su53 helps SAP customers with managed security service

News
By Tom Brewster
published

su53 believes it has found a gap in the market where companies need specialist skills for SAP governance, risk management and compliance.

su53

su53 Solutions has launched a new managed security service to help firms keep a closer eye on SAP governance, risk management and compliance (GRC).

The operating and support service for SAP environments is the first ever fully integrated service of its kind for SAP systems, according to su53, and is aimed at firms looking to avoid any problems when an audit comes around.

All different versions of the package offer monthly reporting on activities and a quarterly assessment of what improvements could be made.

Other services include regular or ad-hoc compliance assessments and GRC reviews, consulting services, security advisories and technical support.

Clients can also take advantage of the SAP Security Outsourcing option, so they do not have to worry about managing this area, although su53 said it would only "probably" cost less than controlling this area in-house.

"Most of the big players don't specialise in this area. They have some general skills, whereas we have very deep skills," Martyn Proctor, managing director at su53, told IT PRO.

"I think the risk that is most common at the moment and the one that the auditors will tend to pick up on is to do with segregation of duties. This is where people have privileges and access to a system to do things which could be in conflict."

In this case su53, which is itself an SAP partner, helps identify where such conflicts exist, Proctor added.

The various packages are delivered from Northern Ireland, a country offering some of the lowest operating costs in Europe, su53 said.

The location also provides companies with the confidence that personal data accessed by the managed security service is kept within the regulatory environment of the region.

"We chose to use Northern Ireland as there is a sense amongst a lot of customers that they'd like to have security and risk management looked after fairly close to home," Proctor said.

A case in point

One company that has already taken advantage of the managed security service is Anglian Water.

The company had found they had around 2.7 million conflicts arising in their segregation of duties, explained Anglian security risk manager Sandra San Vicente.

The in-house team wanted to work on lowering the number of conflicts, but realised they could not do it alone so brought in SU53.

"At Anglian we chose to in-source our SAP security authorisations function from our main IT provider, and configure and manage our own GRC tools. SU53 has been a key partner in enabling us to implement this strategy," Vincente said.

Tom Brewster
Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.