It’s Time to Fish or Cut Bait for Companies Still Using SAP GRC v10.x
The clock is ticking for SAP GRC customers. With less than two months until SAP GRC v10.x reaches its end of life on December 31, SAP GRC customers need to make a decision. It’s time to fish or cut bait. Upgrade or make a switch. As cases of fraud and internal incidents such as data breaches have significantly increased this year, selecting the right access controls and governance, risk and compliance (GRC) tools for SAP has never been more important. According to ACFE’s Fraud in the Wake of COVID-19 report as of August 2020, 77% of respondents said they had observed an increase in the overall level of fraud, with one-third noting that this increase has been significant. In the month of October 2020 alone, IT Governance reported that there were 117 publicly-reported security incidents corresponding to 18,407,479 breached records making the month the “leakiest” month they have ever recorded.
To help, ERP Maestro has created and compiled a plethora of informational guides and resources from eBooks to webinars that can help you make your decision, all of which are linked at the bottom of this post. As time is of the essence, here are some key items to consider before deciding:
What are the technical requirements for upgrading to GRC v12.0?
In addition to installing SAP Access Control 12.0 SP00, customers will also be required to upgrade to SAP NetWeaver 7.52 SP00 to maintain their current set of features and functionality. However, to leverage SAP’s new features to connect to the SAP cloud-application ecosystem, customers will also need SAP’s Identity Access Governance (IAG) and the IAG bridge.
How long will it take to upgrade to GRC v12.0 and be fully operational?
According to a recent SAP article detailing a typical project plan, it is estimated that the project can be completed in 15.5 weeks, almost four months. For users who have not yet decided on whether to upgrade or not and if they started today, this project would be complete in March/April 2021.
Is there another upgrade planned?
SAP has already announced that GRC 12.0 is expected to reach end-of-maintenance at the end of 2024. However, it is not clear yet whether another upgrade with associated costs will be required for users who decide to upgrade in four short years or if IAG will be able to perform all of the access control work as a standalone technology.
Is switching more expensive than upgrading?
Typically, upgrades are laborious projects that require a lot of time and money invested into them. With many organizations looking to be more budget-conscious due to the events of 2020, organizations may want to look at options that can help them have equally good or better protection while also lowering spend. With another upgrade of SAP Access Control already scheduled, it is unknown if there is another hefty investment needed just around the corner. Solutions that require no upgrades and are future-proof, such as cloud applications, can be an effective alternative to ensure your organization remains protected while also saving money.
What are the other choices?
There are multiple solutions that can be good alternatives to SAP Access Control v12.0. An example is our very own Access Analyzer that provides a rapid implementation – with deployment completed in just hours for most customers – and that requires no hardware, no maintenance, no upgrade costs, no migrations ever again, and no consultants necessary. Understandably, though, each organization must decide what is the best fit for their organization and dedicate the time to research thoroughly.
Additional resources to help you make an informed decision:
Switching SAP Access Controls and GRC Solutions: 6 Factors to Consider
End of Life for SAP Access Control v10.x
Trading Up or Switching Out: What’s Best for You?