© 2015 SAP AG. All rights reserved. 3
Por qué es tan dificil gestionar acceso y mitigar riesgos?
Procesos manuales que son ineficientes y costosos
Se enfrenta de una manera fragmentada
El área de negocio no se profundiza en lenguaje
técnico
Falta de visibiladad de riesgo en tiempo real del
panorama de usuarios y roles
Falta de habilidad de poner el riesgo especifico en
contexto con el impacto financiero
© 2015 SAP AG. All rights reserved. 4
Monitorear los riesgos de
acceso de emergencia y usos
transaccionales
Certificar las asignaciones de acceso
Definir y mantener roles en términos de negocio
Automatizar la asignación
de accesos
Encontrar y remediar las SoD
SAP Access Control Administración de riesgos de acceso y prevención de fraude
SAP_ALL
X
Legacy
© 2015 SAP AG. All rights reserved. 5
Análisis de riesgo de accesos automatizado basado en mejores practicas con
reglas predefinidas en sistemas SAP.Principales beneficios
Identificación y análisis
con precisión. Análisis de
violaciones en tiempo real
en aplicaciones SAP o No
SAP
Simulación de cambios
en la asignación de roles o
usuarios para la prevención
de violaciones
Definición de controles para
mitigar las violaciones y tener
visibilidad de la eficiencia del
controles
Automatización, análisis del riesgo en tiempo real
© 2015 SAP AG. All rights reserved. 6
Modelado de roles colaborativo y escalable, soportando
usuarios técnicos y de negocio.Beneficios principales
Proceso de colaboración
entre los dueños del
negocio y la gente técnica.
Optimización y
administración de roles.
Reducción de la
redundancia
Definición de roles bajo un gobierno corporativo
Dueño del Rol
Seguridad
Entienden los
requerimiento
s de negocio
Entiende los
requerimientos técnicos
Workflow
Configurable
Aprobador
© 2015 SAP AG. All rights reserved. 7
Estandariza el flujo de trabajo, flexibilidad en la solicitud de acceso y
personalización de vistas , simplificando el proceso de aprovisionamientoPrincipales Beneficios
Workfows de negocios que
ayudan a reducir las
tareas manuales y
optimizan el proceso de
petición de acceso
Aprovechar los recursos
existentes para la
administración de flujo de
trabajo y la configuración
Facilidad y rapidez en la
petición de roles
autoservicios
Optimización del acceso a los usuarios
SAP
Business Suite
Other SAP
Applications
Heterogeneous
Environment
HR Systems
SAP HR
PeopleSoft HR
Other
IDM Systems
SAP IDM
Novell IDM
Other
Other
AC Direct Entry
Help Desk
More…
Petición
Análisis del
riesgoAprobación
Aprovisionamiento
Automático
RECURSO WORKFLOW CONFIGURABLE RESULTADO
Mitigación
Excepción
workflow
SAP
Mobility
© 2015 SAP AG. All rights reserved. 8
Los desafios continuan…
When it comes to Segregation of Duties (SoD),
“staying clean” requires significant effort to
mitigate violations:
Primarily manual controls and an inability to
manage by exception
Lack of visibility into true financial exposure
Governing access and SoD only for ERP is no
longer acceptable:
Applications not written in the ABAP programming
language require the same approach
Cloud-based applications like those from Ariba,
an SAP company, and others
Non-SAP applications like Oracle Hyperion and
Microsoft Dynamics
© 2015 SAP AG. All rights reserved. 9
Introducing SAP Access Violation Management by Greenlight TechnologiesManage user access based on business impact
SAP Access ControlAccess risk analysis,
user access management,
emergency access management,
and business role management
Real-Time, Cross-Enterprise ControlDiscovery, aggregation, correlation, and normalization
Accelerated MitigationAutomated mitigating controls;
exception-based notifications;
and user-, role-, and risk-modeling
ReportingSimulationEmbedded
governance, risk, and complianceRules and analytics Workflow
Financial Exposure of Access RiskBottom-line dollar value
Cloud and
software as a serviceBusiness
applications
Core SAP
software
Legacy and custom
solutions
Other instances of
SAP ERP
© 2015 SAP AG. All rights reserved. 10
Reprioritize your mitigating control efforts
Before
Prioritize efforts based on processes
with the highest number of SoD issues
identified
After
Prioritize efforts based on processes
with highest amount of financial exposure due
to executed SoD violations
© 2015 SAP AG. All rights reserved. 12
SAP Access Violation ManagementCustomer example 1
Large Global Oil and Gas Customer
Knew it had an SoD issue with users who could maintain customer master data and process sales orders, but
did not know the extent of the problem.
