With high profile data privacy breaches on the rise, SAP and Cisco Systems Inc. are offering a joint application package aimed at increasing enterprise security and compliance capabilities from the application layer to the network layer.
The composite application is comprised of existing SAP and Cisco products that both companies hope will improve the visibility and control over sensitive data and its movement throughout enterprise IT.
The partnership will combine SAP’s governance, risk and compliance solution, GRC Process Control, with Cisco’s Application Oriented Networking software.
The SAP and Cisco partnership was announced at this week’s SAP TechEd 2008 conference in Berlin, Germany.
“The key benefit of this partnership is that you’ll be able to enforce data privacy, minimize your risk and demonstrate continuous compliance,” Sharada Achanta, senior director at SAP’s GRC data privacy solutions, said.
With GRC Process Control, she added, enterprises can create business policies around data privacy and attach controls to those rules. Using Cisco’s intelligent networking technology, IT managers can also implement continuous real-time monitoring and message level inspection of content and data movement to actually enforce privacy policies – a capability that was lacking in SAP’s business intelligence (BI) portfolio.
“For quite some time, we’ve been able to understand data moving on the network, but we didn’t have the context associated with that data,” Vaughn Miller, director of business development at Cisco, said. “The business intelligence that has been added by the SAP application – in the fact that we now know the type of data, the sensitivity of the data and how it related to our business – has made this joint solution a powerful tool.”
Achanta said using Cisco’s location awareness technology, a user may be able to access certain information while in their California-based company headquarters, but have that access restricted to comply with local data privacy laws while in Shanghai or Tokyo.
“Another example would be a customer service representative who accesses 15 or 20 records throughout the course of their day, but then suddenly downloads 10,000 records at the end of their shift,” she said. “This solution tracks data in motion, so you’re able to actually see these potential illegal downloads and flag them at the networking level.”
Even non-malicious incidents, such as a HR professional who accidently sends confidential employee records and Social Insurance Numbers to the wrong e-mail contact, can be prevented using the application package, Achanta said.
“You know how often that happens in Outlook – we send something and then go ‘oops, I didn’t mean to do that,’” she added. “It can be a serious data breach or a minor thing, but a solution like this allows you to detect these breaches and put the policies in place to prevent them from ever happening,”
Ross Armstrong, senior research analyst at London, Ont.-based Info-Tech Research Group, said that while other vendors have already gone to market with converged compliance and security products, Cisco and SAP’s federated solution gives them a competitive advantage.
“Where normally you have GRC solutions focused internally on the organization and day-to-day operations of the company, what SAP and Cisco is doing will allow companies to extent that governance and control to reassure other organizations involved in the supply chain and external business partners,” he said.
Armstrong added that Info-Tech has been advocating the need to bring compliance and IT security together under a unified framework of broader risk management practices. “We’ve seen vendors heed the call on that and releasing products that dovetail security and compliance together. What remains to be seen is if there’s going to be greater adoption in the marketplace.”
According to SAP and Cisco, with more companies becoming part of global business networks and establishing operations across various borders, data privacy enforcement has come face-to-face with new regulatory requirements such as safe-harbour laws, privacy, finance, intellectual property and identity theft legislation.
Achanta added that given the struggling economy, the SAP and Cisco partnership will allow many large enterprises to take advantage of the SAP or Cisco infrastructure they already have in place and add to it in a cost efficient manner.
“There’s an 80 per cent overlap between the SAP and Cisco customer bases,” she said. “We’re going in with people who already have a lot of the technology we’re talking about and will be able to leverage it more effectively now.”
In terms of cost concerns though, Armstrong wondered whether Cisco and SAP plans to address cost sharing models for organizations looking to extend their integration to external business partners.
“If you’re a North American organization looking to extent your GRC function externally and incorporate other supply chain and business partners and purchase this system, which companies are then responsible for sharing that cost,” he asked. This is a concern that will eventually be brought up by clients, customers and IT practitioners, because one company is not going to want to shoulder that cost of software acquisition, installation, integration and maintenance, he said. SAP and Cisco declined to comment on any questions around pricing.
The composite application is available now on the service marketplace from SAP or through Cisco channel partners.