Home / Blog Overview / Trading Up or Switching Out: What’s Best for You?
Access Controls | September 4th, 2020

Trading Up or Switching Out: What’s Best for You?

Trading Up or Switching Out: What’s Best for You?

As we quickly approach the end of the year, some SAP customers using SAP Access Control 10.x are still contemplating upgrading to GRC 12.0, which reaches end-of-maintenance on December 31. As I’ve spoken with many organizations on this topic, I’ve observed there to be reluctance in the best path forward, with many choosing to simply delay the upgrade. A delayed upgrade is understandable in light of the many challenges this year that have overshadowed technology initiatives; however, other considerations may be at play.



Historically, upgrades, especially for on-premise customers, have not been easy nor have they been without cost. More budget-conscious than normal due to the events of 2020, organizations may want to look at options that can help them have equally good or better protection while also lowering spend.

While there may be some hesitancy in switching to an alternative solution because people, in general, tend to stick with what they know, that isn’t necessarily a good strategy for making improvements. The truth is, moving to a new solution does not have to be costly, complicated, time-consuming, or involve consultants. Saving money should be one of the top priorities in making a case for change.

If customers can get more effective and intuitive controls that can be deployed rapidly to deliver better results with less lifetime investment, they should fully consider their other options instead of upgrading as a matter of course. Many solutions in the market offer superior results without the high price. It’s a good best practice to always check out other solutions when technology upgrades occur. Functionality may have changed since you last surveyed your options.


Future Uncertainty

Another reason for stalled GRC12.0 upgrade decisions may be the future uncertainty of SAP Access Control products. Will investing in another upgrade now save you later or cost you more in the long run? A lot of new SAP developments have occurred, particularly the new HANA database, S/4HANA and the cloud ecosystem in which much of the functionality once residing within the ERP now sits outside of SAP as cloud applications. This does change the way access controls function in the new environment.

For those organizations that have already migrated to S/4HANA or who will, access controls work differently. If customers are continuing with SAP and upgrading to GRC12.0, they will also have to use a second product, SAP Identity Access Governance (IAG), as a bridge to conduct access risk analysis across the entire system. Additionally, SAP has already announced that  GRC12.0 is  expected to reach end-of-maintenance at the end of 2024. Questions remain on whether another upgrade with associated costs will be required then or if IAG will be able to do all of the access control work as standalone technology. Organizations, then, may fare best if they select an alternative now so that they can avoid any future upgrades and uncertainty about what’s next. It’s possible to future-proof controls, and this should be top of mind.


Compatibility Fallacy

There is a misnomer that SAP users should stick with SAP-developed access controls because they have been developed by the same vendor as their ERP. Businesses may be comprehending that this line of thinking isn’t always true. In reality, a vendor may not devote as many resources to the development of ancillary products as it does to its main bread in butter. Instead, a best-of-breed vendor wholly focused on access controls devotes 100% of its resources to the development of nothing but access controls. Such a vendor is likely to develop premium controls. Over the years, I have worked with and used a variety of different products in the market and each have their own merits. For this reason, it is advisable to research how existing controls measures up to those of dedicated access control providers.



Some customers are realizing that even with SAP, access controls will eventually be cloud-deployed, and there are advantages of using cloud controls to manage risk, decrease audit deficiencies and cut costs. Consequently, customers may want to move now to total cloud rather than using one part on-premise with GRC12.0 and one part cloud with IAG. Moving to a trusted control vendor that created its solutions as cloud from the beginning makes good sense.

As cloud technology has become the crux of digital transformation, there is every reason to move to the cloud sooner rather than later. If you can do away with implementation costs, consultants, future upgrades, maintenance and on-site hardware with the same or better breach protection, why would you not?


How to Choose

As a best-in-breed, cloud access control provider, ERP Maestro aims to help SAP customers understand their options and help them choose what is right for them. We also assist in their research process by letting them experience our controls through a complimentary risk assessment that uses our solution to analyze threats; rank threats by risk level and by user, role and business process; and get remediation next steps.

If you are considering using other tools for greater savings – up to 80% in some cases – future-proofing, and extreme ease of use, we invite you to take advantage of our no cost assessment now. You can make a switch, pay less and be up and running in minutes or hours, not months.

    Leave a Reply

    Your email address will not be published. Required fields are marked *