Who do we do it for?
GRC, IAM and Security projects are continuous projects that need the involvement of all key players in the organization.
SOX has put security and compliance on every C-range*'s agenda. The cost to be compliant is huge and should thus be automated. You understand that user / role / authorization projects can be very cumbersome and time consuming. As a result, you will start with projects to automate these processes. But as Bruce Schneier once said: "If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology."
Thus, we assist you to understand the authorization process, so that you can implement the technology smoothly and optimize your security processes.
For the CEO: to assist you in your decision process. You need to have insight not only in the pure facts (eg number of SOD conflicts) but also in the conceptual problems and other pitfalls. Identifying potential bottlenecks will save you a lot of time and money.
For the CFO: to assist you in getting compliant. Compliancy is not a project but a continuous process. You will need a roadmap that you can use to report to the CEO and external auditors. Moreover it will give you the necessary peace of mind to be able to monitor the progress of the compliance process.
For the CIO: to create a high level of efficiency and effectiveness. Our proven methodology and concept ensure a high degree of standardization in maintaining the authorizations. Saving up to 60% of maintenance costs is no exception and can be vouched for by customer's statements. Whatever the scenario, the benefits of using the day-to-day support line for you are the same: transparent costs, reliable operation and first-hand know-how. Moreover our approach ensures a smooth implementation of an Identity Management solution if the system needs to be connected.
For the internal auditor: to assist you in defining audit issues and risks. SAP authorizations and internal controls are a specific knowledge domain which is not always present within your internal audit department. Partnering with axl & trax will fill in this knowledge gap and will enable you to deliver complete, errorless and accurate audit reports on this topic.
For the business (managers): to guide you in identifying business requirements and assist you in defining enterprise business roles. A good set of enterprise business roles allow the following benefits for the business manager: transparency, winning time, simplification, flexibility, better control and thus compliancy.
For the key users: to facilitate your job in interpreting business requirements and translating them into attributes that can be used in the task roles or permissions.
For the security manager: to facilitate your job in ensuring the desired security (need-to-know & least privilege principles, ownership control, etc. ) is implemented with the least cost and to ensure that all actors of the company involved in security are playing the game accordingly and in a transparent manner.
According to traditional approaches, the security operations center (SOC) of the company has:
- to manage separate permission requests for each person (successive & granular requests),
- to manage a sometimes complex and long approval process for each separate permission request (ex : dialogue with several business authorities),
- to manage a revoke/change process for each permission according to changes of the business organization, in order to maintain as far as possible the famous "least privilege" security principle of the permissions granted, what is never easy,
- to store/retrieve all the history of each person/permission for verification and audit reasons.
For the SAP administrator: to facilitate your job by building roles in a few days instead of months. We have automated the full process to ensure that you spend your valuable time to more important things as building roles for days or even months.
*C-range: CEO, CFO, CIO