Enhancing SAP Security and Cross system SoD monitoring in a hybrid cloud environment (non-SAP) with Pathlock

A multinational brewery, renowned for its iconic brands and global presence, faced the challenge of monitoring Segregation of Duties (SoD) controls across its diverse hybrid IT landscape. Driven by compliance commitments, cost-saving objectives, and an expanding portfolio of systems, the company needed a robust solution to streamline reporting, enhance control effectiveness, and reduce the cost of control.

The brewery engaged BR1GHT, in collaboration with technology partner Pathlock, to implement a cutting-edge Continuous Controls Monitoring (CCM) platform. The solution enabled real-time monitoring of SoD risks across a diverse range of standard and custom-built applications, providing measurable value through automation, cost savings, and improved compliance.

Phase 1: SoD Monitoring Implementation
Client initiated a project that focused on analyzing seven critical Segregation of Duties (SoD) controls across three (non-SAP) systems. The systems included both off-the-shelf solutions and custom-built applications unique to the brewery’s operations.

The reason behind is that the current way of working is manual, what means that per country, per system, control owners have to run their SoD analysis for each SoD and manually upload this in the global GRC system. By automating this in a central Pathlock repository, the SoD analysis will be done per automatically. Given the fact that this brewery is active in over 190 countries and has more then 25 Non-SAP system, the business case is huge.

Key activities included:

• Developing tailored optimization rulesets based on the client’s control framework.
• Implementing automated SoD monitoring using APIs where available.
• Utilizing Secure File Transfer Protocol (SFTP) for systems without APIs to enable semi-automated analyses.

The pilot phase provided real-time insights into SoD risks, reduced manual effort, and demonstrated the flexibility of the solution across diverse system landscapes.

Phase 2: Lessons Learned and Insights
Throughout the project, BR1GHT and Pathlock identified key insights that informed the success of the implementation:

• Systems with accessible APIs allowed for seamless and fully automated SoD analysis.
• For systems without APIs, SFTP interfaces provided a viable alternative to automate data collection and analysis.
• A collaborative approach with the client’s Compliance team ensured alignment with business objectives and control frameworks.
• Workshops needs to be organized with the business to understand the activities performed in the system (functional workshops) and to understand how these activities are reflect in the system (technical workshops). This all ends up with an upload sheet with can be uploaded by Pathlock to be analysed in future.

These insights enabled BR1GHT to adapt and deliver tailored solutions, setting the foundation for future implementations.