Skip to Content
Author's profile photo Heike Fiedler-Phelps

The CIO mandate: Run the business while safeguarding data and systems

In this third article in our data security series, Heike Fiedler-Phelps explains the role of GRC in enterprise security. Read the first two installments: #1 and #2.

Amid today’s high-profile cyber attacks, increasing concerns about customer privacy, and evolving cyber threats, enterprise data security has taken center stage. CIOs must be as adept at safeguarding data and systems as they are at keeping the business running. The growing IT to-do list includes constant planning and risk mitigation for:

  • Intentional threats
  • Legal requirements
  • Accidental threats
  • Business continuity and crisis management
  • Protecting internal information
  • Protecting intellectual property

A quick scan of news headlines confirms that security attacks, non compliance risk, and vulnerabilities can be found at any level of the organization, from operating systems and databases to applications and devices. At one level are annoyances such as auto-emailed viruses; at the other are more sophisticated phishing-style attacks that trick employees into clicking on dangerous links that install malware, steal credentials, or otherwise jeopardize the security of the enterprise.

CIOs are also busy integrating innovations such as cloud computing, mobile technologies, and big data – which increase flexibility, speed, and insights, but can also compromise security. Add to the list a fluid and mobile user base, and the task of securing it all is daunting. How do you secure customer data stored in, and accessed from, the cloud? Safeguard unstructured big data sources? Comply with changing data privacy regulations? Security professionals must be on constant guard, responding dynamically to minimize damage to bottom line or brand reputation.

Managing enterprise security

Where do you start? To address all these challenges, you need a master plan – an overarching approach to enterprise security management that includes governance, risk management, operations, and compliance.

  • Governance increases access security to help safeguard system that contain critical information.
  • Risk management consists of identifying risk causes, assessing the effectiveness of controls,
    determining consequences, prioritizing and classifying risk, and creating an
    appropriate response.
  • Operations covers physical infrastructure, identity and access management domains across
    communication, IT platform, application, and data layers. It also includes
    real-time fraud management, audit management, and ensuring with the legitimacy
    of the organizations you work with.
  • Compliance aligns a company’s infrastructure and operations with internal and external audit and legal

The role of GRC in keeping your organization secure

Governance, risk, and compliance (GRC) solutions support each security management area with systems and processes aimed at improving performance while minimizing risk. For example, access controls help you grant and restrict data access to authorized
personnel, regardless of where the data is located – from the cloud to on-premise databases to mobile applications. GRC solutions play a key role in supporting enterprise security in the era of big data, cloud, and analytics.


  • Access control. Reduce access risk, prevent fraud, and ensure compliant provisioning by determining employee roles and access. IT-based controls can flag potential conflicts of interest and monitor checks and balances to prevent fraud.
  • Process control. Set up policies, give employees guidelines to minimize risk, and continuously check controls. SAP uses industry standards and frameworks, helps ensure enforcement, and routinely tests and evaluates the effectiveness of controls.
  • Risk management. Evaluate and identify risk based on business value and exposure. Use threat detection to identify issues and implement risk mitigation before any damage is done. Monitor risk thresholds and respond to alerts.
  • Fraud management. Detect and prevent new fraud schemes in real-time using continuously adapting simulation and calibrations.
  • Audit management. Trigger security audits when violation or penetration thresholds are breached. 
  • Global trade services. Protect the enterprise from doing business with illegal, restricted, or doubtful parties and keep trade compliant while speeding commerce.

Selecting the right GRC solutions

Figuring out which GRC products are right for your needs can be a challenge. Start by asking yourself some questions. Are you thinking about a move to the cloud? Are you starting to tap into big data? What’s working well? What are your areas of risk? What can you do to reduce or eliminate enterprise security risk? How can the SAP GRC portfolio help? Can you expand your current GRC solutions to better address high-level risks?

SAP provides a cohesive and seamless GRC portfolio that helps you set policies and identify risks. With real-time risk detection and monitoring, you can response immediately to eliminate fraud and other threats and better support the business.

To learn more about how SAP security and GRC consulting can help you ensure data governance, risk, and compliance both in the cloud and for big data, visit us online.

If you want to learn more, please visit the SAP Service & Support area at SAPPHIRE NOW 2015 in Orlando.

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.