Anglian Water boosts SAP security team with managed security service

Utility beefs up its GRC operations

Article comments

Anglian Water has signed a managed security service contract with SU53 for the upgrade of its SAP Governance, Risk Management and Compliance (GRC) solutions.

Having helped Anglian Water develop its GRC standards in the past, SU53, an independent provider of SAP Security and SAP GRC solutions, will now help the water company upgrade its current SAP GRC Version 4 to a newer version. The company runs the SAP Risk Analysis and Remediation and the Privileged Access Control modules.

 “We will need support to implement that [the upgrade] and establish best practice,” said Sandra San Vicente, security risk manager at Anglian Water.

Anglian Water’s SAP R/3 environment runs on a SUN Solaris operating system, UNIX Operating System version 10. The SAP Risk Analysis and Remediation tool runs on the same system.

Although the water company has outsourced most of its SAP-based IT for several years, to CSC, it decided to bring the SAP GRC skills back in-house three and a half years ago. It was encouraged to do so after running audits of its systems.

“We outsourced the [SAP security] skill set and we became a management system. We were getting more and more questions about security conflicts. People were asking ‘should I be seeing this?’ or ‘I can’t access something I saw yesterday’, and so on.

“[Then after running audits,] the auditors told us that we have problems with SAP security, and we decided to bring it in-house and manage it ourselves.”

It brought the security role development in-house first, followed by the implementation of GRC tools, and then the configuration of the risk and mediation tool. The Anglian Water IT team comprises five people, with four dedicated to SAP security and one focused on the control of the network and UNIX environment.

Under the contract with SU53, Anglian Water can hire the company’s contractors on an as-needed basis. The water company has been working with SU53 for around three years.

“In the past, our project managers have gone out to market and asked for somebody with SAP security skills. We don’t know who those people are, and sometimes they build roles in different ways, so we started to get different role structures that are subsequently quite difficult to manage.

“With SU53, they work with our standards they helped to develop. The company has been very flexible in supplying the right skill sets at the right time. Agencies generally want three or four-month contracts, but SU53 can do just a day.”

Anglian Water is currently finishing a project to deliver the Privileged Access Management tool around the billing area for 700 users, which involved the creation of 86 new SAP composite job roles. SU53 worked with project managers Pricewaterhouse Coopers (PwC) to deliver the required security roles.

SAP UK & Ireland User Group Annual Conference

21-23 November 2010, Manchester

Early Bird rate now available click here


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *