Lately, I have received a flood of calls regarding GDPR asking why we have not published anything on the subject yet. The latest call was from a senior consultant in one of the Big-4 firms asking what Xpandion’s stance is…
When you are a SAP security person, responsible for managing access control for all employees in the organization, you hold a very powerful position. In comparison to programmers who have a lot of control over their specific work, the authorization…
In the past couple of years Xpandion has been involved in creating and integrating self- service user portals. Customers either wanted to use Xpandion’s self-service user portals, or they needed integration between ProfileTailor Dynamics’ portal and their own user portal.…
We recently met with a few of our global customers as well as prospective clients, and we were able to gain a great deal of insight regarding one of the most talked about topics, segregation of duties. Some of the…
You Can Continue to Copy Users in SU01, but be Smart about it! How does your organization create user accounts for new employees? How do you grant authorizations? Most organizations use the method of copying an existing user account, slap…
This blog discusses in short, four effective methods that give high value to security managers by reducing manual work and simultaneously increasing security levels. The idea for this blog came from speaking with senior SAP security individuals, CISOs as well…
How do you choose the best single authorization role to grant a user who has just sent a request for additional authorizations? This is a complicated process for most organizations as there are thousands of roles that exist. Even if…
There’s a tricky little process with an innocent-sounding name, and it’s something that goes on in your organization far more frequently than you’d imagine. Can you guess what it is? It’s called “IT Access” (AKA “Emergency Access”) – and auditors…
If your organization has run an SAP system for three years or more, you probably suffer from what we like to refer to as “Deceiving Authorization Roles syndrome.”Whether you’re familiar with this pesky problem or not, maintaining authorization roles for…
If you’re in the GRC field and you’re asked to join a GRC project as a professional consultant, a team leader or a project manager – avoid these 5 major mistakes. If you don’t identify these situations beforehand, you might…