Rick Killpack Senior Product Manager Identity and Security Novell, Inc. sample for a picture in the title slide SAP and Novell: Extending IT Governance and Compliance

Agenda Addressing Today’s GRC Challenges The Solution in Action Why the Novell/SAP Joint Solution?

Cost Competition Compliance Complexity Determining “Who has access to what?” Lowering IT Management Costs Eliminating Security Vulnerabilities Addressing Compliance Demands Integrating Disparate Systems Reducing Duplicated Processes Enabling a Mobile Workforce Gaining Insight Into Risk Addressing Risk Management Requirements Challenges Surround the Enterprise

Performance Improves business predictability Automates and enforces common controls while providing transparency to business processes across the enterprise Improves business predictability Automates and enforces common controls while providing transparency to business processes across the enterprise The Solution In Action Assurance Lowers audit risk and increases compliance Offers customers a new level of confidence that the right controls are in place so only authorized employees have access to sensitive business information Lowers audit risk and increases compliance Offers customers a new level of confidence that the right controls are in place so only authorized employees have access to sensitive business information Simplification Ensures enterprise-wide policy synchronization Eliminates resource silos which produce inefficiencies Automates the process of discovering and remediating high-risk business problems Ensures enterprise-wide policy synchronization Eliminates resource silos which produce inefficiencies Automates the process of discovering and remediating high-risk business problems Business Relevance Meets IT Assurance

Content, Policy and Events Unify Disparate Systems Consulting Partners

Problem: The CIO Cannot Provide Business- Relevant Risk Data to the CFO Toni CIO The enterprise is setup with distributed security domains Issue: Volumes of disparate data make it hard to assess the risk to the enterprise

Convert Raw Data into Information that Provides Full Visibility Monitor all events in the enterprise, injecting identity into access events and correlating those to defined business processes and key risk indicators (KRIs).

Problem: The CIO Wastes Resources on Duplicate Efforts Toni CIO PCISOXPrivacy … Information Security 3 rd PartyHIPAA Line of BusinessCorporateIT Functional Leads Compliance Managers LegalAudit Information Security Service/ Arch Leads Compliance Managers Enterprise groups demand the same data from IT in separate requests Issue: Duplication of efforts consume IT resources and create inconsistencies for the business Enterprise groups demand the same data from IT in separate requests Issue: Duplication of efforts consume IT resources and create inconsistencies for the business

Map controls to defined objectives and processes as well as mapping the process to business owners. Eliminate Duplication of Controls

Cost Impact By the Numbers Average cost to manually map controls US$5,300 per control per year - Source: PricewaterhouseCoopers

Problem: The CIO Cannot Sustain Compliance Demands Toni CIO App Owner User Entitlements & Security Controls Processes Roles Users Audit App Owner Mainframe Exchange Server Site 1 Processes Roles Users Audit Processes Roles Users Audit Processes Roles Users Audit PeopleSoft HR DB Exchange Server Site 2 SOAP Exchange Server Site 3 Java App Exchange Server Site n… User Entitlements & Security Controls Auditor The enterprise is structured with siloed security domains Issue: The sheer volume of disparate processes makes it costly to provide compliance-related data The enterprise is structured with siloed security domains Issue: The sheer volume of disparate processes makes it costly to provide compliance-related data

Automate and enforce common controls while providing transparency to business processes across the enterprise. Processes Users RolesAudit User Entitlements and Security Controls Contain Compliance Costs Through a Sustainable Infrastructure App Owner Exchange Server MainframeSOAPPeopleSoft HR DBJava App Auditor

Cost Impact By the Numbers Average cost savings of automation US$10,936 per 100 users per year - Source: IDC analysis of Novell IDM Technology

Building the Crucial Bridge Between Strategic Applications Strategic Business Applications IT Systems IT Infrastructure IT Processes Novell Compliance Management Platform extension for SAP environments SAP BusinessObjects SAP ERP SAP NetWeaver HCMFINOPS Process Control Risk Management Access Control

The Solution in Action

New Accounting Manager Role-Based Access to SAP System Business Role: Accounting Manager ERP Financials Role: AM1 ReviewPmt BPC Role: Fin23 CreateFinFile Active Directory Role: ADAcctMgr AccessFinFile SAP Portal Role: AcctMgr1 ViewReports SAP Portal Bill Accounting Manager I need to see the latest financial reports Bill goes into the Financial Reporting Area of the SAP Portal to see historical reports that show trends and other information.

