Enterprise Services Outlook Logo

Winterhawk Consulting: Building Resilient SAP GRC Solutions for Enterprises

The number of high profile cyber breaches has considerably increased in the past few years. According to estimates by the Center for Strategic and International Studies, cyber crime costs the global economy over $400 billion per year. As a consequence, cyber security has become one of the top most priorities for enterprises worldwide. However most companies are not well equipped to deal with these threats as attackers are often one step ahead of enterprises. World Economic Forum’s Global Risks 2015 report concluded that “90 percent of companies worldwide recognize they are insufficiently prepared to protect themselves against [cyber attacks].”
Fortunately, companies today recognize the risks posed by cyber-crime and are increasing their spending on security and compliances. The need of the hour is to build enough security cover for their internal applications and deploy solutions that ensure privacy, employ segregation of duties, limits unwarranted accesses and prevents identity thefts—all in compliance with stipulated regulatory norms. “Obviously, it’s a daunting task for businesses to ensure total compliance, and this is particularly true for complex and critical business applications such as SAP,” says Charles Braswell, Managing Partner, Winterhawk Consulting, an SAP Services Partner and global provider of Governance, Risk, and Compliance (GRC) services. Although the market has countless SAP solution providers, there are very few firms with in depth expertise in providing a protective shield for the SAP applications. This is where Winterhawk comes in. Leveraging its experienced resources, sophisticated methodologies and tools to provide cost effective, high quality customer focused solutions, Winterhawk assists clients with complying with their GRC (Governance risk and compliance) requirements and alleviating their security concerns. The organization renders comprehensive solutions and services related to SAP GRC, SAP Cyber Security, SAP Role Design, SAP Fraud Management and SAP Audit for an organization’s complex compliance needs.
Founded in 2012, the organization has experienced significant growth each year. Prestigious names such as PEPSICO, Arthrex, CSC, Elster Group, Carrier, AmeriGas, Carlsberg, Molson Coors and several others have put their trust in Winterhawk’s expert services. The company has also been successful in enhancing its credibility and expanding its service offerings by building strategic partnerships with industry leaders such as SAP, CLEMATIS, Onapsis, EPI-USE Labs, and Greenlight Technologies.
Leveraging Experience to Build a Strong Organization
Winterhawk consulting is led by industry veterans, Charles Braswell, Kim Barnett, Rick Wilson, and Bill Oliver. Mr. Braswell is the Managing Partner with close to 20 years of experience working with organizations to solve their SAP security and compliance issues. “Organizations often struggle while addressing various aspects of GRC mostly due to their lack of a holistic view of GRC processes.” he explains. Winterhawk was founded with an objective to help companies mitigate these challenges and to render high quality, customer focused solutions that enable customers to optimize their value on SAP Security and GRC spending.
Comprehensive SAP GRC Solutions and Services
Headquartered in Lakeland, FL USA and with offices in the United Kingdom and the Philippines, Winterhawk Consulting offers solutions and services related to SAP GRC & SAP Identity Management implementations and upgrades, SAP Penetration Testing and Vulnerability Assessments, SAP Role Designs, SAP Audit, Managed GRC Services and Staff Augmentation. Kim Barnett explains the company’s approach, “To bring a definitive change, we work closely with our customers to determine their needs and objectives and align those needs and objectives with our expert resources and the appropriate Winterhawk service offering.”
At the onset of their every project, Winterhawk’s project leaders ensure that the deployed resources specifically match client’s business needs and are capable of delivering the right solution—further ascertaining proper alignment of the company’s resources and client’s needs. Winterhawk also offers several on-shore/off-shore sourcing options to meet customer’s specific needs for both project related initiatives and comprehensive Managed Services.
Being a SAP Services Partner and a global provider of Governance, Risk, and Compliance (GRC) services, Winterhawk is an expert at providing SAP Security Services. It includes implementing designing and deploying SAP Security Roles, Performing SAP Security redesigns, assisting organizations with

Companies today recognize the risks posed by cyber-crime and are increasing their spending on security and compliances

CIO VendorCharles Braswell, Managing Partner
Segregation of Duty (SoD) remediation, migrating customers from Approva BizRight products to SAP GRC products, and implementing Identity Management (IDM) solutions. The company also provides managed GRC services to organizations that wish to outsource parts or all of their GRC functions. Winterhawk’s cloud solutions and other comprehensive SAP Audit services add up to complete the entire GRC lifecycle.
By deploying sophisticated methodologies and tools, Winterhawk ensures quality, and optimizes cost of services. The organization mitigates project risks and accelerates project timelines which in turn increases the value of their client’s SAP GRC investments. The toolsets deployed by Winterhawk have been effectively leveraged on dozens of projects and are designed to accelerate project timelines and increase the quality of deliverables.
Working Closely With Clients to Ensure Success
In addition to offering on-site deployments of SAP GRC, Winterhawk also offers SAP GRC through the cloud. A cloud deployment of SAP GRC ensures the solution is deployed rapidly with minimal IT resources and business downtime. Moreover, it reduces complexity during implementation, and manages risks in a cost effective manner. Winterhawk leverages SAP’s Identity Management Solution (IDM) to assist customers in reducing administrative costs and SoD risks, and ensuring compliance. It improves efficiency and speeds up administrative functions related to the user provisioning process. Rick Wilson, Winterhawk’s SAP idM practice lead, says, “At Winterhawk we believe it’s critical to understand our customers’ requirements, and define the key ‘success factors’ for an Identity Management implementation or integration. By deploying the right blend of technologies, management policies and business processes, IDM is integrated into client’s day-to-day operations and processes. Winterhawk customers have seen high value returns on their idM investments through cost reductions driven by the automation of previously manual intensive processes.”
In its SAP Audit service line, Winterhawk’s consultants work closely with clients to perform SAP audit tasks. By objectively scrutinizing client’s existing implementations, Winterhawk consultants assess risks and security issues. Winterhawk’s SAP Audit services, include:
• SAP Pre-Implementation Reviews;
• SAP Application Controls Reviews;
• SAP General Computer Controls Reviews;
• SAP Security Audit;
• SAP Audit Outsourcing / Co-Sourcing;
• SAP Control Rationalization; and
• SAP Control Optimization.
Winterhawk’s SAP Penetration services looks into protecting client’s SAP business platform from external as well as internal compliance and security threats. It goes on to analyze vulnerabilities that potential attackers usually adapt to gain access such as identifying the target SAP systems on the network, detecting existing vulnerabilities and exploiting them to gain access. Winterhawk’s consultants, working inside the system with the customer’s approval provides Proof-of-concept solutions which help the clients better understand the real impact of a security breach.
Given its unique and wide ranging services, Winterhawk has had significant success so far in providing governance and security compliance solutions. Its continuous focus and dedication in providing services has earned it several prestigious awards including being listed among ‘CIO Review’s 20 Most Promising Consulting Providers’. Going forward, the company plans to further deepen its focus on providing GRC services. It also plans to spearhead services in areas such as SAP’s Business Planning and Consolidation and SAP Basis / Hana—steps that would further fortify company’s current leadership position in the industry.