gina marchese, asug coordinator, sap falk rieker, vice president sap banking solutions

26
Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions Mike Ramsey, SAP Banking Field Services Thomas Neudenberger, COO realtime North America Inc. May 6 th , 2008 ASUG Banking & Financial Service Providers SAPPHIRE Breakfast Session

Upload: yachi

Post on 21-Jan-2016

72 views

Category:

Documents


0 download

DESCRIPTION

Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions Mike Ramsey, SAP Banking Field Services Thomas Neudenberger, COO realtime North America Inc. May 6 th , 2008. ASUG Banking & Financial Service Providers SAPPHIRE Breakfast Session. Agenda. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

Gina Marchese, ASUG Coordinator, SAPFalk Rieker, Vice President SAP Banking SolutionsMike Ramsey, SAP Banking Field ServicesThomas Neudenberger, COO realtime North America Inc.

May 6th, 2008

ASUG Banking & Financial Service Providers SAPPHIRE Breakfast Session

Page 2: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

Agenda

• 7:00am – 7:15 am - Breakfast Served & Opening Statements – Dan Drechsel & Thomas Balgheim (SAP)

• 7:15am – 7:20am - ASUG Community Overview- Mike Ramsey

• 7:20am – 7:25am - SAP’s Commitment to the Banking Community of Interest- Mike Ramsey & Falk Rieker

• 7:25am – 7:35am - Banking & Financial Services Key Discussion Topics- Mike Ramsey

• 7:35am – 7:50am - bioLock- Realtime Security & Fraud Mitigation- Thomas Neudenberger

• 7:50am – 7:55am - Upcoming Events & Next Steps – Mike Ramsey

• 7:55am – 8:00am - Questions & Customer Feedback

Page 3: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

ASUG Overview

• ASUG is the largest independent, not-for-profit organization of SAP customer companies and eligible partner vendors in the world.

• ASUG’s mission is to continuously educate its members, facilitate networking among colleagues and SAP representatives, and influence future SAP product releases and direction.

• ASUG as formed in 1990, and is made up of more than 1,700 corporate and 45,000 individual members in North America.

Page 4: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

ASUG Communities

• ASUG Special Interest Group (SIG) Communities are aligned to SAP products and industries.

• ASUG Chapters are regionally based throughout N. America

• ASUG members have year-round direct access to:

• Colleagues with similar interests and workplace challenges• SAP representatives and resources• Educational, networking and influencing opportunities

Page 5: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

Year Round Education

Customer-run, customer-driven education

Convenient and accessible formats, including:• Face-to-Face educational events

• Forums

• Symposiums

• Chapter Meetings

• Annual Conference• Webcasts and teleconferences• On-Demand Education

Page 6: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

ASUG Banking Community

Free educational activities about newest product features-and-functions• Banking Focused Webcasts• ASUG SIG Community educational content • Focused Banking area on asug.com

Networking to share experiences and best practices• ASUG Banking Discussion Forum• Networking sessions at ASUG events • Industry specific Benchmarking Studies• asug.com online community

Opportunities to influence and prioritize the development roadmap• ASUG Influence Councils • ASUG Executive Exchanges

Page 7: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

Volunteers are Key

ASUG is governed by its most valuable asset – its members.

SIG Chair• Drive and manage the SIG's year-round community • Communicate Influence needs of SIG membership

and represent the SIG during Influence activities (i.e. assist in moderating Webcasts, help craft promotional material)

• Build and maintain solid relationships with ASUG HQ and SAP Points of Contacts

Page 8: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

Membership Offer

• Membership dues reside at the corporate level which allows an unlimited number of employees within an organization to utilize company membership benefits without incurring individual membership charges. Membership dues are paid on an annual basis, not pro-rated and valid January 1st through December 31st of each year.

• Complimentary ASUG memberships are available. Please inquire to [email protected]!

Page 9: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

SAP’s Commitment to the Banking Community of Interest

• SAP, working closely with ASUG, will drive the following initiatives to continue the growth of this COI:• Secure participation & support from Banking & Financial

Service Providers in our European regions.• SAP Management & Solutions Expert participation in future

Banking COI events.• SAP will provide results of our surveys related to industry

trends, business use cases, functional requirements, and customer priorities.

