View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 9, 2010

Anglian Water taps su53 for SAP risk management

Anglian Water has implemented a new governance, risk and compliance (GRC) service from su53 to ensure the security of its SAP applications

By Steve Evans

Anglian Water has implemented a new governance, risk and compliance (GRC) service from su53 to ensure the security of its SAP applications.

Su53’s Managed Security Service is said to offer firms a cost-effective approach for maintaining SAP GRC controls and expertise. Companies dealing with SAP GRC issues often face a combination of internal workers, contractors, freelancers, outsource partners and temporary staff all working across a number of different locations. This can drive up the cost and complexity of managing the environment.

The su53 Managed Security Service includes a number of features that the company says helps with managing GRC controls. These include security reporting, which provides regular or ad-hoc compliance assessment and GRC/risk review; security advisory and technical support, which manages the GRC system, handling issues and service requests as well as upgrades and support packages and security processing.

Anglian Water has outsourced most of its IT to CSC but wanted to in-source its SAP security operations and used su53’s consultants to achieve that, Sandra San Vicente, IS security risk manager at the firm said. The company started using SAP for about 12 years and has significantly added to its SAP portfolio since then and San Vicente told CBR that it had reached the stage where the security side of its SAP installations had got, "very complex and not many people understood it."

"Su53’s consultants have provided the essential expertise and support during new projects, helped boost the skills of our in-house team, and worked with us to ensure all the necessary knowledge is effectively transferred," San Vicente said, adding that the flexibility of su53’s consultants – who would often work on projects for a couple of days a week as needed – was key.

Although many organisations, including Anglian Water, initially bring su53 in for a specific project, Martyn Proctor, managing director at su53, said that strategic relationships often develop. "Clients come to us when they realise there are potential problems that need addressing before an audit. However, over time they discover that the continually changing nature of their business means that controls need to be constantly updated," he said.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

The company is based in Northern Ireland so it benefits from lower operating costs and means customer data is kept within the European region, which Proctor said is key for gaining customer support and trust.

Proctor said that su53 believes it is filling a hole in the market that none of the bigger vendors are addressing yet but added the firm isn’t looking to expand its horizons just yet. "Any application that is installed across the network at a business means complexity and security issues," he told CBR. "We are currently very focused on SAP because it’s an enormous market and will certainly keep us going for a while. There is no harm in being a specialist in this sort of space."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU