I got an early start with an 8:00 a.m. session on Life After SOx: Tips to Simplify Management of SAP Security and Compliance. Since compliance is my primary focus at work, I was eagerly anticipating this education session. The speaker, Maria Jenkins from SAP’s Global Field Services GRC Hub, billed the session as “common sense tips and tricks” for managing compliance, particularly the value that good documentation can bring to your compliance initiative. One of her key take-aways for me was that risk monitoring is not just the responsibility of the security team; it is essential to get business owners involved in taking ownership of who has access to their data.
After that session, I took a break to respond to some issues back at the office. The rest of the morning was spent in the Community Clubhouse area, where I led two Expert Networking sessions I called SAP Security Birds-of-a-Feather. I was very eager to hear what is on the minds of my fellow SAP security professionals. Some of the security challenges that came up involved managing the IDs needed by SAP Support, managing security in a landscape that includes both 4.6C and 6.0 systems, assimilating the users after an acquisition, and processes to strengthen controls.
A private luncheon for ASUG Volunteers followed, and we were treated to brief remarks by ASUG interrim CEO Bridgette Chambers. It was great to visit with some of my fellow ASUG volunteers who I had not yet seen, and there was a lot of laughter over various and sundry minor presentation mishaps.
SAP Security Services: How to use the Early Watch Alert Self-Service to Secure SAP Systems was my next session, given by Frank Buchholz from Active Global Support Security Services. This presentation featured several live demos of tools for the security administrator, including the security section of the EarlyWatch report, the Security Optimization Services, and the Run SAP Standard reports for security. I like the idea of a tool that will check for installation of security-related corrections; I am looking forward to installing it in our landscape. For more about the tool for automatic check for security notes, see Note 888889 in the SAP Service Marketplace.
I had planned to attend a session called The Role of Security in SAP Java Deployments; however, due to a schedule change, I had to miss it. I have already spoken with the presenter, SAP’s Larry Justice, who graciously agreed to present it as a web cast, so watch for that announcement. Thanks in advance, Larry!
My final session of the day was an ASUG Influence meeting on Security Networking and Influence, led by my fellow ASUG volunteer Greg Capps. This session was an introduction to the Influence activities offered by ASUG. Greg discussed the differences between Influence Councils and Focus Groups, participation requirements, and the value proposition of Influence to the participants and to SAP. After the overview, Greg opened up the discussion for those present to talk about their own security pain points and changes we would like to see to security functionality.
The SCNotties Awards for Performance Achievement and the Process Design Slam are tonight! I can’t wait to see what SAP Mentors Jim Spath, Craig Cmehil, and Marilyn Pratt have planned for this special evening!