In the next couple of minutes, I want to show you a bit what our customers are facing issues or problems in the last, especially in the last couple of years with the pandemic as well, with what happens here in Europe and how important it is to have a, a unified platform in the end, including all the, the SAP systems as we see that even in, in big companies, SAP is, is still something separate. So they have somehow integrated it into the identity management world, but it's not really integrated.
So if you go and look a bit deeper then it's still in its own silo and but it, how important it is, especially with the workplaces are now remote offices, disappearing, infrastructure is disappearing and how important it is to protect, even more protect the identity because the identity is what in the end it's important. The identity has access to the applications and the data and data is in the end the, the lifeblood of the company.
So when, especially in sap, these are the important data.
So it makes this very important to ate all the information you have from all the system including sap. And SAP has a very powerful GRC function, which is very nice, but the problem is it's sap. It's the same with Microsoft world. They have a lot of functions and tools to protect the Microsoft world, but what we see very often is there is no no correlation. So a very easy example is if you have a very nice GRC applied in SAP people knowing how SAP is working, you can very quickly export data out of sap.
And if you have access to a file share for example through a certain group, you can very quickly export data to this file share. And it could be that suddenly everyone has access to this data. So you have completely breached your stop tier, see you have implemented. So it's very important to, to correlate, to unify this information together that such things can't happen.
And to enforce the zero trust model, you need to know who has access to what, why and when. So this is very important.
And the third thing is especially we solved during the pandemic, customers very quickly implement additional applications, especially cloud applications. Marketing is a nice example, marketing department, they fire up new applications, there is no joint removal lever process, they're working on it, they export data there and no one has an idea that this application is there and there is no correlation in the end to a security framework. So no one has idea that they have access to, they are sending datas there.
So it's also very important that in an IM framework you can quickly adopt also such a new applications and included into the security framework in the end. So this makes it very important to have a unified platform with everything, not just the iga, also the pam which is integrated and also with all the access management on a single platform and have a deep integration into SAP in the end.
So this leads me to the integration we have now with IBE Schreiber, IBE Schreiber. Some of you will know them.
They have or they build all these rule sets for sap and this was the connection in the end we got from customers saying you should integrate this into your identity and access management because if you build new policies, you should quickly apply this to your IGA solution. If something changes, if there is a new SAP product application, whatever, you should have a very quick apply into the SAP framework for sub grc. And as we have our own sub GRC in our solution, which in the end is a combination not just for sap, it's also for everything else.
So we can combine this, we have the possibility to have an overall GRC over all the applications which are maintained in the end by the identity management system.
And this is not just for SAP grc. So we can exactly have a combination of such use cases that you know, if someone has access to a file share to a SharePoint server to everything in the environment and they can't send data out from SAP to anything else, they are not allowed to. And with this integration we have a a very quick applying all these rules in the end to the IM system.
If something changes, you can run all this analyzing functionalities and see what happens in the end in your environment if you change a policy, how this affects in the end also your environment.
So the EBIS rule set they have for all the dedicated verticals like automotive, all the different regulations, they have predefined rule sets specific for all the SAP applications. And this can be very quickly in the end, after it's there and tested, they can one-to-one transfer this function to the IM solution.
And then it could be integrated in any kind of policies in the end for all applications maintained by the AAM solution. And one thing is in the end that you can combine things together. So this is a example just for sap, but in here you can then add additional rules for your ad, your Azure active directory, your avs, anything in the end which is maintained by the identity management solution can be combined in the end together with existing rules from this rule set.
And this in the end you can then have graphical view.
So you see which users, SAP users and groups are affected by this rule set in the end in a graphical way. And you have always a graphical view on what happens in your environment and you can then also export this data to an auditor. For example. An auditor has always access to this information as well, which allows him then to run his audits against all these applications. So the benefit of this is in the end really it's not SAP only, which is the, the biggest concern of companies that the SAP G C is SAP only. So they see the SAP world but they don't see the rest of it in the end.
So we can combine rules, SOD rules with anything you have in the IM solution and you have a central governance with approvals with the stations, with reporting on top of everything.
The second use case is a sub firefighter, which is also a nice functionality and customers required or ask us to have this for everything in the end. So in the same way for their switches, they're routers databases for example.
So if the database administrator needs to go to the SAP system, they have the same way, the same functionality, how they can get access in the end to the, to the application or to the OS level. And this is something we implemented also for customers. One reason was also for one customer, a financial aspect because every sub firefighter account in the end is also money behind. And this is also something we implemented with the customer to have a central firefighter concept over everything, even Azure administrative accounts, database accounts.
So any application in the end, any system can be integrated in this and you have a firefighter concept which is centrally and applies in the end for all your applications in the enterprise.
And the second use case was for the users in the end doing really stuff on it, key users, which you want to record what they're doing to give them a, an easy way even from home that they can access in a secure way. The subi and you want to see and record what they're doing. And this was also a, a use case.
We implemented that the the in the end and the same for all the cloud applications from sap, we fire up in the end, the UI and everything gets recorded and you can always track and see and lock the information, you can see what happens and you can reply even for auditors to see what happens in the end in the, in the SAP system for the user. And you have also the evidence in the end if something happens to provide this to the auditors.
And the same here is it does not apply just for sap, it's in the same way how you maintain the whole infrastructure, any kind of application.
And it does not belong just for SAP in the end. And the same is, and also for workflows in reporting because it's integrated, it's in one system. So you have not to go to different system, you don't need to create different workflows. So it's all the same, all the same way how someone is doing something and they don't need to think about if it's different in sap it's different in active directory. So it's always the same way someone has to use the product, how they have to request some firefighter accounts, how they need to go to a system. It's always the same way.
And this gives also a lot of benefit for maintain the solution, train the people so they don't need to train people in different ways for different applications. And this is also a huge benefit in the end for the, for the enterprise specific. If you have people now working from home and not being in the company and you need to train them onsite for days, this is also a, a benefit we received from the customers in the end.
So that's overview of how we, what we did with customers achieving the sub cheery for everything in the end through the whole enterprise, how they are using our solution and replaced the sub cheery stuff with the central approach for all the the applications. Thank
You. Thank you. Any questions from the audience? Were you in the room? Did you We we do have one question. Sorry.
Okay,
So this implementation was done without SEP grc.
Exactly. So there we had customers, they have not used any subi functionality, but we had also users or customers. They replaced the existing subi because of money. This was one reason because it's not not that cheap and you need specific peoples to maintain the, the GRC framework in the end. And one reason why we, or in the end the customer told ebis Schreiber, they have to go to us to build this integration that they can do this automatically was because they are using Eves Shrier already.
And for, for all the SAP stuff and the, the maintenance was extremely high and also the cost in the end was extremely high. So this was the, the idea, just turn off my timer. So we have different scenarios and there are customers, they already are using sub GRC and moved away and we have also customers they, they try to think about using it, but specifically for let's say smaller companies, it's, it's a cost, it's a cost issue and also a manpower issue. That's the main, main driver and then main reason for it.
Interesting. Do you have a view of the subs now new cloud IGA for SAPAna?
Is that, do you believe that that is mature enough to be used or would you look at leveraging your product for example, in that role?
So from market marketing wise, I have to say you have to use our, no, we can do this with our solution as well. So technically yes, we can do this is SAP is one of our key key application in our product. So we are handling SAP stuff since 20 years now. So there is a very deep integration and SAP is a key application for us to integrate in, in our solution because it's, especially in Europe, it's the most used application.
So we have also integration in all the SAP modules.
Any other questions? I I was gonna ask, were you, were you in the room this morning when Martin was talking about privileged access management and you know, the need that 90% of it shouldn't be, you know, dynamic rather than, than static. Do you think what your, your firefighter concept kind of aligns with that?
Yes, that's, this is another reason why we, we got in contact with the customers replacing the sub firefighter concept and this was a, a main topic for, for some of our customers to, to have this dynamic concept and not to assign a sub firefighter to a person in the end that's, this was one reason. Yeah.
Yep. Rolls are tricky.
Yep.
Anything else? Well thank you then.
Thank you. Thank you very much.