• SAP will provide continuous updates on topics of interest received from our customers feedback & questions.

Page 10: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

Banking & Financial Services Key Discussion Topics

Banking Hot Topics (as determined by initial Customer Survey)

• Upgradeability to the most current release

• Roadmap to transform their existing implementation to our SOA BPP

• Ways to improve overall customer experience and improve customer centricity

• Cleaning up back office processes

• IT Spending

• Meeting and maintaining Compliance and Regulatory guidelines

• Security concerns in the banking industry

Page 11: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

The bioLock Overview

bioLock Protects Critical Data with Biometrics

for Fraud Prevention and “True”

Compliance

bioLock “elevates” IT security from access control to fraud mitigation

Page 12: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

Actual Financial Losses in 2006

The so called “occupational fraud” (also known as internal theft) and abuse imposes enormous costs on organizations. The median loss caused by the occupational frauds in this 2006 ACFE study was $159,000. Nearly one-quarter of the cases caused at least $1 million in losses and nine cases caused losses of $1billion or more. Participants in the study estimate U.S. organizations lose 5% of their annual revenues to fraud.

Read the full study at: http://www.acfe.com/documents/2006-rttn.pdf (Source: 2006 Study - Association of Certified Fraud Examiners – www.acfe.com)

Average single loss was $159,000

25% caused $1 million in losses

9 cases of $1 billion in losses and more

It takes 15+ months to detect fraud

Page 13: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

Largest fraud case in history

• French Trader Jerome Kerviel stole computer passwords that allowed him to enter his phony deals into various trading systems and to bypass security measures

• He misappropriated IT access controls belonging to operators

• Kerviel overstepped his authority and bet 50 billion Euros ($73 billion) - more than the bank's market value

• This practice costs his employer, France's Societe Generale, $7.2 billion in losses

• Judges have filed charges against Jerome for forgery, breach of trust and unauthorized computer activity

• Investigators questioned Societe Generale's chief executive who is ultimately responsible for his employees actions

• There are many rumors about the banks future / the industry is speculating, that it could be bought out or broken up

• Poor IT Security is blamed for the losses and a special committee has recommended to immediately introduce stronger security systems, including biometric authentication, to prevent a recurrence.

Source SAP Info: http://www.sap.info/public/INT/int/index/Category-28813c6138d029be8-int/0/articlesVersions-30698479ee4768f8a0Source SAP Info: http://www.sap.info/public/INT/int/index/Category-28813c6138d029be8-int/0/articlesVersions-3038947c29f746dbbe

Page 14: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

20 Ways to get anybody's Password

• Look in desk drawers or on the “yellow sticky note”• Look over shoulders of co-workers (shoulder surfing)• Videotape it - watch for people with a cell phone around you• Ask colleagues – 40% admit to sharing passwords• Get emergency password ( administrators / security guard)• Call hotline to get password reset for any user• Associate with owner (pet, family, hometown, birthday)• Check unencrypted .ini files• Try SAP default password for SAP* - 06071992• Key Catcher, Password Cracker – Now: Recovery Tools• Monitoring / Sniffers (transfer from GUI not encrypted)

Download the “Fishing for Passwords” document at www.showpasswordsthefinger.com

Page 15: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

Would your security guard STOP this guy walking through the main entrance?

Very Likely YES !!!

Even this guy identifies himself as “SAP 1” on his space suit…

bioLock will uniquely identify the user behind the “Space Suit” (User Profile)

Without using biometrics we can only identify “Space Suits” with names on them (SAP User Profile Names) walking around in the most critical part of our organization – the SAP System.

We have NO WAY of identifying who is using the suit (SAP user profile)

Page 16: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

Why biometrics for your SAP System?

Biometric security for system, transaction and field level data

Biometric security for user logon with convenient single sign on to multiple systems

Enhanced user/transaction audit trail

Easy 4-eyes principle and supervisor approval functionality

Secure and convenient “Fast User Switching “

Proof, who did what and when in the SAP System with a biometric log file

Page 17: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

bioLock “sits” on top of SAP Security

Existing SAP Security

Additional biometric Security

bioLock will not “touch” or change your existing security roles or profiles!

