Access governance, role design, and segregation of duties

James Roeske, Customer Advisory Group

Explore the details of functionality, differentiators, and important platform aspects in the latest SAP on-premise and cloud provisioning and compliance solutions. Dive into SAP Access Control 12.0 and SAP Cloud Identity Access Governance and learn which application, platform, and functionality is best for your current and long-term compliance and provisioning requirements. Attend this session to ... More »

Jennifer Corbett, Lockheed Martin
Joleen Lazecki, Lockheed Martin

Attend this session to learn how Lockheed Martin, an American global aerospace, defense, security and advanced technologies company, evolved its access management strategy and improved its overall risk posture through the implementation of common processes, technology, and governance. Attend this session to ... More »

Sabine Baumer, UGI Utilities

Explore the journey undertaken by UGI Utilities to leverage SAP Access Control 10.1 to achieve an enterprise-wide security model for SAP and non-SAP applications. Attend this session to understand some of the challenges of discretionary access control security design and the compliance and operational efficiencies that an organization can benefit from by migrating to an enterprise-wide role- based access control security model. Attend this session to ... More »

Jonathan Hedgspeth, Newport News Shipbuilding

Newport News Shipbuilding has been running SAP ECC since the late 1990s in an environment with over 4,000 roles and 8,000 users. Learn how they incorporated SAP Access Control and enhanced the user access review (UAR) process to establish a complete and accurate review of user to role assignments. Attend this session to ... More »

Kunal Mahajan, EY

Explore opportunities to define security readiness from a compliance perspective and identify opportunities to define auditable processes enabled by SAP GRC solutions during an SAP S/4HANA implementation. Learn to achieve a sustainable and compliant access management solution post-go-live. Attend this session to ... More »

Dave Wood, The Goodyear Tire & Rubber Company

Learn how The Goodyear Tire & Rubber Company utilizes multiple rulesets to validate ruleset changes in production without impacting the global ruleset. Take a deep dive and see how the company maintains a second simulation ruleset to perform risk analysis against production users and review how Goodyear uses Multi Step Multi Process to pass all access control requests with a risk to a different path, allowing role owners to approve requests despite risks. Finally, see how Goodyear tracks the progress of mitigation requests utilizing GRC tables. Attend this session to ... More »

Moderator: Susan Stapleton, Greenlight Technologies
Panelists: Stephane Doumbe, Polo Ralph Lauren; Debbie Weaver, Constellation Brands

The SAP Access Violation Management application by Greenlight extends SAP Access Control in real time to any business application to ensure compliant user access is managed. In this session, hear from customers who will describe their specific challenges and the business benefits they achieved by deploying SAP Access Violation Management. Learn how SAP Access Control can be leveraged to be the enterprise-wide compliance solution for your organization and ... More »

Carol Chapman, American National Insurance Company

Attend this session to learn how American National Insurance Company handles auditor requests for access review documentation, including completeness and accuracy checks. Learn how to provide complete information on user role-based reviews that illustrate how to solve for “Least Privilege” without the pain of manually intensive extract checking. Join to ... More »

Swetta Singh, SAP

Learn how you can take advantage of SAP Cloud Identity Access Governance to combine individual business applications into end-to-end business processes to better manage employee onboarding. This requires a seamless integration with respect to access and authentication. SAP's services for single sign-on and provisioning are part of the foundation of the intelligent enterprise as they make this integration reality. Attend this session to learn... More »

Roger Zhang, Protiviti

Learn how to interpret access risk analysis (ARA) results and see how to run analysis to identify trends, such as common violating transactions. Discover how to verify their risk analysis and discuss remediation approach and strategy. Attend this session to ... More »

Kiersten Brock, Stanley Black & Decker

Learn how Stanley Black & Decker designed an SAP Fiori-based security architecture for a concurrent implementation of SAP S/4HAHA and Central Finance. Discover how the company built in a robust set of configurable controls to automate, optimize, and standardize business processes and how it leveraged SAP Access Control 10.1 to enable continuous compliance of user access management within the SAP S/4HANA, Central Finance, and SAP Fiori systems. Attend this session to ... More »

