Expand +



What’s New in SAP GRC: Bringing the “Heat” in Cloud Security

by Kenneth Murphy

December 12, 2012

by Ken Murphy


For a movie that came out when “cloud” was still just a meteorological term, “Heat” nails today’s enterprise cloud security concerns.

The 1995 DeNiro-Pacino crime thriller contains the best bank robbery scene in movie-making history, bar none. Leading up to this heist, lead robber Neil McCauley (DeNiro) meets with Kelso, a hacker armed with reams of stolen bank information  –  intricate details about its alarm systems and how to disable them, and financial data including  how much money will be in the vault ($12.1 million, if you were curious).

McCauley is clearly impressed with Kelso’s hacking ability.  “How do you get this information?” he asks.

“It just comes to you,” says Kelso. “This stuff just flies through the air. They send this information out, I mean it’s just beamed out all over the place. You just gotta know how to grab it. See, I know how to grab it.”

Would Kelso find it harder to ‘grab’ the same information today?

Enterprise cloud adoption has not surprisingly focused heavily on security. How much so is one topic GRC expert Richard Hunt set out to explore in a recent Turnkey Consulting survey of more than 100 IT professionals using SAP software in security and controls activities.

Key cloud security findings:

  • 39% of organizations planning to invest in a strategy for cloud computing in the next 12 months include investment in additional security in these plans
  • 13% are not including investment in additional security in these plans
  • 22% are not planning a cloud computing strategy

SAPinsider recently spoke with Hunt to learn more about what SAP users can expect in the GRC space in 2013, including what data is most important to secure and where SAP HANA fits into GRC plans.

“There’s going to be some interesting developments in meeting security challenges that come out of things like SAP HANA, cloud, and mobility,” Hunt tells us.

Hunt says it’s important for companies to decide on an overall approach to risk management: Are security investments intended primarily as a means of delivering ROI, or are they more of an insurance policy against fraud and exposure? How should a company prioritize security when investing in mobility, SAP HANA, and the cloud?

To prioritize security risks, however, a company must first be aware of possible risks, which happens to be one of the five key cloud security issues CSO Magazine writes about in a September story.  (Other issues highlighted in the story include precautions that should be taken in a private cloud environment, and where and how to encrypt data). How to prioritize? According to Hunt, it can be as simple as looking at which business risks are common to a particular industry and strategizing accordingly.

You can listen to full podcast with Richard Hunt, “What to expect from SAP GRC in 2013” here.

An email has been sent to:

More from SAPinsider


Please log in to post a comment.

No comments have been submitted on this article. Be the first to comment!