THIS EVENT WILL TAKE PLACE FACE TO FACE
Cybersecurity, the practice of protecting critical systems and sensitive information from digital attacks, is always a trending topic as the threats are always unpredictable. In this event, we will be talking about everything you'll need to know about cybersecurity including internal and external threats. How the boundary-less cloud poses security concerns and what are the counter-measures? When it comes to cyber identity, hat are the key things we will need to know about access governance and cyber identity?
Our Audit, Control and Security (ACS) SIG is a well-supported group attended by a cross-section of professionals working with SAP and representing the following business areas: IT Security; (including SAP Basis experts) IT & Financial Audit and Risk Management.
Join Jonathan Cooper from Onapsis who will be talking about the Onapsis Customer Spotlight: How Dow Chemical Leverages Onapsis for Harmonized, Proactive Security & Compliance
Traditionally, cybersecurity and compliance have been two very separate functions where oftentimes the misalignment has been emphasised more than alignment toward a common goal. Add in the complexities of the compliance landscape and ever growing threats to business-critical applications, and defenders have a difficult challenge to solve with limited resources.
Andrew Morris will be speaking about Applying a Zero-Trust Approach to SAP
What is Zero-Trust?
At its most basic level, zero trust is about an approach to securing systems and data which means we must ensure we know WHO is accessing data, for WHAT purpose and intelligently limiting access to that data at all times. It is a cybersecurity term, but when applied to SAP, has a lot of touchpoints with elements with which we’re already familiar.
Authorisation management in SAP is the first step to implementing a zero-trust approach – are you limiting users’ access to only the systems and data they need to access to do their job? PAM, or EAM then extends this solution to ensure that privileged access is approved and monitored.
Infosec have tools in place to validate devices, but digital transformation in SAP, adoption of new UI, like Fiori and mobile devices can mean this is more of a challenge…
Contextual authorisations, such as UI masking, which can overlay access policies (PBAC) on top of role-based authorisations, allow us to further enhance the controls over access to data, such as limiting interaction based on location, time etc.
Tooling such as SAP GRC allows the limitation of access, visibility of interactions and better understanding of the zero-trust approach, as well as embedding the risk ownership within the business, so the access granted can be tied to the risk of that access to the underlying data and processes. Combining this with BIS, ETD and other solutions will permit extension of the Zero Trust approach to further secure your business-critical systems and data – gaining visibility of vulnerabilities and if they are being exploited allows integrations with other cyber-defense initiatives. Integrating your SAP systems with enterprise-level cybersecurity initiatives, such as DLP, security training and identity governance all permit you to grant access only where required.
This is especially relevant where we’re operating in managed services environments, where the most privileged access to our systems and data may be granted to users outside the organization. PAM initiatives especially can reduce the threat posed by these privileged accounts.
Barbara O'Cain and James Howgego from SAP will be sharing on the tools for customers to use to manage such governance and compliance. Data governance encompasses the people, processes, and information technology required to create a consistent and proper handling of an organization's data across the business enterprise. Learn how SAP SuccessFactors helps your organization exercise positive controls over handling and accessing data from the perspective of an employment attorney and a global technology advisor.
Join Chris Soden from SAP who will present SAP Updates on journey of creating Sovereign Cloud Services
SAP Sovereign Cloud offerings are deployments of security-hardened SAP cloud solutions designed to adhere to national security and secrecy requirements such as government accreditation, attestation or certification programs. Solutions offered by SAP Sovereign Cloud support personnel sovereignty requirements such as requiring SAP employees to undergo security clearance by a local government.
They will also being doing a tour of their SCIF facility in CHP.
As this is a Partner sponsored webinar, there may be some restriction on which members can attend. This means that even if your initial booking is accepted, we may contact you to cancel your booking.
Your SIG Chair:
Brian Froom, your ACS SIG Co-Chair and Information Security Manager TSE from Tata Steel will provide an update on his attendance at the Meet the Developers, where he will have met and had discussions with the SAP Experts.
Jonathan is a pre-sales advisor at Onapsis who offer mission critical application security, compliance, and resiliency. His background started initially in Finance and spans over 20 years with SAP across supply chain management, Business Intelligence, S/4HANA and data protection/security.
Cyber & Application Security Director
Andrew has 20 years’ experience of delivering robust cyber solutions in regulated global environments for organisations and clients of Turnkey. As a director for Turnkey in cyber governance, risk and compliance, he helps organisations to identify and effectively manage their risks.
Global Compliance Program Director
Having joined SAP SuccessFactors in 2013, Barbara is a frequent speaker globally on topics of human resources regulatory compliance, HCM globalization and localization, employment litigation, and data privacy.
Senior HR Technical and Security Architect
James has worked for SAP covering security, technology, and compliance for more than 22 years in various roles. He currently works across North EMEA helping prospects and customers to understand the security and compliance benefits of SAP HR Cloud technology and how this can be best utilized.
SAP UK & Ireland
Audit, Control & Security SIG Co-Chair
He has 21+ years’ experience as an IT Auditor across different sectors. He is currently involved in the security and monitoring of Tata Steel’s SAP installations across UK and Europe.
Our latest insights and thoughts
Our Training & Change Management Coffee Session is on Tuesday 28th March☕ ow.ly/rj7850Nfrll During this… twitter.com/i/web/status/1…
67% OFF SAP LEARNING HUB… 10 days left💡 Due to the power of the UKISUG community, we can offer our members an unb… twitter.com/i/web/status/1…