As the chief supplier of enterprise resource planning software in the world, SAP handles the running of companies and covers everything from accounting, stock management, human resources and sales, to customer relationship management. Because of the sheer size of the global offering, it's often difficult for smaller businesses to get the local support they need when it comes to managing the provision and risks associated with user access.
This is where local start-up Soterion Technologies comes in. Co-founded by Johan van Noordwyk and Dudley Cartwright, the company provides a software solution to empower smaller SAP customers to achieve compliance where this was not previously possible, due to cost or skills deficits.
A lightbulb moment
While working in the SAP Authorisations industry, it came to their attention that "most small to medium-sized organisations were having trouble with their SAP access risk and compliance", recalls Van Noordwyk. "Although there are a number of tools for dealing with this problem, most of them were simply too expensive for the smaller companies to use, and because their authorisation solutions lacked maturity, it was difficult for these companies to derive value from bigger, more complex solutions."
Cartwright initially contacted Van Noordwyk to help write a small program to better serve a particular client's needs. "Once we started building the application, we knew it would be worth our while to build a business around it. After many weekends, much sweat and tears, we did our first pilot with Soterion in a client's SAP environment."
User access in SAP can be a complicated area to administer and granting too much access can create opportunities for fraud, which presents a huge challenge for SAP customers when it comes to balancing access and risk efficiently. Intended to address this, Soterion's core product is essentially an SAP access risk tool to help SAP customers identify and address their access risk and achieve compliance.
Once we started building the application, we knew it would be worth our while to build a business around it.
"Soterion is used to conduct an inspection of the SAP system - a comparison examining access users have been granted against the access they need to perform their jobs. From this, we can then get an accurate idea of what risks exist within that SAP environment," Cartwright explains.
"We equip users with the means to effectively provision their SAP user access. This application lets them know exactly what risks are involved before any changes in SAP are made," he continues. "We also believe the workflow process should involve business owners and, accordingly, Soterion makes SAP risk compliance a business issue, instead of just an IT issue.
"We extended the risk access assessment tool to include SAP user licence management and a user performance tool. Being able to see exactly what their users are doing in the system enables correct classification of user types. The ability to monitor user activity levels across the entire SAP system permits performance reporting and comparisons across departments or geographic locations. From this, it becomes possible to identify where additional training might be required, or where a business process might need to be improved," says Cartwright.
Next stop: the world
"Where other access risk tools can be expensive and complicated, we deliver a product that is simple, affordable and that actually gives our users actionable advice," says Van Noordwyk. "We offer our customers insight into their SAP user licensing and give them the tools to monitor their users' performance.
We believe the workflow process should involve business owners. Soterion makes SAP risk compliance a business issue, instead of just an IT issue.
"Our focus on small to mid-sized SAP customers makes us appealing because, in addition to affordable software rentals, our consultation offering helps users see a return on their investment literally within days," he clarifies.
"From a business perspective, we're thrilled with the response we've received from the international market and we will be working with some fantastic partners. From a technical perspective, we're excited to bring our software as a service (SaaS) offering to market soon. By bringing the advantages of the cloud to small and medium-sized SAP customers, we're certain we can pack even more value into our offering," Van Noordwyk concludes.
First published in the June 2013 issue of ITWeb Brainstorm magazine.
Share