity attacks. These risks and compliance challenges are compounded by the fact that many SAP organizations are in the process of transitioning to new technology — be it SAP S/4HANA or cloud offerings. The global pandemic and economic turndown of 2020 added more GRC concerns around remote work and budgets.

To understand what SAP customers are doing in the area of GRC, SAPinsider surveyed 167 members of our community in April and May 2021. The goal of the survey was to understand the most important factors driving GRC for SAP customers, and what strategies are being taken to address these factors. The greatest influence for survey respondents (58%) in the area of GRC was new technology migrations (Figure 1).

Read the report to:

  • Discover what business pressures drive GRC initiatives.
  • Understand how SAPinsiders approach implementing GRC programs.
  • Find out which technologies are being used for GRC.
  • Learn the top requirements for GRC.
  • Gain your steps to success.

 

Download the report now!


Why and how to minimize your Attack Surface in SAP

On-Demand

Cyber attacks are growing exponentially as remote work becomes the norm and new exploits capture the attention of hackers. A key theme is that these threats increasingly focus on the application layer – more specifically, the user layer – leveraging privileged accounts to get the keys to your kingdom. While perimeter security and IAM best practices have their place, organizations must begin looking at solutions to minimize the attack surface inside their SAP applications.

Join the SAP Security experts at Appsian as they explore how leveraging a secondary, context-aware authorization layer in SAP can reduce the risk posed by privileged accounts, quickly scale data protection efforts, and secure critical business processes in today’s dynamic landscape. You will:

  • Learn how to move past roles & authorizations and incorporate context-aware controls to ensure that critical data and transactions can only be accessed when appropriate.
  • How to limit access to sensitive data, such as unpublished financials or PII, for employees working remotely
  • Understand what measures to take to reduce the risk of account takeover attacks on admin users
  • Know what compensating controls you can enact to combat SAP exploits between security patch releases and implementation



MEET THE AUTHORS

Greg Wendt Appsian Security
Read More

Greg Wendt is one of the top ERP security experts with knowledge across multiple ERP platforms. During his 22-year career, he has been recognized as a leader in data security, application architecture and business operations.

Rajesh Rengarethinam Appsian Security
Read More

Rajesh Rengarethinam has over 23 years of experience building innovative SAP Products and Applications for large enterprise organizations. He has been responsible for driving technical strategy and architectural direction for various SAP certified products that have extended the SAP solution in the areas of GRC Access Control. Rajesh is an experienced SAP solutions architect with deep knowledge of SAP Application Security, Risk Management and Compliance.