It adds an additional layer of security!

Page 18: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

Independent Additional ProtectionIndependent Additional Protection

SAP User

Profile

SAP User

Profile

bioLock invites users via biometric template – the protection is defined in bioLock and supersedes the SAP User Profile

Page 19: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

2nd layer protection with bioLock

bioLockbioLock

Access authorized

Access blocked

Logon/ Task

bioLock prompts you for fingerprint

Fingerprint comparison with table

bioLocktemplates

AdditionalSecurity Layer 2

bioLock checks SAPauthentication rules

ExistingSecurity Layer 1

The biometric technology identifies unique points on your finger and creates an encrypted, digital template – it never stores an actual image of the finger!!!

Please Note:

bioLockuser/function

Extra biolock Door Lock is detected

Page 20: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

Proof - in writing for the auditors The log file proves:

Who logged on Who executed the task Who confirmed a task Who was rejected TRYING

to execute a task that they were not allowed to execute

Identified SAP User Profile“Space Suit”

Actual User – uniquely identified with biometrics

Proof - in writing for the auditors

Page 21: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

Case Study: Finance System Case Study: Finance System

The Challenge:

Groups of people had access to many parts of the finance system The client needed to uniquely identify the “actual user” and log activities Management requested that 2 individuals would authorize certain tasks

A bank had multiple critical tasks in their financial application including opening balance sheets, approving budgets and issuing wire transfers

The Solution:

bioLock with the dual confirmation group was installed

2 people have to authorize tasks

Both will be uniquely identified…

…and logged in the log file

Page 22: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

Conclusion

• SAP Security and ALL compliance efforts (SoD’s) are solely based on password protected USER Profiles

• Passwords are not secure and offer very limited protection and no accountability at all

• Damages include severe financial losses, espionage, bad press, image loss, lawsuits, compliance violations, etc.

• Experts agree - Biometrics is the only solution approach to increase security, convenience and establish clear accountability

• A study confirms how a company can be compliant, but not secure

• bioLock is the only certified biometric technology available for SAP

• There is no comparable technology available for SAP’s competitors

Page 23: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

Resources

SAP WebEx recording – View a presentation and live demo of bioLock:http://www.sap.com/community/showdetail.epx?itemID=11423

Thief misuses authorizations and costs French bank $7 billion:

http://www.scmagazineus.com/Rogue-bank-trader-bypasses-computer-security-loses-7-billion/article/104519

  

SAP TV Movies about biometrics at Brevard County Government and SOX Compliance:

http://www.realtimenorthamerica.com/saptv.shtml

 

Research study from the California State University that has established - without biometrics there is no true compliance:

http://business.fullerton.edu/resources/biometrics/

 

View a PPT Screenshot demonstration of the biometric technology at work in the SAP System: http://www.realtimenorthamerica.com/download/bioLock_demo.ppt

 SAP Info Article: Handling Accountability Issues with bioLock at the Polk County School Districtwww.sap.info/int/go/36553/

A former DuPont research chemist stole $400 million in intellectual property from his employer:

http://www.sap.info/public/INT/int/index/Category-28813c6138d029be8-int/0/articlesVersions-2278745d982e50690f

 

View how easy it is to identify a password that was video taped with a cell phone:

http://www.showpasswordsthefinger.com

Page 24: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

Planning COI Focus & Future Topics

• Do we have an agreement on the direction of current and future topics for his COI?

• Where can we add value to both our Banking & Financial Service Provider customers?

• Are there specific high priority area’s of focus you would like to have added to the “Hot Topics” list?

Page 25: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

Next Steps

Determine Customer Topics of Interest for future event planning

Secure customer volunteers to lead Banking Community

Upcoming group Webcast sessions and topics On-site meetings planned for 2008

Page 26: Gina Marchese, ASUG Coordinator, SAP Falk Rieker, Vice President SAP Banking Solutions

Questions & Customer Feedback

• Open session for customer comments, questions, and feedback.