Secude and SAP Consulting will assist companies in tackling legislation compliance.
Secude IT Security GmbH joins the SAP Consulting Global Security Alliance to support companies in rapidly implementing the Sarbanes-Oxley guidelines.
The objective of the Global Security Alliance is to provide companies with organisational assistance in selecting and implementing appropriate solutions to comply with the statutory requirements.
European companies listed on the New York Stock Exchange (NYSE) are obliged to implement the requirements of the Sarbanes-Oxley Act (SOX) by the end of 2006. However, the companies themselves are unsure as to which systems and processes are affected by these guidelines. The strategic partnership between Secude and SAP quickly furnishes its clients with an integrated solution for complying with the legal regulations of SOX and other future legal regulations.
“As an IT security solution provider, we feel committed to supplying our clients with products for reducing the corporate risks and for helping them comply with the statutory regulations. The Global Security Alliance represents a major milestone in achieving our aim of being the number one choice for risk management and compliance,” states Dr. Heiner Kromer, CEO of Secude IT Security GmbH.
The Sarbanes-Oxley Act requires companies to evaluate risks that affect their balance sheets and take appropriate counter-measures. In the SAP environment, this means, among others, paying attention to access privileges according to the user’s job and responsibilities.
The SAP authorisation system, therefore, allows the creation of specific user roles and rights. The weakest link in the chain is when someone signs on to an application with a user name and static password. This is considered non-secure, because even a well-maintained rights administration system can easily be circumvented with an attack on a static password. A powerful user authentication method based on digital certificates has been realised for SAP applications through the Secude signon&secure solution. Access to the user sign-in level and thus a circumvention of the user rights can be eliminated in this way.