Perimeter Security

KPMG Client – Mexico

“With the implementation of this solution, the client has graduated from the obsolete world of passwords to a far more controlled environment of biometric identity management. The client has a far better understanding of when and how each user had access to their SAP system. The project has been a complete success.”

Juan Manuel Rangel Palacios
Sr. Manager, IT Advisory
KPMG Cardenas Dosal, S.C.

KPMG was retained by a manufacturing client (division of a multi-national firm) to identify and implement upgraded security for its SAP ECC6 installation. The solution had to cover many locations and a substantial SAP user group. KPMG recommended that a major change, using SAP-centric biometric identity management, was the best course to follow.

The most important first step in securing an SAP installation is to take control of perimeter access. Username/password combinations alone do not provide identity management – only biometric authentication can do that. As a baseline, all current employees with SAP access are enrolled biometrically, effectively stepping up security to a mandatory 2-factor process. The abuse or sharing of passwords, whether voluntary or covert, is thereby alleviated, as each perimeter access transaction becomes a logged event, indisputably identifying the actual user.

Business Situation

  • Rapid business growth
  • Many warehouse and office locations over a large geographical area
  • Workforce not necessarily tied to a specific location

Key Challenges

  • Know who has access to SAP
  • Eliminate password-sharing
  • Provide robust audit trail of users’ access to SAP
  • Prevent unauthorized access
  • Achieve 100% SAP perimeter access control
  • Create indisputable user accountability

Implementation Approach

  • Enroll all authorized users with biometric profiles, regardless of SAP function
  • Require biometric access control at every log-on
  • Maintain audit log, including failed attempts, for analysis

Major Objective

Challenges to increase SAP security and accountability:

  • Mandatory biometric identity management for 1,000 users at multiple locations
  • Biometrically secure access to SAP log-on for all users on PCs and laptops via direct access or VPN

Key Business Outcomes

  • True identity management for all employees, with 100% flexibility of workplace rotation
  • Tamper-proof audit trail in effect
  • Future option includes biometric access for non-employees such