Embed Size (px)
DESCRIPTION
In 2012, the National Lottery Belgium went live with SAP GRC Access Control 10.0 as one of the first Belgian companies. During the first half of 2013, the “Business Role Management” module (BRM) was implemented, further leveraging the “Analyze & Manage Risks” (AMR) and “Provision & Manage Users” (PMU) modules. The combination of these modules allowed the National Lottery Belgium to mitigate all open risks, provision business roles to HR positions (using business language) and implement fully workflow-driven approval processes for business role changes and business role assignments involving single role owners (process owners), business role owners (managers) and risk owners.
Citation preview
Your logo
Risk free authorization provisioning with
SAP GRC Access Control 10.0
@ the National Lottery Belgium
Gert De Pauw
The National Lottery Belgium
1
Chris Walravens
Expertum
SAPience.be TECHday’13
Agenda
The Players
Project Triggers / Challenges
SAP GRC Access Control
Implementation Phases
Project Benefits
SAPience.be TECHday’13 2
The National Lottery
SAPience.be TECHday’13 3
Wet van 19 april 2002 + het beheerscontract tussen de Belgische Staat en de Nationale Loterij: “sociaal verantwoordelijke en professionele aanbieder van spelplezier” met twee essentiële doelstellingen :
• het spelgedrag kanaliseren en zo een alternatief bieden voor privé en/of illegale spelen
• de bestaande gebruikers van loterijen en kansspelen aantrekken met een modern en aantrekkelijk aanbod, zonder evenwel de omvang van de markt uit te breiden
Financiële steun aan organisaties en manifestaties van publiek belang:
• 225,3 miljoen euro aan subsidies rond de thema's sociaal, sport, cultuur, familie, wetenschap en nationaal prestige worden door de ministerraad goedgekeurd. Sinds 2002 stort de Nationale Loterij 27,44% van het globale jaarlijkse subsidiebedrag rechtstreeks aan de drie (Vlaamse, Franse en Duitstalige) Gemeenschappen.
• Sociale of naamsponsoring van initiatieven ten voordele van de integratie en het welzijn van minderbegoede bevolkingsgroepen (b.v. Restos du Coeur, eindejaarsdiners, bezoeken aan evenementen en tentoonstellingen aan verminderd tarief)
Op een verantwoorde
manier
Grootste mecenas
van België
Kanalisatie
Actief en op een autonome manier bijdragen tot de preventie en behandeling van gokverslaving dankzij de steun aan initiatieven in die richting
The National Lottery
SAPience.be TECHday’13 4
One of the biggest
retail networks
in Belgium
5240 Stores
Independents
working on commission and
selling our products
Delaware
SAPience.be TECHday’13 5
History
• Founded in 1981; has been part of Bekaert, Andersen and Deloitte
• Independent partnership since 2003
Today
• 850+ professionals
• Belgium, China, Singapore, France, Luxembourg, The Netherlands & US
Recipe
• Aligning business and technology
• Combining strengths, delivering solutions
Philosophy
• Entrepreneurship, Care, Respect, Team spirit, Commitment
Expertum
History
• Founded in April 2006 by 2 ex-SAP BeLux employees
• Partnerships
Today
• Team of 50+ SAP Experts and Project Managers
Mission
• Exceed client expectations by providing top-quality expertise
• Provide our people a safe environment for personal and professional growth
Strength
• Highly skilled & experienced SAP consultants in all SAP areas, combined with a
wide industry knowledge in several domains
SAPience.be TECHday’13 6
Expertum Competence Areas
Focus GRC team
• SAP Security &
Authorizations
• SAP GRC Access Control
• SAP GRC Process Control
• SAP Identity Management
SAPience.be TECHday’13 7
Knowledge Management
- Product & Service
Development
Project Management
(PM)
Supply Chain Management
(SCM)
Product Lifecycle
Management (PLM)
Application Lifecycle
Management (SolMan
+NW)
Governance, Risk, and
Compliance (GRC)
Business Intelligence (BI:BW/BO +
HANA)
Finance & Controlling
(FI/CO)
Project Triggers / Challenges
SAPience.be TECHday’13 8
Controlled Access
Transparency
Automated Processes
Risk Prevention
Segregation of Duties
Business Ownership
Monitoring & Reporting
Audit Trails
SAP GRC Access Control
SAPience.be TECHday’13 9
Emergency Access
Management (EAM)
Provision & Manage
Users (PMU)
Business Role
Management (BRM)
Analyze & Manage Risks
(AMR)
Accurately identify and analyze access risk violations in real-time
Remediate and mitigate conflicts for users and roles
Continuously monitor access risks and user assignments across the enterprise
Self service emergency access activation
Centrally approve and manage emergency access or all SAP systems
Detailed usage logs for comprehensive emergency access reviews
Centralized business role management
Enforced compliancy to format & SOD rules
Automated role governance process involving business & technical owners
Self service user access request process
Preventive risk analysis in user provisioning
Automated workflow for efficiently approving requests
Streamline and automate reviews of user access
SAP GRC Access Control
SAPience.be TECHday’13 10
First Belgian Company
Using
all 4 Modules
Implementation Phases
SAPience.be TECHday’13 11
Analyze & Manage Risk
Emergency & Access Management
Provision & Manage Users
01/11/2011 01/07/2012
Phase 1a
01/10/2013
Phase 2
31/12/2012
Phase 1b
Analyze & Manage Risk
SAPience.be TECHday’13 12
Analysis Engine
Rule Set
Bridge Business - IT
Root Cause Analysis
Proactive Risk Analysis
Detailed Reporting
Emergency Access Mgmt
SAPience.be TECHday’13 13
Controlled Access
Logging Activities
Automated Notifications
Only Approved Access
Provision & Manage Users
SAPience.be TECHday’13 14
Automated Provisioning
Workflow Based Approvals
Role & Risk Ownership
Preventive Risk Analysis
Eliminate IT Involvement
Audit Trails
Implementation Phases
SAPience.be TECHday’13 15
SOD Remediation
HR Trigger
Approval Delegation
01/11/2011 01/07/2012 01/10/2013 31/12/2012
Phase 1a
Phase 1b
Phase 2
Intermediate Phase
SAPience.be TECHday’13 16
Automated User Creation
Triggered by Onboarding
Delegation of Approvals
Clean-up of Access Rights
Implementation Phases
SAPience.be TECHday’13 17
Technical role design
Business role design (Composite roles)
Position Based Security
Business Role Management
01/11/2011 01/07/2012 01/10/2013 31/12/2012
Phase 1a
Phase 1b
Phase 2
Business Role Management
SAPience.be TECHday’13 18
Centralized Role Documentation
Transparency
Automated Access Removal
Embedded Risk Analysis
Automated Notifications
Role & Risk Owners
Workflow Based Approvals
Risk Reduction
SAPience.be TECHday’13 19
Project Benefits
SAPience.be TECHday’13 20
Controlled Access
Transparency
Automated Processes
Risk Prevention
Segregation of Duties
Business Ownership
Monitoring & Reporting
Audit Trails
Analysis Engine
Rule Set
Bridge Business - IT
Root Cause Analysis
Logging Activities
Automated Notifications
Only Approved Access
Workflow Based Approvals
Eliminate IT Involvement
Delegation of Approvals
Clean-up of Access Rights
Thank you!
www.expertum.net
SAPience.be TECHday’13 22
Gert De Pauw Senior SAP Manager The National Lottery
+32 2 238 46 72 [email protected] www.nationale-loterij.be
Chris Walravens GRC Competence Lead Expertum
+32 474 475 983 [email protected] www.expertum.net
