Every organization using SAP ERP applications faces the unique challenge of maintaining a strong security posture while enabling productive business processes. Throw in the uncertainty of today’s rapidly changing environment, and you can bet that IT professionals and business stakeholders are facing misalignment between IT controls and business rules and objectives.
To discover how organizations are evolving their security and risk management practices, Appsian commissioned a survey of nearly 200 senior stakeholders using SAP applications through an independent market research firm. We compiled the results of our survey into the SAP Security Report: Executive Perspective on SAP Business Risk Management.
We found that this rapid state of change in today’s environment has brought about a new normal for acceptable risk in SAP – but not by choice. While some organizations are adopting new processes and technology to address risk, legacy strategies are holding back many in their path towards efficiently managing ERP data risks.
We also uncovered four key takeaways from the respondents:
1. Business Process Risks Are Slipping Through the Cracks
Executive confidence is wavering in an organization’s ability to detect business risks from fraud, theft, and human error. While concern is generally high, a lack of consistent visibility into these business processes highlights a gap that many have yet to address.
2. IT Leaders Are Concerned About Excessive User Privileges
Excessive user privileges continue to be a top concern of leadership – and for good reason. Users have the keys to your kingdom, and with this, pose a heightened risk if their accounts are compromised or if they engage in malicious activity.
3. Misalignment is Hurting Confidence in SAP Security
Tight alignment between SAP security controls and business goals and objectives is paramount to secure, compliant, and efficient business processes. However, many respondents signal that the two are not aligned effectively.
4. Limited Visibility & Complex Controls Are Hindering Progress
Organizations are facing the limitations of their existing technology and processes. Solving this will require a new approach to overcome complexities in controls and limited visibility into their business-critical applications.
Want to gain a better understanding of how organizations are evolving their ERP security and risk management practices? Curious about the kinds of risks organizations are most concerned about, and how they view and prioritize user and system visibility, access control, oversight, and accountability?
Download your free copy of the SAP Security Report today and take a deeper dive into these findings.