David Denson, PwC

With the release of SAP GRC 12.0, there are a number of usability, integration, and process optimization enhancements that organizations can expect. This session will provide an architecture overview of the new release, SAP Access Control and SAP Process Control enhancements, and integration opportunities available on-premise and through cloud identity access governance support. Attend to ... More »

Susan Santos, Ogilvy

Learn how Ogilvy used a phased approach to implement SAP Access Control and leveraged reports to identify usage trends and limit SAP access for users. Walk through specific GRC reports that can be run to obtain usage trends and explore the considerations for a phased approach. Attend this session to... More »

Sarma Adithe, SAP

Organizations require a lifecycle process for managing user identities and governing identity and access. In this session, learn how SAP Cloud Identity Access Governance can help organizations meet compliance and audit requirements with simple, intuitive tools. In this session, you will see these processes... More »

Sarma Adithe, SAP

This session covers how customer can take advantage of their on-premise SAP Access Control and leverage the SAP Cloud Identity Access Governance bridge to seamlessly extend access governance for cloud applications. Attend this session to learn... More »

Chris Radkowski, SAP

One of the most difficult challenges of any organization is ensuring that the appropriate technical permissions and application access are assigned to the right users. Learn how SAP Cloud Identity Access Governance is incorporating machine learning to help determine which technical roles are appropriate for specific business functions and organizations. Attend this session to... More »

Chris Radkowski, SAP

Learn how SAP is leveraging the combination of SAP C/4HANA and SAP Cloud Identity Access Governance to support a unified universal ID system for customers, partners, and contractors. This session offers useful, practical information... More »

Rohit Malhottra, SAP

Learn how to get optimal performance from your SAP Access Control system with minimal effort. Walk through the recent changes made for performance improvement in various areas, see newly added configuration parameters and learn how to implement these in your SAP Access Control system. Attend this session to... More »

Gary Prewett, NIMBL

Attendees interested in managing segregation of duties risk within the SAP HANA platform will gain an understanding in how to leverage their existing SAP Access Control 10.1 (and 12.0) investments to manage risk within SAP HANA. This hands-on lab will focus on the steps needed to detect SAP HANA-specific SoD risk in your existing GRC environments: from defining connectors, to adapting rulesets, to managing segregatopm of duties risk within your SAP HANA systems. We'll spend our time on practical, hands-on steps needed to take advantage of GRC functionality in your SAP HANA systems. Attendees of this session will... More »

David Denson, PwC

The SAP S/4HANA landscape introduces many new capabilities but also new risks. More complex SAP landscapes, mobile SAP Fiori applications, and cloud hosting all introduce new risks that need to be managed to deliver a secure, compliant SAP S/4HANA system. This session will discuss how to identify the risks within your SAP S/4HANA business process and embed mitigating controls directly into your processes using effective controls, security, cyber, SAP Identity Management, and GRC techniques. Join to ... More »

Steven Storm, KPMG
Deborah Rogers, Newport News Shipbuilding

As the traditional SAP ERP landscape evolves to a hybrid of SAP S/4HANA and best-of-breed applications, your access governance program and supporting technology solutions must evolve to provide a broader range of oversight and accountability. But which applications and platforms should you consider? Do they need to integrate? What should you look for when forming your long-term strategy? In this session, Newport News Shipbuilding will share its firsthand experiences. Attend to learn... More »

