SAP and IT security company, Turnkey Consulting (www.turnkeyconsulting.com), believes organisations will give greater focus to external threats, move away from disparate systems to manage risk and combat fraud via real-time transaction analysis. Detailed below, these predicted trends for 2014 are based on Turnkey’s work with global organisations around the world and overall industry activity.
Focus on external threats
Segregation of duties and other internal controls have traditionally been the key areas of focus in safeguarding SAP systems from vulnerabilities. However, as cyber attacks become more prevalent, there is an increasing trend by risk-aware organisations to take external threats more seriously.
A key driver has been a number of high profile cyber security attacks, which have prompted government initiatives such as the UK's £650m National Cyber Security Programme.
Trends such as BYOD and mobility have forced an increase in the openness and accessibility of corporate SAP systems. This has in widened the scope of vulnerabilities that companies face today and fundamentally changes the IT risk landscape.
End-to-end risk management systems
Traditionally enterprises operate several best-of-breed but disparate systems to manage risk to the organisation. For example, a company might document its control framework using one software solution and its enterprise risk with another, while deploying a third system to automate certain controls.
Using SAP as an example, there is a trend towards addressing all elements, from enterprise risk to access controls, in an end-to-end enterprise risk management system.
Real-time transaction analysis to combat fraud
Technology is now available to analyse large volumes of transactional data in real-time. This provides an opportunity to take action to prevent a potential threat, rather than identify that it has happened after the event.
For example, in a small HR department it may be necessary for the same person to create employee records and run the payroll. Automated controls could be used to flag in real-time if the bank details used during payroll are the same as those of the operator, and prevent the payment if necessary.
This convergence of detective and preventative controls enables real-time ‘control by exception’, often a more flexible approach to the management of key risks than access controls which take an ‘either / or’ approach.
“It is essential that we constantly monitor the threat landscape in order to provide clients with the solutions that best enable them manage their individual risk needs,” explains Richard Hunt, managing director of Turnkey Consulting. “During this year we have seen organisations become increasingly concerned about external threats. At the same time technology continually evolves and we are seeing vendors develop solutions that manage every element of risk throughout an organisation, as well as a focus on the benefits that real-time analysis offers in preventing fraud. We believe these will be key trends for 2014.”
About Turnkey Consulting (www.turnkeyconsulting.com)
Turnkey Consulting is a specialist GRC and IT security company that combines business consulting with technical implementation to deliver information security solutions in support of SAP systems. It focuses on the delivery of specialised services in support of SAP solutions in the areas of security, governance, risk and compliance (GRC). It works with service providers, audit partners and SAP clients directly to provide the security controls and solutions that safeguard and complement a company’s implementation of an SAP system. Clients include systems integrators, blue chip organisations and a number of government agencies.
The company was established in 2004 and already has offices in the UK, Australia, Germany and the US.
Follow Turnkey Consulting on Twitter at @TurnkeySAPGRC
For more information, please contact:
Tel: +44 (0)7788 584413
Further information (external website)