Access Control Tools for SAP Environments
Key Takeaways
⇨ CerPass: Modern Fiori-based UI solution for managing access risks in SAP environments.
⇨ Fastpath: Cloud-native platform combining access control and IGA capabilities for multi-application environments.
⇨ IBM: Security Verify offers strong cross-platform IGA capabilities with above-average support for SAP environments.
This report provides an overview of the market for Access Control Tools for business application environments that are centered around SAP solutions, including traditional SAP ECC environments. The main focus is on these environments, including SAP S/4HANA, SAP S/4HANA Cloud and other SAP cloud applications, with a limited focus on support for other Line of Business (LoB) applications. We examine the market segment, vendors, product functionality, relative market share, and innovative approaches to providing solutions that
increase security in these business application environments primarily for SAP, by restricting access, controlling break-glass access, and related capabilities.
For many enterprises, SAP systems are an essential part of their corporate IT infrastructure. Critical business information is stored within ERP systems, and the favored source for employee data is the SAP HR system. Business processes are implemented through portal solutions relying on SAP infrastructure. Data is held in SAP HANA; the migration to S/4HANA is ongoing, and highly individualized functionality is coded right into the existing standard SAP modules by using ABAP or Java. Although there are many other systems in place which also contain critical information, many businesses still rely on the availability of well-designed and well-protected SAP Systems. Traditionally, SAP systems are a major focus area for internal and external auditors. For the successful implementation of adequate controls, it is essential that all existing SAP systems are covered by an effective solution for managing risks, and within that for managing access control and SoD controls and implementing adequate Access Governance.