Archer Integrated Risk Management Platform vs. SAP Access Control

RSA Archer is fantastic at cataloguing, personalizing assessments, raw reporting, and capacity to add custom fields. It is a little clunky around adding contextual information to notifications, peeking into data before attempting to load pages, quick navigation or determining linked (or sub-linked) relationships. These are all concerns that can either be worked around with an appropriate data scheme or with careful administration of the sub-routines.

Incentivized

Appropriate for SAP hrs hierarchy integration and can have multiple hierarchies of org structures adopted as alternative workflow support. Cons of access control are the logs of firefighter usage are still limited in depth and does not evolve to adop more cloud products which are coming at a plaster pace than the ac product as such.

• Integration capabilities to multiple enterprise systems
• Control standards and Procedures to address multiple regulatory/authoritative sources, standards and frameworks enabling test once satisfy many requiremnts
• Rapid application development and User friendly tool with configuration capability to customize easily without user requiring programming or coding skills

• SAP Access Control ensures that our services are accessed by the right users since it send me alerts when an employee tries to access any application. That way, I am able to either authorize or cancel the request to safeguard of company data.
• With SAP Access Control, it is easy to automate and monitor how our team access services and applications. SAP Access Control has an automatic feature that notifies me when employees access applications and services and the issues they are encountering.
• In addition, SAP Access Control add security on employees login to ensure that their data on the applications are encrypted to never leak to cyber attackers.

Incentivized

• They release time to time updates, which causes issues in the GUI. However, one has to be careful while installing the update.
• There is no open and free academy to learn more about the tool.
• One cannot stay to a particular product version, they have to move to the next version to keep up with the changes.

Incentivized

• It still uses the webdynpro for the front end. All webdynpro applications should be migrated to Fiori for a better user experience.
• Some functionalities can't manage in mass way. I.E. building derive roles/multiple single roles,
• Interface with LDAP is not efficient.

Incentivized

We are very happy with it.

Good tool to get the information communicated, approval workflow, and easy to add new findings/questionnaires. Seems to be compatible with different browsers and little downtime. Only request for improvement is to add an export feature with fewer clicks. Maybe batch export.

Incentivized

This is a great tool for a medium to large sized company. SAP Access Control requires a great deal of SAP knowledge to use, but it is certainly information that can be learned. Their customer support is wonderful and easy to work with. The overall usability is great. I greatly recommend this software.

Incentivized

Our RSA Archer team is dedicated to finding solutions for our organization. They haven't mentioned any issues with receiving support with deployment or bug fixes, and generally the platform is very dependable. They are always very excited about delivering a version upgrade and presenting any new features that provide more dashboards or chart types.

Incentivized

This product fulfills all our requirements. We can use this for user management, role management, risk analysis, business role management, workflow management. Initial configuration takes a lot of effort. Otherwise it's a great product for the end user. SAP Access Control tool performance needs improvement, sometimes it slows down the processing time for requests.

Incentivized

It has been roughly 5 years since I have seen Securevue, so a lot can change, but to me it felt like several products were purchased and an attempt was made to piece them all together into a single solution (and I believe that may have been true). It also required agents on endpoints which did not fit the model I believed customers were looking for. MetricStream appeared to be difficult to install as it took their own engineers some time to get it installed in my lab environment. I did not think their web interface was as intuitive as RSA Archer. Customization to the platform was possible to some degree, but required a lot more work and technical skills than required by Archer. I did like the landing page for MetricStream which called out the important action items for the current user, but Archer v6.X now has this feature.

Incentivized

Pricing was higher for the cloud version of the BTP service - IAG. SAP Access Control pretty much facilitates everything we are looking for as an enterprise with an efficient dollar cost ROI for the services we are looking for. Also, there were many features on the cloud version which came bundled with the license and we had to pay for them even though we did not actually use these products.

Incentivized

• We were able to achieve approx 63% gain in operational efficiency.
• Reduce the number of findings and exceptions during an Internal audit to almost zero.
• Get compliance to all client contracts tracked through the tool thus increasing the confidence of clients in our systems and processes.

Incentivized

• Reducing risk of fraud. Implementing SAP Access Control allows analysis of every role assigned to a job on the organization. Through this analysis, weakness on roles are detected, corrected and monitored. As the users feel the change, they also feel that they are being monitored, preventing any intent to use his position and privileges to take personal advantage. So a major impact to organizations is to reduce the financial lost due to frauds.
• Reducing cost for monitoring. Another positive impact is lowering the cost of monitoring. This is twofold: First, a rather small team can manage access management. Second, through the use of SAP Access Control the complete universe of roles and users can be monitored without increasing the cost for the continuous monitoring.
• During transactions. The use of SAP Access Controls allows detection of transactions that, from an information security point of view, require some redesign. When SAP GCR is implemented, you make some discoveries such as: obsolete transactions, transactions with no authorization objects and the like. The transactions with these problems can be left out of the active roles, waiting for remediation of the issues found.

Incentivized