Shadow IT: A Security Policy and Governance Perspective

Shadow IT, or sometimes called “rogue IT” or “stealth IT,” is the purchase or development of technology services outside the control or oversight of a company’s IT department. It may occur because a business unit believes it has unique needs not met by the company’s standardized computing services, or wants a quicker implementation than it would get from the IT department.[1] … [Read more...]

SAP Security Model

Most literature about SAP security usually points to internal controls such as user access and authorizations. Internal controls in this sense are the processes to ensure reliable financial reporting and compliance with regulations such as Sarbanes-Oxley (SOX). Securing SAP, however, is more than managing roles, users, and access and securing the NetWeaver platform. While this … [Read more...]

Why Companies Fail to Secure their ERP Systems

SAP ERP systems, like most software, are not secure out-of-the-box. But that is not to say organizations are stuck with an insecure application. An organization can configure security parameters and settings according to its risk appetite. It can apply security patches to ensure the system is not exposed to security vulnerabilities. It can also implement the right dose of … [Read more...]