Hello. Good afternoon, everyone. So I am not the last one before the cocktail but almost the last one. So you guys are almost there. So let us go with the presentation. So my name is Samuel Lopez. I work for the company Holcim.
I have not even prepared a slide to introduce myself because I think that the most important part for you guys is to understand what we have done and what we have solved with our problem. So let us go directly to the presentation.
And even before I go through the agenda, I would like to start today with one single question. Let me say that it is a kind of survey. This is a question that I will try to answer at the very end. And I would like that you will think a little bit about it during my presentation. The question is not that complex, right? Who is more risky?
And I have four guys here. The guy number one said, I have domain admin rights on Active Directory. OK, it is a quite powerful guy. The second guy said, I operate all the assets in the public cloud, also have a good power, good responsibility. The guy number three say, I operate all the user roles and profiles in SAP, so is the typical SAP-authorization consultant.
And the guy number four said, I have the back chain. The chain is important here, right on the SIP, another guy with the important power. So which one? Quick survey, raising the hand, the ones who think that the more risky is number one. Just one? Two? Not too many.
OK, what about number two? Raising hand, please. OK, the cloud administrators are useless or look like there are not much cloud administrators in this room. What about number three? Anyone think that-- OK, some people there. And what about number four? OK, much more people here. So look like the number four is the winner here. So we will see during the session.
So it was just to start. So let me go through the agenda. So these are the topics that we have for today. Four main areas, first one I will explain a little bit who we are, who is our company, what we do, briefly. The second thing will be to explain the challenges and the requirements in our privilege and access management project.
Just after, I will try to explain how we have implemented the privileged-access management with a level of detail good enough to allow you replicate the same on your infrastructure, if you want to do so. So it is not just bullet point. It is also, go through the details to let you understand what we have implemented And last but not least, the typical thing, you know KPIs, less or learn steps, so is kind of mandatory in this main-stage presentation
OK, let's go, Holcim-- not sure if any of you have been hearing about Holcim before. So we are a company which has been producing cement aggregates and readymix for GR.
We are based in Switzerland. We are a public company. And we have been on this business for years. We are the thought leader in this area and now extending, also, our product in product and solution, roofing, and this stuff, and with the ambition to make the cities greener and to improve the quality of life for all of us and for sure to drive the community and to the diversity through the more than 60K employees that we have worldwide.
So this is Holcim in terms of company, and just one additional slide in terms of Holcim. This is, how is the IT organizing Holcim? So we are providing IT services to all the countries highlighted in blue on this slide.
We are organizing ourselves in three digital centers. One is in Americas, another one is in EMEA, here in Madrid, where I'm managing the Identity and Asset Management Team. And the last one is in India, to manage all the Asia/Pacific-related area.
So this is our company. And, now, once it has been introduced, I will start sharing with you the challenges which somehow require us to look at solution in the privileged-access management to cover the SAP staff.
First challenge, for sure it will be familiar for you. So we have a user who needs to elevate quite often. So we have people who are working in the SAP authorization teams. We have people working in the SAP base system, sometimes some developers who need to elevate as part of the job, who need to elevate on a daily basis and more than one time.
So for them is not so efficient to request access anytime that they need to elevate. So they have to have the right by default and be in the position to use anytime that they need to use. So in the previous solution that we use it, so they need to make a request. The request has to be approved. So it was not so efficient lead and a poor user experience, operational delays, asset-management fatigue. You know what I'm talking about.
So the second challenge that we have here-- and sorry because it is a little small here-- and this is related to the lack of traceability. I think that I'm going to move to the other side where it is a bit more bigger. So I'm taking better from here.
So, most likely, some of you know about the SAP Firefighter. So SAP Firefighter is a tool in SAP which allow to elevate and which is generating a lot to be up there by some reviewer in the company. But the level of detail is certainly not enough.
So let us suppose that we have a consultant, a technician elevating, and this consultant has using the SN35. This is a transaction, which allow to modify data in the SAP table. So in the
28:52