SAP and Novell announced at TechEd today an expansion of their partnership with a focus on GRC (governance, risk, and compliance) issues. The move combines SAP's business process background (including elements from the BusinessObjects portfolio, which SAP acquired in 2007) with Novell's security and compliance expertise to provide a full GRC solution.
The companies say they have received a lot of feedback from customers and joint partners on GRC issues, which was the impetus for expanding the partnership. Novell Compliance Management Platform extension for SAP environments, Novell Identity Manager, and Novell Sentinel are presently SAP-certified for integration, and the companies plan to roll out a second wave in the next six months based on feedback from customers and partners as to which products need to be integrated.
[ Last week, SAP and HP announced plans to deepen their BI ties. ]
To show how the GRC solutions will work, Jay Roxe, director of solution marketing, identity, and security at Novell, gave the example of segregation of duties violations. "Individuals shouldn't have the ability to both write and approve checks," Roxe said. "If people were granted those permissions in different parts of the system, it would trigger a notification that somebody had been granted invalid access and pass it up to be remediated." In this way, Roxe said, companies can take a preventative stance and sniff out violations before they become a problem instead of having to be in reactive mode and dealing with issues after they arise.
The big-picture goal for SAP and Novell is to simplify GRC by helping companies eliminate resource silos and inefficiencies by automating both the discovery and remediation of compliance issues. In these economic times, a lot of companies could use some of that.