Kevin Jackson, KPMG
Jonathan Levitt, KPMG

Across SAP systems, relying solely on traditional role-based access control (RBAC) is becoming obsolete in effectively managing compliance activities and mitigating data security risks. Reliance on RBAC is not only inefficient and more costly to maintain, it is prone to manual error which can result in data leaks, audit deficiencies, and costly fines. By evolving to the “Next Generation” of SAP security with a combination of attribute-based access control (ABAC) and continuous controls monitoring (CCM), organizations can leverage automation to efficiently mitigate the access risks deemed to be the most critical. This enables security organizations to focus on running more efficiently without spending excessive time managing compliance activities. In this session, you will learn... More »

Sarma Adithe, SAP
Swetta Singh, SAP

This is a guided, instructor-led session. The hands-on exercises will guide users through SAP Identity Access Governance (IAG) and will highlight the related benefits. The objective of this session is to show how access analysis, access request and role design services can help minimize access risk and help prevent fraud within an enterprise. In this session, you will... More »

Join this open Q&A session to ask your most pressing questions about SAP Access Control. Nothing is off the table, so come get some facetime with the team behind the solution. More »

Kurt Hollis, Deloitte
Saranya Gottipati, Deloitte
Stacey Schwarz, Deloitte

Attend this hands-on lab to walk through each of the applications in the new version of SAP Access Control. Explore new capabilities and use the new SAP Fiori user interface to understand the better navigation, simpler screens, and enhanced data quality. Key points on the configuration and parameters will be highlighted. Attend this hands-on session to... More »

Dan Murphy, Winterhawk Consulting

Let’s face it, the technical side of a User Access Review (UAR) is pretty straightforward, but how do you manage the people involved in the User Access Review process? Dan Murphy, Director of Business Development and Sales for Winterhawk Consulting, as well as a certified GRC and Security professional, will guide you through some proven methods to utilize and manage the people around you to... More »

Keith Goldschmidt, Fastpath

When you have multiple systems in scope for your audit, you run the risk of creating false positives for SoD violations, or worse, not knowing of potential fraud issues because you don’t have visibility across your systems. Luckily, it doesn’t have to be that hard. Attend this session to learn... More »

Michael Kummer, Xiting

With the help of Xiting’s role test automation solutions, Siemens AG, a leading technology corporation, was able to redesign the roles of 400 technical RFC users on 20 productive clients with virtually no manual testing or involvement from the business. In this session, you will explore... More »

Alessandro Banzer, Xiting

In this session, explore a best practice approach, as described in SAP Note 1682316, to analyze roles and authorizations and how to safely redesign over-authorized dialog and technical (RFC) users that have unnecessary access to GDPR relevant data. Attend to find out... More »

Alessandro Banzer, Xiting
Michael Kummer, Xiting

Attend this session to learn a best-practice approach to redesign the roles of over-authorized RFC users in complex SAP landscapes to reduce risk and exposure. Hear a best practice approach to an RFC redesign project, lessons learned, and tools used to execute this project successfully, as recommended by SAP consulting in SAP Note 1682316. Attend to explore... More »

Pawan Sharma, Delta System & Software Inc
Tony Chmiel, Delta System & Software Inc

Attend this session to learn about a self-service automated security provisioning solution that requires minimal resources to support, which ensures accuracy of security transactions access, automates access approvals for the business, and provides governance for your SAP security design. Attend to explore... More »

Connor Hammersmith, Saviynt
Anurag Parikh, First Solar

Walk through lessons learned from First Solar’s SAP S/4HANA implementation and see how they partnered with Saviynt to meet their SAP security and governance needs. Saviynt is a cloud-based solution providing leading class Security and Governance capabilities for SAP. Come away from this session with a better understanding of how Saviynt helped First Solar... More »

Connor Hammersmith, Saviynt

Historically IAM Departments have operated separately from SAP Security and GRC teams, causing disconnect within organizations - sometimes leading to Audit findings. There has been a clear trend of companies wanting to break down these barriers and gain an Enterprise view of risk across applications - while taking full advantage of automation. Join two recognized experts in this interactive discussion to hear useful tips, trade lessons learned, and ask questions to help you on your Security journey... More »