In its two-decade long journey, the organization has mitigated several woes for client organizations, one such resolve is effortless determination of the number of users authorized with access in critical SAP environments. “Installation of ash trays across the premises alone does not guarantee accurate identification of the number of smokers in an organization and in fact, the approach narrows the chances of estimation,” mentions Johan Hermans, Founder & CEO, CSI tools, drawing parallels between defining rule sets in identification of nicotine intake patterns and determining the number of authorized users in an SAP environment. The industry veteran emphasizes that from a GRC standpoint, reduction in the number of parameters in a rule set to determine the degree of vulnerability in an organizations, will expose more employees, processes or resources that are potential risks.
In a bid to help decision makers gain a better insight of the authorization structure in their SAP environments, CSI tools devised its flagship tool, CSI Authorization Auditor. This invention aims to help decision makers gain a clearer view of the authorization history in their organization and unearth impending risks by exposing inconsistencies between what individuals are allowed to do and have done in the past. Most importantly, the auditing tool can be installed within a few minutes and in an hour’s span, the decision makers can assess risks existing within their whole SAP environment.
The Automated Request Engine another noteworthy tool from CSI’s arsenal too is highly beneficial for enterprises striving to accomplish compliance in their SAP environments.
This invention aims to help decision makers gain a clearer view of the authorization history in their organization and unearth impending risks by exposing inconsistencies between what individuals are allowed to do and have done in the past and who has almost access.
The engine enables fully automated SAP user access provisioning with configurable workflow and emailing functionality. Most importantly, the tool ensures preventive checking on SoD conflicts, logs all user requests and ensures almost no occurrence of unwanted access to critical functionality. The organization helps enterprises accomplish efficiency by significantly reducing human and financial capital resources usually utilized in addressing the GRC aspect of business operations. The automated request engine is a great time-save that enables employees to gain permissions quickly without spending a significant time waiting for an IT admin to grant access during role changes. However, at the same time, managers and key decision makers are notified about the permissions granted to the employees. On top compensating controls can be assigned during the workflow process.
Adoption of CSI tools’ in their work environments has helped several clients enhance the effectiveness, efficiency and agility of their SAP environments. To illustrate the capabilities of his organization better, Hermans shares an example of an American multinational firm that had implemented around 25 SAP systems, each exclusively catered to a European region. Recently, the client envisioned the consolidation of these standalone systems into a single, holistic platform that addressed the whole of Europe. The challenges involved in migration of data from these myriad systems to a single platform were security, auditing and maintenance. CSI tools helped mitigate this challenge by adhering to Role-Based Access Control and Attribute Based Access Control approaches.
Many organizations that recently procured the SAP GRC also amalgamated the solution with CSI tools Role-Built Management solution, which is one of the organization’s many triumphs. It allows to build all SAP roles on a full automated way, as a consequence business reorganizations are reflected in all roles in hours except in months. The CSI tool can be accessed through myriad interfaces, including tablets, and can work as a SaaS solution too. “In the days to come, we intend to enhance the capabilities of our flagship auditing software and ensure many more languages can be supported and thus augment our user base,” concludes Hermans, revealing a glimpse of CSI tools’ roadmap.