“Devoid of going into the details how SAP security really works, everybody understands that if security administrators, auditors, and internal control teams do not understand the basics of the two core elements of SAP security, they will never be able to optimize it,” notes Her¬mans. Even the early versions of SAP systems did not have security checks for starting a transaction code. Setting-up security was complex because the security administrator had to think and develop security with a complete insight and understanding of the authorizations. CSI tools appears in the picture to tackle the obstacles for the concerned sector—a company that develops dynamic analytics tools to deliver intelligence from and to decisions taken in access governance for SAP environments. The company’s unique cockpit and engine provide in¬sights into real vulnerabilities, streamlining SAP roles and then delivers practical solutions to improve risk/security posture, like automated role building and reverse engineering.
The company has kept pace with the evolving market, releasing an entirely new complete and mature GRC solution for SAP environments in 2014: CSI tools 2014 is designed to address all GRC needs, with supporting rule sets, frameworks, options to automate tasks and change requests and dashboards. By checking multiple layers of SAP authorizations, CSI tools ensures that Segregation of Duty (SoD) conflicts through accumulation of access rights are discovered.
CSI Authorization Auditor 2014 is the audit and monitoring application for security concepts in SAP environments. It takes a snapshot of the SAP system to gain an insight into the past or current authorization setup of the concerned system. It reveals weaknesses in customer’s authorization concept, and helps identify undesired authorizations, accumulation of access rights, unsecured back doors and cross-system segregation of duties. CSI Role Build & Manage (CSI RBM) is used to maintain and manage the SAP security concept in an efficient and effective way with features like automated role building. CSI Automated Request Engine (CSI ARE) processes user and role access requests and has integrated SoD checks to prevent unwanted access in the access requests. Tasks can be automated and scheduled using CSI Integrate & Collaborate (CSI IC). CSI Emergency Request (CSI ER) is an automated emergency procedure with firefighter capabilities to mitigate the risk and allows a timely response of the intervention team, to provide broad access to a SAP system with full evidence logging. CSI ER also provides functionality to log and monitor the access (display and/or update) to SAP HRM Infotypes.
Our cockpit and engine provide insights into real vulnerabilities, streamlining SAP roles and then delivers practical solutions to improve risk and security posture
Going forward, CSI tools wants to improve the SAP request procedures to manage security in a better way. Preventing unwanted access and SoD conflicts instead of monitoring and solving them is much more efficient way to set up SAP security.” concludes Hermans.