CSI tools: A Transformed Outlook to SAP Security

To survive, one must adapt and to adapt companies must reinvent themselves which demands constant assessment of its exposure to risks. When it comes to SAP security projects, risk mitigation becomes all the more challenging owing to enormous budgets and the inability of solutions to decipher the basics of SAP security: the SAP authorizations. While most companies strive to offer solutions just to mitigate risks, one SAP solution provider, CSI tools is revolutionizing the very approach of managing internal security model, remediating compliance issues, and monitoring potential business risks within an SAP system.

“CSI tools’ strength is in its multilayer security model for SAP systems,”—by Gartner Market Guide for Segregation of Duties (SoD) Controls Monitoring Tools not only highlights the company’s strength but also speaks volumes about its uniqueness. Unlike others, the company performs five analyses separately ranging from transaction codes, and/or authorization objects, and/ or authorization object field values, and/ or menu access, and/or transaction code usage. This approach of analyzing all layers separately allows CSI tools to identify conceptual weaknesses in the roles and/or weaknesses in the rules. On the basis of this principle, the company’s flagship product, CSI Authorization Auditor (CSI AA) audits and monitors authorization and role setup in SAP environments. It comes with a pre-defined SoD engine with more than 400 SoD conflicts and offers a snapshot of an SAP system to gain insight into its past or current authorization setup. Since transaction code and authorization access is checked separately, this module can verify the completeness of SAP GRC rule sets. CSI AA has today become one of the must-have productivity tools for SAP security audit.

Alongside auditing and monitoring, the company’s software suite includes solutions for supporting compliancy in role building, user provisioning and emergency access. All these solutions are flexible with a short implementation time and are incredibly user-friendly.