Rick Killpack

Senior Product Manager

Identity and Security

Novell, Inc.

sample for a

picture in the title

slide

SAP and Novell: Extending IT Governance and Compliance

Agenda

• Addressing Today’s GRC Challenges

• The Solution in Action

• Why the Novell/SAP Joint Solution?

Cost Competition

Co

mp

lian

ceC

om

plexity

Determining“Who has access

to what?”

LoweringIT Management

Costs

EliminatingSecurity

Vulnerabilities

AddressingComplianceDemands

IntegratingDisparateSystems

ReducingDuplicated Processes

Enablinga Mobile Workforce

Gaining Insight

Into Risk

Addressing Risk ManagementRequirements

Challenges Surround the Enterprise

PerformancePerformance

• Improves business predictability• Automates and enforces common controls while providing transparency to business processes across the enterprise

• Improves business predictability• Automates and enforces common controls while providing transparency to business processes across the enterprise

The Solution In ActionAssuranceAssurance

• Lowers audit risk and increases compliance• Offers customers a new level of confidence that the right controls are in place so only authorized employees have access to sensitive business information

• Lowers audit risk and increases compliance• Offers customers a new level of confidence that the right controls are in place so only authorized employees have access to sensitive business information

SimplificationSimplification

• Ensures enterprise-wide policy synchronization• Eliminates resource silos which produce inefficiencies• Automates the process of discovering and remediating high-risk business problems

• Ensures enterprise-wide policy synchronization• Eliminates resource silos which produce inefficiencies• Automates the process of discovering and remediating high-risk business problems

Business Relevance Meets IT Assurance

Content, Policy and Events Unify Disparate Systems

ConsultingPartners

Problem: The CIO Cannot Provide Business-Relevant Risk Data to the CFO

Toni

CIO

The enterprise is setup with distributed security domainsIssue: Volumes of disparate data make it hard to assess the risk to the enterprise

Convert Raw Data into Information that Provides Full Visibility

Monitor all events in the enterprise, injecting identity into access events and correlating those to defined business processes and key risk indicators (KRIs).

Problem: The CIO Wastes Resources on Duplicate Efforts

Toni

CIO

PCI SOX Privacy … Information Security 3rd Party HIPAA

Line of Business Corporate IT

Functional Leads

Compliance Managers Legal Audit

Information Security

Service/ Arch Leads

Compliance Managers

Enterprise groups demand the same data from IT in separate requests

Issue: Duplication of efforts consume IT resources and create inconsistencies for the business

Enterprise groups demand the same data from IT in separate requests

Issue: Duplication of efforts consume IT resources and create inconsistencies for the business

Map controls to defined objectives and processes as well as mapping the process to business owners.

Eliminate Duplication of Controls

Cost ImpactBy the Numbers

Average cost to manually map controls

US$5,300 per control per year

- Source: PricewaterhouseCoopers

Problem: The CIO Cannot Sustain Compliance Demands

Toni

CIO

App Owner

User Entitlements & Security Controls

ProcessesRoles

UsersAudit

App OwnerApp Owner App Owner

Mainframe

Exchange Server

Site 1

ProcessesRoles

UsersAudit

ProcessesRoles

UsersAudit

ProcessesRoles

UsersAudit

PeopleSoft HR DB

Exchange Server

Site 2

SOAP

Exchange Server

Site 3

Java App

Exchange Server

Site n…

User Entitlements & Security Controls

User Entitlements & Security Controls

User Entitlements & Security Controls

Auditor

The enterprise is structured with siloed security domains

Issue: The sheer volume of disparate processes makes it costlyto provide compliance-related data

The enterprise is structured with siloed security domains

Issue: The sheer volume of disparate processes makes it costlyto provide compliance-related data

Automate and enforce common controls while providing transparencyto business processes across the enterprise.

Processes Users

Roles Audit

User Entitlementsand Security Controls

Contain Compliance Costs Through a Sustainable Infrastructure

App Owner App OwnerApp Owner App Owner

Exchange ServerMainframe SOAP PeopleSoft HR DB Java App

Auditor

Cost ImpactBy the Numbers

Average cost savings of automation

US$10,936 per 100 users per year

- Source: IDC analysis of Novell IDM Technology

Building the Crucial Bridge Between Strategic Applications

Strategic Business Applications

Strategic Business Applications

IT SystemsIT Systems

IT InfrastructureIT Infrastructure

IT ProcessesIT Processes

Novell Compliance Management

Platformextension for

SAP environments

SAP BusinessObjects

SAP ERP

SAP NetWeaver

HCM FIN OPS

Process Control

Risk Management

Access Control

The Solution in Action

New Accounting ManagerRole-Based Access to SAP System

Business Role: Accounting Manager

ERP FinancialsRole: AM1

• ReviewPmt

BPCRole: Fin23

• CreateFinFile

Active DirectoryRole:

ADAcctMgr• AccessFinFile

SAP PortalRole:

AcctMgr1• ViewReports

SAP Portal

Bill

Accounting Manager

I need to see the latest

financial reports

Bill goes into the Financial Reporting Area of the SAP Portal to see historical reports that show trends and other information.

