U.S. Sugar runs a massive operation, but when it came to Segregation of Duties, complexity was slowing them down. With Pathlock, they turned a high-risk challenge into a streamlined, audit-ready process.
The Challenge: Complex Controls, Limited Visibility
As a vertically integrated agricultural business, U.S. Sugar operates at scale—farming over 245,000 acres and processing sugarcane, citrus, and sweet corn for major national brands. With operations this large and complex, ensuring proper segregation of duties (SoD) across financial systems is not just important—it’s essential for minimizing fraud risk and staying audit-ready.
Initially, the company evaluated SAP’s native GRC module to monitor SoD conflicts. But as Matthew Miller, Sr. Director of IT Business Solutions and Benefits, explains, it quickly became clear that the tool’s complexity and limited usability would create more problems than it solved.
We knew we needed a way to monitor SoD issues and document compensating controls. We looked at SAP GRC, but the reporting wasn’t user-friendly. That’s when we started exploring alternatives.
The Solution: A Flexible, Easy-to-Use Platform
That search led U.S. Sugar to Pathlock (formerly Security Weaver). From the beginning, Pathlock stood out by offering an intuitive user experience, customizable rulesets, and centralized reporting—all critical for a team managing multiple business applications.
U.S. Sugar adopted Pathlock to:
- Analyze and tailor default SoD rules to match their financial workflows
- Apply compensating controls for high-risk access combinations
- Remove access conflicts where possible
- Monitor privileged access using elevated session management
- Automatically document control activities for audit purposes
We took anything rated critical or high risk and either removed transactions from roles, applied compensating controls, or used Pathlock’s elevated access tool,” said Miller. “That allowed us to mitigate all of our SoD issues effectively.
The Results: Stronger Controls, Smoother Audits
Today, Pathlock is a core part of U.S. Sugar’s identity and access governance program. When provisioning users or modifying roles, the company’s security engineers run SoD checks using Pathlock, preventing conflicts before they arise.
During annual audits, Pathlock also plays a key role. By providing system-generated reports that list SoD risks, compensating controls, and elevated access sessions, U.S. Sugar is able to demonstrate compliance quickly and confidently.
And as the company grows through acquisition, Pathlock is proving valuable again. U.S. Sugar is in the process of integrating legacy systems like PeopleSoft into its governance model using Pathlock’s cross-application capabilities, bringing newly acquired environments under the same SoD standards with ease.
We just acquired a refinery that runs on an old version of PeopleSoft. With Pathlock, we can pull in their security data and analyze it in a centralized way.
Lessons Learned: Future-Proofing Compliance
With an eye on the future, including a planned migration to SAP S/4HANA, U.S. Sugar sees Pathlock as pivotal in maintaining control and visibility.
As we move to S/4HANA, we don’t want to introduce new risks. Pathlock gives us the oversight to ensure our controls stay intact and our critical transactions are protected.
The partnership between U.S. Sugar and Pathlock is a testament to the power of aligning usability with compliance. By selecting a solution that addresses the real-world needs of both IT and audit teams, U.S. Sugar streamlined and scaled its risk management process.
