Marketing Communications Specialist at ERP Maestro.
Meet one big reason our customer support is the best in the industry
At ERP Maestro, we truly believe our product is more than just software. Our offering would not be complete without the top-notch service and support we provide – day in, day out, no matter the time zone – to ensure our customers are as successful as possible, quickly as possible with Access Analyzer. Of course, this level of support would not be possible without awesome experts to provide it. In this post, we introduce you to Jay Dhruv, Director of Solution Delivery at ERP Maestro. Certified in SAP GRC, CISA and PMP, Jay spends his days on the front line of technical support resolving issues, onboarding new clients, and above all keeping our customers very happy!
Here’s what Jay shared about his time so far with ERP Maestro and the insights he has gained from working with customers…
What are some common challenges that customers face when it comes to access controls and segregation of duties?
There are numerous challenges if you do not have the right automated access controls tools. However, there are some key issues that IT leadership must consider:
1. Automating internal controls for transaction monitoring
I have seen companies who have manual processes spend days with their analysts to ascertain segregation of duties (SoD) issues. This method is cumbersome and time consuming and at the end of the task there is always possibility of errors in the process and in the data. The second major challenge with manual methods is lead time. Every time you need new set of reports, there is considerable time delay. Hence the reports are never current. The third major challenge is that companies limit themselves to monitor a small set of 25 or less risk rules, and with a larger set, it becomes near to impossible to carry out user analysis.
2. Identifying SoD risks for users/roles
Smaller organizations that use manual methods for SoD analysis limit doing user analysis often, and lack a systematic approach to risk analysis. Role cleanup, optimization, and analysis often gets ignored as well.
3. Authorizing access
Companies using manual methods also rely on manual approvals. However, collecting approval evidence can become tedious. It is always a reactive environment, and it can lead to exceptions and various audit findings.
4. Keeping a central log for annual audit
Lack of a central system for access control log is another challenge with organizations. The benefit of having all approvals in one place means peace of mind for the CIO and IT leadership.
5. Automated process for role reconciliation/access recertification
One of the key processes under the access control umbrella is access recertification/consolidation or role reconciliation. Some companies use manual methods and lot of tedious excel worksheets to go through this exercise, making it a nightmarish process. Data becomes stale quickly and highly error prone.
6. Monitoring risks arising from custom transactions and programs
There is awareness about standard risks, but one area which often gets ignored is custom SoD risk arising from Z transactions and the like. Companies having manual processes often ignore this area completely. It’s very much possible that one of your developers or functional experts knows of Z programs which can basically allow them to bypass all security checks that we have in standard SAP transactions
What are some new trends or practices in this space?
Some trends I’ve noticed are that access controls solutions are striving to be more intuitive, easy to use, fast, and less intrusive. Most of them now have cloud, big data, and analytics as part of their platform, so professionals are incorporating these features into their processes.
What advice would you give someone to help them manage their access controls?
See the access controls solution in action before purchasing by getting a POC (proof of concept) or a trial. I have heard from customers who invested heavily in enterprise solutions that end up requiring too much effort and time to use. In addition, keep at least one cloud-based option in your top 3 vendor shortlist. Cloud is continually driving down enterprise IT costs considerably.
What do you like about working with customers?
Connecting with customers in multiple countries is always fun. You get to hear different voices and also get exposure to different ways of doing things. You are then in a position to understand different environments and recommend best practices.
What do you like to do when you’re not working?
I love long distance swimming when I can, whether it’s a beach, a Florida spring or a lake in a national park. I love to explore different waterbodies with family and friends as well.