Sasol ensures Zero Trust for SAP financials with bioLock

Issue 8 2022 Editor's Choice, Cyber Security, Security Services & Risk Management

Sasol is a global chemicals and energy company launched in South Africa over 70 years ago, and is currently listed on the Johannesburg Stock Exchange in South Africa and the New York Stock Exchange in the United States. It employs over 30 000 people and operates in 27 countries.

To assist in running and managing this enormous enterprise with many business units, Sasol makes use of eight SAP systems. The company updated its SAP payment processes making use of bioLock from realtime. A software solution, bioLock secures access to SAP via biometric authentication. However, the system does more than simply control access, it can be configured to protect fields and functions in the SAP system, only allowing certain people to access certain functions.

The latest bioLock MFA4SAP fraud prevention, compliance and accountability solution protects any function inside SAP with multiple authentication factors (MFA), including biometrics. Thomas Neudenberger, COO for realtime North America, says, “With zero trust, no actor can be trusted until they’re verified; bioLock allows you to set unlimited re-authentication checkpoints and use MFA technology, including biometrics, to ensure only specifically invited users get access to sensitive functions or data inside SAP.”

Sasol’s Enterprise Risk Management Framework

The Sasol Enterprise Risk Management (ERM) Framework sets the foundation for the businesses to effectively manage their risks in a standardised and systematic manner to prevent fraud. The goal of Sasol’s adoption of bioLock was to mitigate the risks associated with bank payment approvals and to enforce mandatory dual-approval rules built into the payment process. This necessitated the implementation of biometric authentication for the SAP Digital Signature approval process which, among other benefits, prevents people from circumventing GRC (governance, risk and compliance) roles by using a co-worker’s password, as well as preventing corruption and collusion.

“SAP GRC Software does a great job of defining bank payment amounts that authorised approvers must confirm, and now the GRC’s capabilities stop when the approver uses somebody else's password to approve the payment via SAP Digital Signature,” explains Lungile Mginqi, group CIO at Sasol and a board member of the Africa SAP User Group. “Adding bioLock as the second biometric factor gives Sasol the peace of mind to guarantee that only the intended SAP user, beyond any reasonable doubt, can confirm payment.”

The bioLock MFA process kicks in when an authorised user, having logged into the system initially with their username and password, wants to release a payment. The user is then required to confirm the SAP password sign-off with their fingerprint (the second biometric factor), to make sure the person is who they claim to be. Using biometrics makes the authorisation process very fast and convenient, and more secure, as opposed to the traditional way of having to re-enter their username and password. To change the rules of responsibility in the GRC process, two people are required to authenticate the change via this process – the ‘four-eyes’ principle.

The system monitors all activity and can alert management instantly if any anomalies in the process are discovered. In addition, all activities are logged to hold the appropriate people responsible.

The bioLock software was implemented by authorised realtime partner Linx/AS Africa. For more information contact Werner Simpson, Linx/AS Africa, +27 11 782 9007, [email protected],

For more information and an online simulation of bioLock in action, go to


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Industrial control systems under attack
News Cyber Security
According to Kaspersky ICS CERT statistics, from January to September 2022, 38% of computers in the industrial control systems (ICS) environment in the META region were attacked using multiple means.

Fire-fighting force at Vergelegen
Editor's Choice Fire & Safety Residential Estate (Industry)
Vergelegen wine estate in Somerset West, and its neighbours, are set to enjoy greater peace of mind this summer, thanks to the delivery of a brand new fire truck .

Top fraud trends to watch in 2023
News Security Services & Risk Management
Even though financial concerns remain a significant obstacle for companies in implementing new anti-fraud technologies, 60% of businesses expect an increase in their anti-fraud technology budgets in the next two years.

Healthcare and the edge
Technews Publishing Healthcare (Industry)
With the proliferation of IoT devices in healthcare, more data is generated which drives the need to distribute it efficiently and keep it closer to the user.

Be cautious when receiving deliveries at home
News Perimeter Security, Alarms & Intruder Detection Security Services & Risk Management
Community reports of residents being held up at their gate when collecting fast food deliveries at home are once again surfacing.

KPMG 2022 CEO Outlook, South African edition
Editor's Choice News
Mid-November saw the release of the latest KPMG 2022 CEO Outlook, South African edition, aptly sub-titled ‘Potential Growth in Uncertain Times’.

Do you know where your data is?
Technews Publishing Editor's Choice
Flow Security focuses on making sure companies manage their data security in real time through automated Data Security Posture Management (DSPM).

Two cases of cyber resilience
Technews Publishing Editor's Choice
Infinidat consolidates backups and cyber resilience for a cloud service provider in the healthcare environment, as well as an energy utility based in EMEA.

Are you below the security poverty line?
Technews Publishing Editor's Choice
While management may think their company is pulling its weight in terms of cybersecurity, the security team knows if it is operating below the security poverty line.

Accelerating your Zero Trust journey in manufacturing
IT infrastructure Cyber Security Industrial (Industry)
Francois van Hirtum, CTO of Obscure Technologies, advises manufacturers on a strategic approach to safeguarding their businesses against cyber breaches.