euKaria. Automating the Re-engineering of Roles in SAP Systems and detecting patterns of use to automatically define position types and segregate duties based on risk matrixes.
The problem of inadequate management of roles in SAP
In a SAP system, and due to inadequate management of roles, situations arise that reduce the efficiency and increase the entropy of the security system. For example, users that are assigned roles with more duties than those necessary, others that are assigned roles as a copy of existing users, without analysing whether there is an excess of permissions in this set of authorisations.
It is also common for a user to change jobs within the organisation, and on doing so they are assigned roles for that new duty, yet still having access to the previous ones, thus accumulating authorisations which are often incompatible. Another common case is the creation of roles which are very similar to other existing roles to which modifications of little importance are added.
These are just some examples of inadequate management of authorisations and roles in SAP. These errors, throughout the years of existence of a SAP system and with a normal number of users, causes entropy in the system of authorisations to multiply geometrically and even exponentially to a point when it becomes difficult to find or manage the initial roles, and new roles are created by mistake, new roles that are similar to existing ones, which makes the problem even worse.
The consequences of inadequate management of roles in SAP
As a result of this situation it is no longer possible to guarantee an adequate security system in which company data is effectively protected, in addition you may be failing to abide to corporate policy or even the law by failing to adequately protect critical data such as individual and corporate data included in the SAP database, whose management is contemplated by the GDPR.
The solution: euKaria
The only way to revert this situation is to carry out a re-engineering of roles. When we are dealing with thousands of users and hundreds of thousands of roles, undertaking a re-engineering project manually is not feasible. But let’s see how we can go about it safely and in record time thanks to adequate tools.
The prime aim in re-engineering roles is to re-establish a manageable system, one that is limited and controlled, based on position types but, how do we identify these position types in a disorganised array of hundreds of thousands of roles and users?
Novis Euforia’s euKaria solution is capable of resolving the problem in just five stages.
Stages in resolving inadequate management of roles in SAP with euKaria
- Firstly: Automatically obtaining information relative to the system’s structure of roles and users by means of an installable extractor, with the option of data anonymity.
- In the second stage, an analysis of the users is carried out by means of artificial intelligence, in order to find patterns that are not evident to the human eye, and to group users in a limited set of position types.
- Stage three, with the automatic creation of a graph database that generates a logical outline of relationships between entities: users, roles, authorisations and duties. Once this logical outline is created, euKaria compares the results with the segregation of duties matrix and detects those roles that contain duties that are incompatible. Likewise, critical duties, or wrongly assigned duties are identified, for example system administrator duties in end user roles, or on the other hand, access to business data by technical users.
- In the fourth stage, once the position types are identified and their duties are segregated, euKaria generates a complete outline of roles and authorisations that can be imported directly into a system, or used as a guide to carry out a re-engineering of roles.
- Finally, the solution allows for continual controls to detect changes that do not comply with the current segregation of duties, with the philosophy known as «get clean/stay clean».
euKaria is a unique SAP security solution on the market. Using mathematical algorithms, and a scientific application of new technologies, it has turned the costly process of carrying out a re-engineering of roles into an automatable project that saves time, expenses and worry.
Do you want to find out more about EUKARIA? Get in touch with Novis Euforia by filling out the following form and we can talk.