|
Day 3: Friday 20th November |
 |
 |
|
Sunday, 22 November 2009 20:32 |
 Deborah Taylor, Unilever's Risk Lifecycle Manager (and an su53 client) presented an excellent session this morning. Deborah covered Unilever's successful 2009 implementation of CUP for all European countries, covering the fact that it has been audited and approved by PwC and the nature of the substantial savings and efficiency benefits recognised to date. Deborah also referred to Unilever's current CUP-related projects for customised User Access Review based on User Group membership as well as SoD Review based on a country-risk ownership. She shared how Unilever is currently using SAP RAR and SPM to clean up their roles and apply mitigating controls. Deborah also described their use of su53's succeed™ methodology which Unilever used to guide the regional implementation from start to finish.
One visitor to our stand after Deborah's presentation commented that Deborah gave "The best presentation session of the whole conference" - pleasing feedback and a big thank you to Deborah for putting the effort in to share her experiences with everyone. Many expressed the view that Pete Fitzsimmons' presentation yesterday and Deborah's today brought CUP very much to life in respect of their own scenarios. It's still surprising to us how many have yet to implement CUP given the obvious and tangible benefits achievable.
It's been great to see the interest from clients and the wider SAP community in GRC. Pete Fitzsimmons ended the week in the same manner he started, giving expert advice to all-comers to the stand, and it's apparent that Unilever's CUP story is much more advanced than many of the existing GRC customers. We met a large number of people on our stand and perhaps the biggest change this year has been the growing interest in Process Controls and anticipation on what benefits it will deliver: few have yet taken it up but the business cases we discussed look strong - I think we'll see a big difference next time. However the bulk of discussions are still security and access related - and this time it's noticeable - and very pleasing for us - to see people coming straight to us for expert help and commenting that they've heard good things about us. We work hard at that and such feedback is very welcome!
The conference is coming to an end now: it's been a very useful few days, quite a lot of content and examples of what's happening, new SAP software partner updates, not so much on SAP product updates themselves, and quite a bit on effective use and examples. Some of the delegates appear to be suffering from the Prague nightlife and most if not all have sore feet from traipsing around the exhibition and seminar rooms! The WIS team have again laid on a great conference and we look forward to catch up with them and the rest of the GRC ecosystem next in Orlando in March at GRC2010.
Next week we are off to the SAP UK User Group. Another week, another conference! Prague is a beautiful city - Manchester's Theatre of Dreams is quite a contrast…. Everyone has an opinion!
I hope we'll see you there or at GRC2010
 |
|
Last Updated on Friday, 12 February 2010 10:32 |
|
|
Day 2: Thursday 19th November |
|
|
|
Friday, 20 November 2009 09:57 |
|
Another day and so much to see!
 It seems that there are significantly more delegates here today and there is a real buzz in the exhibition hall. We've attended many of the sessions here but the highlight today was our own Peter Fitzsimmons delivering his session on Best Practice workflows for CUP. Pete has extensive knowledge in this area and his vast experiences are worth listening to. The session covered project planning and definition processes for CUP. Attendees were able to find out exactly which tasks a provisioning workflow should perform and understand when existing processes should be mapped within compliant user provisioning - or when they should be re-worked or re-modelled so as to avoid inefficiencies. Peter also covered how to use SAP delivered compliant user provisioning functionality such as user defaults, role mapping, field mapping and custom approver determinates, to enhance workflows further. The session was very well attended by a number of delegates from a wide range of European Countries - and Peter's extensive knowledge and experience in this area was exceptionally well received.
It feels like we are entering another phase in the competition between the GRC vendors. SAP's alignment with Sensage and Novell adds another dimension to the offering. More collaborations and acquisitions in the market feel likely as the big players jostle for position.
The Novell stand appears to be the most active (other than SAP's). It's more than IdM: the combination of authentication and identity with application data presents an opportunity to manage risk further. Imagine Segregation of Duty reporting based on IP address, user id and terminal. This could highlight security breaches related to social engineering. Few customers are thinking this way yet but we've picked up on increasing interest in SIEM (Security Information and Event Management): note Sensage are well rated in Gartner's Magic Quadrant for SIEM. Combining Sensage with SAP GRC Process Control will allow companies to address CCM and SIEM more fully.
We've noted the significant GRC interest from the Nordic region, with more delegates than any other area of EMEA. This has prompted su53's Gavin Campbell to review the impact of the 8th Directive from the EU to see if there are any obvious drivers there and to understand how each country's response to the 8th Directive influences the business challenges there.
|
|
Last Updated on Friday, 20 November 2009 10:03 |
|
|
|
|
<< Start < Prev 1 2 3 Next > End >>
|
|
Page 1 of 3 |