New Accounting ManagerRole-Based Access to SAP System

Business Role: Accounting Manager

ERP FinancialsRole: AM1

• ReviewPmt

BPCRole: Fin23

• CreateFinFile

Active DirectoryRole:

ADAcctMgr• AccessFinFile

SAP PortalRole:

AcctMgr1• ViewReports

SAP Portal

Bill

Accounting Manager

I need to see the latest

financial reports

These reports are stored on a SharePoint portal system. A link in the SAP Portal takes users to the page for viewing the historical reports.

New Accounting ManagerRole-Based Access to SAP System

Business Role: Accounting Manager

ERP FinancialsRole: AM1

• ReviewPmt

BPCRole: Fin23

• CreateFinFile

Active DirectoryRole:

ADAcctMgr• AccessFinFile

SAP PortalRole:

AcctMgr1• ViewReports

Bill

Accounting Manager

Why don’t I have access?

Bill clicks the link to view the historical reports, but finds he does not have access.

SAP Portal

New Accounting ManagerRole-Based Access to SAP System

SAP Portal

Business Role: Accounting Manager

ERP FinancialsRole: AM1

• ReviewPmt

BPCRole: Fin23

• CreateFinFile

Active DirectoryRole:

ADAcctMgr• AccessFinFile

SAP PortalRole:

AcctMgr1• ViewReports

Bill

Accounting Manager

Why don’t I have access?

Instead of showing an “access denied” message, the Compliance Management Platform asks Bill if he would like to request access.

New Accounting ManagerAccess Request

Business Role: Accounting Manager

ERP FinancialsRole: AM1

• ReviewPmt

BPCRole: Fin23

• CreateFinFile

Active DirectoryRole:

ADAcctMgr• AccessFinFile

SAP PortalRole:

AcctMgr1• ViewReports

Bill

Accounting Manager

I guess I will request it.

Bill requests access by providing the necessary information in the request form, and then submits it for approval.

CMP

New Accounting ManagerRequest Approval

CMP

The Compliance Management Platform sees Bill’s access request and sends it to SAP Risk Analysis to check for SoD violations.

SAP GRCAC

New Accounting ManagerRequest Approval

CMP

The results from the check show no SoD violations.

SAP GRCAC

New Accounting ManagerRequest Approval

I don’t see issues with giving him

access.

John

Controller

Access Request

System: SharePoint

Complete tasks assigned by my manager.

Requestor: Bill

Reason for Request:

Approve

Reject

CMP

Bill’s boss, John, sees Bill’s access request for the SharePoint system and the results of the SoD check. He approves the request.

SAP GRCAC

New Accounting ManagerGranted Access through Bill’s Automated Role

Bill

Accounting Manager

Wow, that was fast. I am glad that there is not a lot of red tape in this organization.

Business Role: Accounting Manager

SharePointAccess: Approved

Bill receives notification that he has been granted access to the SharePoint system.

New Accounting ManagerGranted Access through Bill’s Automated Role

SAP Portal

Bill

Accounting Manager

Wow, that was fast. I am glad that there is not a lot of red tape in this organization.

Business Role: Accounting Manager

SharePointAccess: Approved

Bill clicks the “View Historical Reports” link in the SAP portal. He finds that he is now properly provisioned to begin working with the reports in the SharePoint system.

Why the Novell/SAP Joint Solution?

A Best-in-Class Joint Solution

• Enterprise control enforcement (passwords, rights, roles)

• Automate and enforce business security process

• Continuous controls monitoring of user access to enterprise resources

• Provides risk analysis and compliance processes across the enterprise

• Control user access within the SAP application

• Increase productivity for managed compliance

• Manage process for compliance and risk remediation

• Continuous controls monitoring for applications

Compliance Management

Platform

The joint solution extends identity and security

information across SAP and non-SAP systems.

SAP GRC

The Novell Difference

Proven Interoperability

Novell is the first and only vendor to provide SAP-certified integration for all technologies required to provide IT Governance solutions:

• Identity Management integration with SAP GRC• User Provisioning integration with NetWeaver• SIEM integration with NetWeaver Audit and

Monitoring• LDAP Authentication integration with NetWeaver

Looking Forward

2007: SAP and Novell deepen a long-standing

partnership with a focus on Linux

2009: CMP becomes the first solution certified with

Access Control

2010: Integration with Process Control,

Risk Management

The Novell Difference

Innovation and Leadership

User Provisioning

Web Access Management

Security Information and Event Management

Over 6,000 Customers Agree

Questions?

© SAP 2008 / Page 34 Geoffrey Coulehan, SAP Market Development