Cisco, SAP launch joint cross-layer composite application

Application enforces data privacy rules at network and application layers

In an atmosphere where government fines for breaches in privacy regulations are increasing, SAP and Cisco unveiled this week Data Privacy Composite Application by SAP and Cisco at the SAP TechEd conference in Berlin.

The application supports compliance with a company’s data privacy policies as well as any external requirements from government agencies. If, for example, an admitting nurse in a hospital attempts to send an e-mail to friends that a celebrity is checking in to the hospital, the SAP-Cisco application would quarantine that e-mail and thus prevent it from being sent.

According to Sharada Achanta, senior director of SAP GRC Data Privacy Solutions, the average cost in the United States for fixing a breach in privacy and related fines is now about $4.8 million per incident.

The composite application is unique in that it takes its components from the SAP application layer and Cisco network layer, making it a network-wide solution rather than a point solution.

Using components from SAP's GRC (Governance Risk Compliance) application portfolio for attaching controls to business processes and documents as they relate to privacy, the controls are enforced at the network layer using Cisco's AON (Application Oriented Networking) middleware. AON adds message-level inspection to the network.

"The business process rules and controls that reside in the application layer and that are usually run by GRC managers have never before been integrated with IT network policies. That makes this unique," said Achanta .

"We are exposing network services at a network layer to the application layer, which means that the network can talk to the GRC process control application and vice versa," added Vaughn Miller, director for business development at Cisco. 

The combined solution would also prevent an employee from transferring data from the network on to transportable media like a USB stick.

Other privacy prevention capabilities include creating privacy policies based on location so that a U.S. employee would be restricted from accessing data residing in another country, and stopping e-mails sent to unauthorized employees or names outside of the company firewall. The solution requires NetWeaver, the BI module, and SAP GRC Process Control 2.5 for the SAP stack. From Cisco, users must have AON.

The solution is shipping now.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies