Risk free authorization provisioning with SAP GRC Access Control 10.0 @ the National Lottery Belgium
Your logo
Gert De Pauw The National Lottery Belgium Chris Walravens Expertum
SAPience.be TECHday’13
1
Agenda The Players
Project Triggers / Challenges SAP GRC Access Control Implementation Phases Project Benefits
SAPience.be TECHday’13
2
The National Lottery
Kanalisatie
Wet van 19 april 2002 + het beheerscontract tussen de Belgische Staat en de Nationale Loterij: “sociaal verantwoordelijke en professionele aanbieder van spelplezier” met twee essentiële doelstellingen : • het spelgedrag kanaliseren en zo een alternatief bieden voor privé en/of illegale spelen • de bestaande gebruikers van loterijen en kansspelen aantrekken met een modern en aantrekkelijk aanbod, zonder evenwel de omvang van de markt uit te breiden
Financiële steun aan organisaties en manifestaties van publiek belang:
Grootste mecenas van België
Op een verantwoorde manier
•
225,3 miljoen euro aan subsidies rond de thema's sociaal, sport, cultuur, familie, wetenschap en nationaal prestige worden door de ministerraad goedgekeurd. Sinds 2002 stort de Nationale Loterij 27,44% van het globale jaarlijkse subsidiebedrag rechtstreeks aan de drie (Vlaamse, Franse en Duitstalige) Gemeenschappen. • Sociale of naamsponsoring van initiatieven ten voordele van de integratie en het welzijn van minderbegoede bevolkingsgroepen (b.v. Restos du Coeur, eindejaarsdiners, bezoeken aan evenementen en tentoonstellingen aan verminderd tarief)
Actief en op een autonome manier bijdragen tot de preventie en behandeling van gokverslaving dankzij de steun aan initiatieven in die richting
SAPience.be TECHday’13
3
The National Lottery
One of the biggest retail networks in Belgium
5240 Stores Independents working on commission and selling our products
SAPience.be TECHday’13
4
Delaware History • Founded in 1981; has been part of Bekaert, Andersen and Deloitte • Independent partnership since 2003
Today • 850+ professionals • Belgium, China, Singapore, France, Luxembourg, The Netherlands & US
Recipe • Aligning business and technology • Combining strengths, delivering solutions
Philosophy • Entrepreneurship, Care, Respect, Team spirit, Commitment
SAPience.be TECHday’13
5
Expertum History • Founded in April 2006 by 2 ex-SAP BeLux employees • Partnerships
Today • Team of 50+ SAP Experts and Project Managers
Mission • Exceed client expectations by providing top-quality expertise • Provide our people a safe environment for personal and professional growth Strength • Highly skilled & experienced SAP consultants in all SAP areas, combined with a wide industry knowledge in several domains
SAPience.be TECHday’13
6
Expertum Competence Areas
Focus GRC team
Project Management (PM) Supply Chain Management (SCM)
Finance & Controlling (FI/CO)
Business Intelligence (BI:BW/BO + HANA)
Knowledge Management Product & Service Development Governance, Risk, and Compliance (GRC)
• SAP Security & Authorizations
• SAP GRC Access Control Product Lifecycle Management (PLM)
Application Lifecycle Management (SolMan +NW)
SAPience.be TECHday’13
• SAP GRC Process Control • SAP Identity Management
7
Project Triggers / Challenges Transparency
Segregation of Duties
Automated Processes Monitoring & Reporting
Audit Trails
Risk Prevention
Controlled Access
Business Ownership SAPience.be TECHday’13
8
SAP GRC Access Control Self service emergency access activation Centrally approve and manage emergency access or all SAP systems Detailed usage logs for comprehensive emergency access reviews
Accurately identify and analyze access risk violations in real-time Remediate and mitigate conflicts for users and roles Continuously monitor access risks and user assignments across the enterprise
Analyze & Manage Risks (AMR)
Emergency Access Management (EAM)
Business Role Management (BRM)
Provision & Manage Users (PMU) Self service user access request process Preventive risk analysis in user provisioning Automated workflow for efficiently approving requests Streamline and automate reviews of user access
Centralized business role management Enforced compliancy to format & SOD rules Automated role governance process involving business & technical owners
SAPience.be TECHday’13
9
SAP GRC Access Control
First Belgian Company Using all 4 Modules
SAPience.be TECHday’13
10
Implementation Phases Analyze & Manage Risk Emergency & Access Management Provision & Manage Users
Phase 2
Phase 1b Phase 1a
01/11/2011
01/07/2012
31/12/2012
SAPience.be TECHday’13
01/10/2013
11
Analyze & Manage Risk
Bridge Business - IT Analysis Engine
Proactive Risk Analysis Root Cause Analysis Rule Set
Detailed Reporting SAPience.be TECHday’13
12
Emergency Access Mgmt
Automated Notifications
Logging Activities Controlled Access Only Approved Access
SAPience.be TECHday’13
13
Provision & Manage Users Automated Provisioning Audit Trails
Role & Risk Ownership
Eliminate IT Involvement Workflow Based Approvals
Preventive Risk Analysis
SAPience.be TECHday’13
14
Implementation Phases SOD Remediation HR Trigger Approval Delegation
Phase 2
Phase 1b Phase 1a
01/11/2011
01/07/2012
31/12/2012
SAPience.be TECHday’13
01/10/2013
15
Intermediate Phase Delegation of Approvals
Automated User Creation Clean-up of Access Rights
Triggered by Onboarding
SAPience.be TECHday’13
16
Implementation Phases Technical role design Business role design (Composite roles) Position Based Security Business Role Management
Phase 2
Phase 1b Phase 1a
01/11/2011
01/07/2012
31/12/2012
SAPience.be TECHday’13
01/10/2013
17
Business Role Management Automated Notifications
Transparency
Automated Access Removal Workflow Based Approvals
Embedded Risk Analysis Centralized Role Documentation
Role & Risk Owners SAPience.be TECHday’13
18
Risk Reduction
SAPience.be TECHday’13
19
Project Benefits Rule Set
Transparency
Segregation of Duties
Workflow Based Approvals
Bridge Business - IT
Automated Processes
Audit Trails
Only Approved Access
Logging Activities
Monitoring & Reporting Clean-up of Access Rights
Controlled Access Delegation of Approvals
Analysis Engine
Risk Prevention Root Cause Analysis
Business Ownership
Automated Notifications
SAPience.be TECHday’13
Eliminate IT Involvement
20
LEARN FROM THE EXPERTS
[email protected] www.expertum.net/expertsessions SAPience.be TECHday’13
21
Thank you! Gert De Pauw
Chris Walravens
Senior SAP Manager The National Lottery
GRC Competence Lead Expertum
+32 2 238 46 72
[email protected] www.nationale-loterij.be
+32 474 475 983
[email protected] www.expertum.net
www.expertum.net SAPience.be TECHday’13
22