THIS EVENT WILL TAKE PLACE FACE TO FACE STARTING AT 11AM.
Cybersecurity, the practice of protecting critical systems and sensitive information from digital attacks, is always a trending topic as the threats are always unpredictable. In this event, we will be talking about everything you'll need to know about cybersecurity including internal and external threats. How the boundary-less cloud poses security concerns and what are the counter-measures? When it comes to cyber identity, what are the key things we will need to know about access governance and cyber identity?
Our Audit, Control and Security (ACS) SIG is a well-supported group attended by a cross-section of professionals working with SAP and representing the following business areas: IT Security; (including SAP Basis experts) IT & Financial Audit and Risk Management.
Join Jonathan Cooper from Onapsis who will be talking about the Onapsis Customer Spotlight: How Dow Chemical Leverages Onapsis for Harmonized, Proactive Security & Compliance
Traditionally, cybersecurity and compliance have been two very separate functions where often times the misalignment has been emphasised more than alignment toward a common goal. Add in the complexities of the compliance landscape and ever growing threats to business-critical applications, and defenders have a difficult challenge to solve with limited resources.
Andrew Morris from Turnkey Consulting will be speaking about Applying a Zero-Trust Approach to SAP
What is Zero-Trust?
At its most basic level, zero trust is about an approach to securing systems and data which means we must ensure we know WHO is accessing data, for WHAT purpose and intelligently limiting access to that data at all times. It is a cybersecurity term, but when applied to SAP, has a lot of touchpoints with elements with which we’re already familiar.
Authorisation management in SAP is the first step to implementing a zero-trust approach – are you limiting users’ access to only the systems and data they need to access to do their job? PAM, or EAM then extends this solution to ensure that privileged access is approved and monitored.
Infosec have tools in place to validate devices, but digital transformation in SAP, adoption of new UI, like Fiori and mobile devices can mean this is more of a challenge…
Contextual authorisations, such as UI masking, which can overlay access policies (PBAC) on top of role-based authorisations, allow us to further enhance the controls over access to data, such as limiting interaction based on location, time etc.
Tooling such as SAP GRC allows the limitation of access, visibility of interactions and better understanding of the zero-trust approach, as well as embedding the risk ownership within the business, so the access granted can be tied to the risk of that access to the underlying data and processes. Combining this with BIS, ETD and other solutions will permit extension of the Zero Trust approach to further secure your business-critical systems and data – gaining visibility of vulnerabilities and if they are being exploited allows integrations with other cyber-defense initiatives. Integrating your SAP systems with enterprise-level cybersecurity initiatives, such as DLP, security training and identity governance all permit you to grant access only where required.
This is especially relevant where we’re operating in managed services environments, where the most privileged access to our systems and data may be granted to users outside the organization. PAM initiatives especially can reduce the threat posed by these privileged accounts.
Barbara O'Cain and James Howgego from SAP will be sharing on the tools for customers to use to manage such governance and compliance. Data governance encompasses the people, processes, and information technology required to create a consistent and proper handling of an organization's data across the business enterprise. Learn how SAP SuccessFactors helps your organization exercise positive controls over handling and accessing data from the perspective of an employment attorney and a global technology advisor.
As this is a Partner sponsored event, there may be some restriction on which members can attend. This means that even if your initial booking is accepted, we may contact you to cancel your booking.
Your SIG Chair:
Brian Froom, your ACS SIG Co-Chair and Information Security Manager TSE from Tata Steel will provide an update on his attendance at the Meet the Developers, where he will have met and had discussions with the SAP Experts.
Pre-Sales Advisor
Onapsis
Jonathan is a pre-sales advisor at Onapsis who offer mission critical application security, compliance, and resiliency. His background started initially in Finance and spans over 20 years with SAP across supply chain management, Business Intelligence, S/4HANA and data protection/security.
Cyber & Application Security Director
Turnkey Consulting
Andrew has 20 years’ experience of delivering robust cyber solutions in regulated global environments for organisations and clients of Turnkey. As a director for Turnkey in cyber governance, risk and compliance, he helps organisations to identify and effectively manage their risks.
Global Compliance Program Director
SAP
Having joined SAP SuccessFactors in 2013, Barbara is a frequent speaker globally on topics of human resources regulatory compliance, HCM globalization and localization, employment litigation, and data privacy.
Senior HR Technical and Security Architect
SAP
James has worked for SAP covering security, technology, and compliance for more than 22 years in various roles. He currently works across North EMEA helping prospects and customers to understand the security and compliance benefits of SAP HR Cloud technology and how this can be best utilized.
Audit, Control & Security SIG Co-Chair
UKISUG
He has 21+ years’ experience as an IT Auditor across different sectors. He is currently involved in the security and monitoring of Tata Steel’s SAP installations across UK and Europe.
Events Coordinator
UKISUG
Priscilla is a multi-lingual event professional from Hong Kong; she is a MSc International Marketing graduate from Newcastle University and has over 8 years experience in events management across entertainment, MICE and corportate events.
11:00 - 11:30
Registration and Coffee Networking
11:30 - 11:50
Welcome & Introduction
Brian Froom
Audit, Control & Security SIG Co-Chair - UKISUG
11:50 - 12:00
UKISUG Update
Priscilla Chu
Events Coordinator - UKISUG
12:00 - 12:45
Applying a Zero-Trust Approach to SAP
Andrew Morris
Cyber & Application Security Director - Turnkey Consulting
What is Zero-Trust? At its most basic level, zero trust is about an approach to securing systems and data which means we must ensure we know WHO is accessing data, for WHAT purpose and intelligently limiting access to that data at all times.
12:45 - 13:30
Lunch and Networking
13:30 - 14:15
Data Governance - and How SAP Helps
Barbara R. O'cain
Global Compliance Program Director - SAP
James Howgego
Senior HR Technical and Security Architect - SAP
Learn how SAP tools helps your organisation exercise positive controls over handling and accessing data from the perspective of an employment attorney and a global technology advisor.
14:15 - 15:00
Onapsis Customer Spotlight: How Dow Chemical leverages Onapsis for harmonised, proactive security & compliance
Jonathan Cooper
Pre-Sales Advisor - Onapsis
Security & compliance continue to be top concerns for migrating to SAP S/4HANA in the cloud, even above performance, flexibility and cost. Jonathan Cooper will discuss Dow Chemical's journey and best practices when utilising The Onapsis Platform.
15:00 - 15:15
Wrap Up and Close
How Dow Chemical Leverages Onapsis for Harmonized, Proactive Security & Compliance - Jonathan Cooper
Uploaded 1 year ago (04-05-2023)
Event: Security (ACS)
Applying a Zero-Trust Approach to SAP - Andrew Morris
Uploaded 1 year ago (04-05-2023)
Event: Security (ACS)
Data Governance - and How SAP Helps - Barbara R.O'cain & James Howgego
Uploaded 1 year ago (04-05-2023)
Event: Security (ACS)
Our latest insights and thoughts
