Step-by-step: Bring your SAP compliance to a brilliant finish

SAST_SOLUTIONS_SAP-ComplianceThe IT compliance field poses a major challenge for SAP customers, and in particular, with regard to the compliance of SAP users.  It is no coincidence that roles and authorization issues are what many SAP customers find most frustrating.

Taking a holistic view of user compliance

Traditional authorization topics such as segregation of duties (SoD) aside, appropriate security measures for protecting users and optimizing user licenses round out the shortlist of core issues in the realm of user compliance. To ensure that user compliance is handled fully, these three items – authorization management, security management, and license management – must be considered holistically.

The goal of this exercise is to clean up all users with regard to SoD conflicts, critical authorizations, licensing issues. Unfortunately, the devil is, as usual, in the details. While there are a number of providers on the market who handle one of the issues, anyone looking for a solution that integrates all three into a holistic approach has previously been out of luck. Now, however, we have partnered with Snow Software to grant these wishes: We offer this very approach in our SAST SUITE. Our solution is best explained step-by-step by way of a comparison.

High gloss SAP systems

If you’ve ever been to a car wash, you’ll be familiar with the individual steps: After the high-pressure cleaner and the prewash, the car is cleaned thoroughly – inside and out – and polished until it gleams. Snow Software and AKQUINET clean up SAP users in a similar fashion.

The first step is to use Snow Optimizer for SAP Software (SOS) to evaluate all system users in relevant SAP system. This first cleaning step identifies locked, inactive and duplicate users. This will help get rid of the worst of the dirt – figuratively speaking, of course!

The second step is to re-classify users: This means that license types for the individual users are optimized based on an analysis of an extensive collection of data, which includes activities, movement and transaction data, and master data of users. SOS is also capable of identifying indirect access by third-party software. This is a clear advantage as indirect access is an area typically full of pitfalls. Optimizing licenses is a boon both for ensuring compliance with standards and guidelines and for the massive potential to save SAP customers money. A customer in the automotive industry, for example, was able to save an amount in the mid-tens of millions for over 50,000 SAP users.

Once the licenses have been optimized, the third step is to check the users for SoD conflicts and authorizations that may be critical for security- This is done by a comprehensive analysis of the existing transactions and authorizations. The results of this analysis are compared with the SAST SUITE’s extensive ruleset for handling SoD conflicts or critical authorizations. Any problems identified are then “cleaned up” using the SAST Role Management module. Incidentally, SAST customers have no need to worry about problems arising from new roles in production: Our Safe-Go-Live Management secures a seamless transition. This approach means that SoD management that is compatible with compliance is established in short order.

Securing sustainable compliance

There is one more step that we recommend: Platform security prevents internal and external manipulation of those now optimized users and roles. SAST SUITE offers extensive checks covering all key areas of an SAP system. Our GRC software has a management dashboard, where roles, authorizations and system security can be monitored continuously and in real time.

And now we return to our comparison: Thanks to the “compliance car wash” for SAP users, you’ll be squeaky clean for the next audit.

Do you want to learn more about securing your SAP systems and user compliance? Check out our SAST SOLUTIONS website or send us an e-mail us at

Patrick Boch, Product Manager of SAST SOLUTIONS