Application security, especially in enterprise resource planning (ERP) systems such as SAP, tends to be complex and fragmented across organizational silos. Because of the lack of ownership and knowledge of associated technologies, security controls are often inconsistent and manually enforced. The result is increased and unnecessary exposure to many risks, including, but not limited to, internal fraud, data breaches, loss of intellectual property, damage to brand reputation, and compliance violations.
According to the Privacy Rights Clearinghouse, improper access has been a factor in more than 300 data breach incidents in the past five years. And at one leading financial institution, a former vice president in the internal finance department allegedly used his excessive access rights to embezzle more than US$19 million; he was able to quietly transfer the funds between several corporate accounts and his personal account at another financial institution.