Expand +



Live from SAPinsider Studio: ERP Maestro and the Role of Automated Access Controls in Reducing Risk, Part 1

May 11, 2015

In this first of a two-part video, ERP Maestro Founder and CEO Jody Paterson joins SAPinsider Studio during the GRC 2015 conference in Las Vegas to discuss how automated access controls help organizations reduce cost and complexity. Topics of this discussion include:

  • How a SaaS-based GRC tool helps to lower cost and complexity in moving to automated access controls
  • Taking control of segregation of duties (SoD) conflicts, emergency access and provisioning management and access to sensitive data with a tool that facilitates a move to SAP GRC
  • Benefits of automated access controls, such as significant time savings and improved compliance


Ken Murphy, SAPinsider: Hi this is Ken Murphy with SAPinsider, and I’m at the SAPinsider GRC 2015 event. This afternoon, I’m pleased to be joined by Jody Paterson, CEO of ERP Maestro. Jody, thanks for joining us today.

Jody Paterson, ERP Maestro: Thank you Ken, thanks for inviting me.

Ken: I was hoping to start if you can introduce yourself to our viewers and and describe your role and responsibilities with ERP Maestro and your background in the GRC space.

Jody: I’m the CEO and founder of ERP Maestro, which is a cloud-based SaaS delivered access control solution configured for SAP. I’ve always really been in the security and compliance space dealing with a lot of Fortune 500, Fortune 100 mid-market customers while at KPMG. I was there for just under 10 years and a lot of the time I worked with customers that had very similar challenges in the security and compliance space. I developed a lot of methodologies around the mediation of security and the redesign of security and then delivered a lot of the training and presented at conferences around those methodologies. It was actually that experience that led to the creation of ERP Maestro, just thinking that there had to be a better way to allow companies to move toward access control automation than what was available to them today.

Ken: Can you talk a little more specifically about what ERP Maestro does for companies that are running SAP and what challenges that they’re having that ERP Maestro helps them solve?

Jody: Certainly. So let me define the problem. Controls around access to programs and data is pretty challenging for a lot of organizations to do well, to do right. Not only design them well, but ensure that they’re operating effectively over the period under review. But then at the end of the year making sure that they can collect the evidence to make sure they’re defensible with the external auditors. And the types of controls I’m talking about are segregation of duties (SoD), access to sensitive data, emergency access management, the provisioning process in general and quality of controls – and a lot of companies actually manage that process manually. It’s actually gone to a study and about 80% of companies today are performing that process manually. And it was documented that it’s pretty inefficient – you’ve got people going and extracting data out of SAP, compiling these access databases and all along the way there are these points of failure that can occur especially around completeness and accuracy. You’ve also got the amount of time that goes into performing those processes requires a lot of resource time which ultimately results in it being extremely expensive. And then you’ve also got the fact that there are points in that process that can fail where imports fail and the results of those big queries that are performed, the accuracy of those results is really questionable. So ultimately at the end of the year, there’s a gamble whether or not they will be relied upon or not. And significant deficiencies can come out of that. So automation really is the key, no matter what gets implemented automation of those controls are key to being able to address those issues. Now in that study I referred to earlier, the Gartner study, they actually identified what the reasons were for that low adoption. And they said cost causes complexity, so cost being that it’s a very big nugget to actually go ahead and jump to that automation for what might not even be a high-priority project. And a complexity being that you have to hire all these guys, go through the implementation process which really takes some time, takes a lot of people. So that is what ERP Maestro addresses; what ERP Maestro does is it removes the complacency in the market to take on the implementation of an automated access control solution by removing the cost and complexity. We really want to reduce the cost that companies go through to reduce that complexity because then they can take that first step toward automation and then once they realize the benefits, that’s when the solution actually facilitates a move to SAP GRC, allowing them to have a far more robust solution.

Ken: Can you address some specific examples of how ERP Maestro removes that cost and complexity?

Jody: ERP Maestro is a cloud-based SaaS delivered, subscription-based service for an automated access control suite. How they can do that, is they simply go online, subscribe to the service, and they can plug-in their SAP instance to this already powerful infrastructure that is up-and-running for them. It literally takes 30 minutes to start consuming these automation services, so a significantly lower complexity. And because it’s a subscription-based service, everything is actually included. You’ve got your hardware, the software, the configuration. You’ve even got training, absolutely everything is included in the service and they can consume it very quickly and very simply. Now because of that simplicity you’ve also got some massive agility. With that, especially with companies that are going through many mergers and acquisitions, that agility allows them to really plug-in to companies that they’re bringing on, that they’ve divesting, and really gives them that powerful piece of agility. In fact, we actually do have a specific case study where a third-party came in and looked at the benefits that this automation gave them and they calculated that they got 700 hours’ worth of time back which directly translates into savings, immediate ROI as of Day 1. And once a company actually realizes those benefits of having the ability to automate those access controls and how much time they’re saving, and how easy it is to actually do, that’s when their GRC framework becomes a lot more complex. They start to incorporate a lot more into their framework in general and that’s when the solution will facilitate that move for them to SAP GRC. And in fact we actually found a lot of companies when they implement SAP GRC keep the ERP Maestro solution running as well just because of some of the extremely rich reporting features that come out of it.



An email has been sent to:

More from SAPinsider


Please log in to post a comment.

Fabricio Martinez

3/22/2016 5:06:26 PM

Video is not showing, could you please check if there's a problem?

Fabricio Martinez

3/22/2016 5:05:17 PM

The video is not showing, could you please check?