Paid for a remote engagement, in which SAP Access Violation management identified that over 6 months, 47
users had maintained customer data and processed sales orders for those same customers with a total value
of over €150 million.
© 2015 SAP AG. All rights reserved. 13
SAP Access Violation ManagementCustomer example 2
Large U.S. Utility Customer
Knew it had an SoD issue with users who could submit purchase orders and enter goods receipts, but believed
it was used very rarely and only on an emergency basis.
Went live with SAP Access Violation Management and identified that one user violated this risk for over
$US2.8 million in a single month.
Where the dollar values are this high, accepting the risk and applying a mitigating control may
not be enough – change must be driven within the business.
© 2015 SAP AG. All rights reserved. 15
SAP Fraud ManagementAchieve effective and efficient fraud management
Monitor key performance
indicators and create
management reports
Manage alert
workload with
efficient evaluation,
qualification and
remediation of fraud
Execute mass and real-
time detection and stop
suspicious business
transactions
Define fraud
detection
strategy through
simulation and
calibration
Analyze fraud
patterns and define
detection rules and
models
© 2015 SAP AG. All rights reserved. 16
Uses individual weight factors and thresholds
Fraud detection strategyDefine detection strategies based on fine granular criteria
Key Benefits
Align to new fraud
patterns and adapt quickly
to changing fraud
behaviours
Reduced effort from
users to set up and
calibrate fraud detection
strategies
Lighter or no need for IT
involvement
© 2015 SAP AG. All rights reserved. 17
Real-time simulation and calibration of fraud detection strategies
Simulation and calibration
Key Benefits
Transparent, real time
information on the impacts
of new /changed strategies
No misinterpretations of
fraud behaviours thanks to
comprehensive ranges of
sample data
Reduced false positives
and streamlined fraud
detection
© 2015 SAP AG. All rights reserved. 18
Key Benefits
Track fraud as early as
possible before transactions
are further processed
Improve the efficacy of the
fraud team and increase ROI
of the fraud detection system
Faster fraud processing to
avoid blocking a transaction
longer than needed
Early identification of
potential fraud situation
enables business users to
gather more data for their
investigation
Real-time alerting and option to hold suspicious transactions
in business systems to avoid damages
Fully integrated bi-directional fraud processingAdvanced alert management
© 2015 SAP AG. All rights reserved. 19
Comprehensive alert managementLeverage advanced inquiry and analysis features
Key Benefits
Improved accuracy of
fraud detection with
reduced false positives
and negative detections
Availability of
comprehensive and up-
to-date information in
investigation avoids
double work
Increase investigation
ROI by focusing on high
score / high value cases
Full insight into all relevant information at the fingertip
© 2015 SAP AG. All rights reserved. 21
Enable detection rules Pre-delivered content : Examples for Cross Industry – Public Sector and Insurance have own set of rules
Conflicts of interest
Compliance
Vendor &
Service Provider
Payments
Customer
Accounting
Purchasing
Invoices
Travel Expenses
Irregularities in purchase orders
Smurfing on outgoing payments (split invoices)
Customer located in high risk country
Frequent changes in the master data of a vendor
Irregularities in payments to vendors
Vendor located in high-risk country
High-value keyword search
Address screening
Accounting documents posted on exceptional dates
Bank account and Address in different countries
Irregularities in invoices
Irregularities in Travel Expenses
Foreign Corrupt Practices ActAnti Bribery Act
List Screening (e.g. PEP lists)
*Additional results are being delivered within planned service packs
© 2015 SAP AG. All rights reserved. 22
Pattern analysisPattern analysis - embedded or highly integrated in SAP HANA
Big Data Predictive AnalyticsText Search and Mining
Terabytes analyzed at
the speed of thought
Compress large data
sets into memory
Integrate insights from
Hadoop analysis
Unleash the potential
of Big Data
Intuitively design and
visualize complex
predictive models
Bring predictive
analytics to everyone in
the business
Native full text search
Graphical search
modeling
UI toolkit
10101010101
01000101001
10010110110
© 2015 SAP AG. All rights reserved. 23
Combining the power of different approachesSAP Fraud Management covers the full spectrum of fraud detection
Known fraud
behaviors
Unusual
behaviors
Similar, but
different from
known behaviors
Unknown
fraud
behaviors
Known
patterns
Unknown /complex
patterns
Rules Predictive
algorithms
Hybrid combination of
rules and predictive algorithms (pattern analysis) to
detect fraud
© 2015 SAP AG. All rights reserved. 25
No part of this publication may be reproduced or transmitted in any form or for any
purpose without the express permission of SAP AG. The information contained
herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain
proprietary software components of other software vendors.
Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of
Microsoft Corporation.
IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5,
System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries,
zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390
Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6,
POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter,
System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2,
Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and
Informix are trademarks or registered trademarks of IBM Corporation.
Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or
registered trademarks of Adobe Systems Incorporated in the United States and/or
other countries.
Oracle and Java are registered trademarks of Oracle and/or its affiliates.
UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.
Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and
MultiWin are trademarks or registered trademarks of Citrix Systems, Inc.
© 2015 SAP AG. All rights reserved.
HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®,
World Wide Web Consortium, Massachusetts Institute of Technology.
SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects
Explorer, StreamWork, and other SAP products and services mentioned herein as
well as their respective logos are trademarks or registered trademarks of SAP AG in
Germany and other countries.
Business Objects and the Business Objects logo, BusinessObjects, Crystal
Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects
products and services mentioned herein as well as their respective logos are
trademarks or registered trademarks of Business Objects Software Ltd. Business
Objects is an
SAP company.
Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other
Sybase products and services mentioned herein as well as their respective logos
are trademarks or registered trademarks of Sybase, Inc. Sybase is an SAP
company.
All other product and service names mentioned are the trademarks of their
respective companies. Data contained in this document serves informational
purposes only. National product specifications may vary.
The information in this document is proprietary to SAP. No part of this document
may be reproduced, copied, or transmitted in any form or for any purpose without
the express prior written permission of SAP AG.
© 2015 SAP AG. All rights reserved. 26
© 2015 SAP AG. Alle Rechte vorbehalten.
Weitergabe und Vervielfältigung dieser Publikation oder von Teilen daraus sind, zu
welchem Zweck und in welcher Form auch immer, ohne die ausdrückliche
schriftliche Genehmigung durch SAP AG nicht gestattet. In dieser Publikation
enthaltene Informationen können ohne vorherige Ankündigung geändert werden.
Die von SAP AG oder deren Vertriebsfirmen angebotenen Softwareprodukte
können Softwarekomponenten auch anderer Softwarehersteller enthalten.
Microsoft, Windows, Excel, Outlook, und PowerPoint sind eingetragene Marken der
Microsoft Corporation.
IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5,
System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries,
zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390
Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6,
POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter,
System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2,
Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli und
Informix sind Marken oder eingetragene Marken der IBM Corporation.
Linux ist eine eingetragene Marke von Linus Torvalds in den USA und anderen
Ländern.
Adobe, das Adobe-Logo, Acrobat, PostScript und Reader sind Marken oder
eingetragene Marken von Adobe Systems Incorporated in den USA und/oder
anderen Ländern.
Oracle und Java sind eingetragene Marken von Oracle und/oder ihrer
Tochtergesellschaften.
UNIX, X/Open, OSF/1 und Motif sind eingetragene Marken der Open Group.
Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame und
MultiWin sind Marken oder eingetragene Marken von Citrix Systems, Inc.
HTML, XML, XHTML und W3C sind Marken oder eingetragene Marken des W3C®,
World Wide Web Consortium, Massachusetts Institute of Technology.
SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects
Explorer, StreamWork und weitere im Text erwähnte SAP-Produkte und -
Dienstleistungen sowie die entsprechenden Logos sind Marken oder eingetragene
Marken der SAP AG in Deutschland und anderen Ländern.
Business Objects und das Business-Objects-Logo, BusinessObjects, Crystal
Reports, Crystal Decisions, Web Intelligence, Xcelsius und andere im Text
erwähnte Business-Objects-Produkte und Dienstleistungen sowie die
entsprechenden Logos sind Marken oder eingetragene Marken der Business
Objects Software Ltd. Business Objects ist ein Unternehmen der SAP AG.
Sybase und Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere und weitere
im Text erwähnte Sybase-Produkte und -Dienstleistungen sowie die
entsprechenden Logos sind Marken oder eingetragene Marken der Sybase Inc.
Sybase ist ein Unternehmen der SAP AG.
Alle anderen Namen von Produkten und Dienstleistungen sind Marken der
jeweiligen Firmen. Die Angaben im Text sind unverbindlich und dienen lediglich zu
Informationszwecken. Produkte können länderspezifische Unterschiede aufweisen.
Die in dieser Publikation enthaltene Information ist Eigentum der SAP. Weitergabe
und Vervielfältigung dieser Publikation oder von Teilen daraus sind, zu welchem
Zweck und in welcher Form auch immer, nur mit ausdrücklicher schriftlicher
Genehmigung durch SAP AG gestattet.