New Accounting Manager Role-Based Access to SAP System Business Role: Accounting Manager ERP Financials Role: AM1 ReviewPmt BPC Role: Fin23 CreateFinFile Active Directory Role: ADAcctMgr AccessFinFile SAP Portal Role: AcctMgr1 ViewReports SAP Portal Bill Accounting Manager I need to see the latest financial reports These reports are stored on a SharePoint portal system. A link in the SAP Portal takes users to the page for viewing the historical reports.

New Accounting Manager Role-Based Access to SAP System Business Role: Accounting Manager ERP Financials Role: AM1 ReviewPmt BPC Role: Fin23 CreateFinFile Active Directory Role: ADAcctMgr AccessFinFile SAP Portal Role: AcctMgr1 ViewReports Bill Accounting Manager Why don’t I have access? Bill clicks the link to view the historical reports, but finds he does not have access. SAP Portal

New Accounting Manager Role-Based Access to SAP System SAP Portal Business Role: Accounting Manager ERP Financials Role: AM1 ReviewPmt BPC Role: Fin23 CreateFinFile Active Directory Role: ADAcctMgr AccessFinFile SAP Portal Role: AcctMgr1 ViewReports Bill Accounting Manager Why don’t I have access? Instead of showing an “access denied” message, the Compliance Management Platform asks Bill if he would like to request access.

New Accounting Manager Access Request Business Role: Accounting Manager ERP Financials Role: AM1 ReviewPmt BPC Role: Fin23 CreateFinFile Active Directory Role: ADAcctMgr AccessFinFile SAP Portal Role: AcctMgr1 ViewReports Bill Accounting Manager I guess I will request it. Bill requests access by providing the necessary information in the request form, and then submits it for approval. CMP

New Accounting Manager Request Approval CMP The Compliance Management Platform sees Bill’s access request and sends it to SAP Risk Analysis to check for SoD violations. SAP GRC AC

New Accounting Manager Request Approval CMP The results from the check show no SoD violations. SAP GRC AC

New Accounting Manager Request Approval I don’t see issues with giving him access. John Controller Access Request System: SharePoint Complete tasks assigned by my manager. Requestor: Bill Reason for Request: Approve Reject CMP Bill’s boss, John, sees Bill’s access request for the SharePoint system and the results of the SoD check. He approves the request. SAP GRC AC

New Accounting Manager Granted Access through Bill’s Automated Role Bill Accounting Manager Wow, that was fast. I am glad that there is not a lot of red tape in this organization. Business Role: Accounting Manager SharePointAccess: Approved Bill receives notification that he has been granted access to the SharePoint system.

New Accounting Manager Granted Access through Bill’s Automated Role SAP Portal Bill Accounting Manager Wow, that was fast. I am glad that there is not a lot of red tape in this organization. Business Role: Accounting Manager SharePointAccess: Approved Bill clicks the “View Historical Reports” link in the SAP portal. He finds that he is now properly provisioned to begin working with the reports in the SharePoint system.

Why the Novell/SAP Joint Solution?

A Best-in-Class Joint Solution Enterprise control enforcement (passwords, rights, roles) Automate and enforce business security process Continuous controls monitoring of user access to enterprise resources Provides risk analysis and compliance processes across the enterprise Control user access within the SAP application Increase productivity for managed compliance Manage process for compliance and risk remediation Continuous controls monitoring for applications Compliance Management Platform The joint solution extends identity and security information across SAP and non-SAP systems. SAP GRC

The Novell Difference Proven Interoperability Novell is the first and only vendor to provide SAP-certified integration for all technologies required to provide IT Governance solutions: Identity Management integration with SAP GRC User Provisioning integration with NetWeaver SIEM integration with NetWeaver Audit and Monitoring LDAP Authentication integration with NetWeaver

Looking Forward 2007: SAP and Novell deepen a long-standing partnership with a focus on Linux 2009: CMP becomes the first solution certified with Access Control 2010: Integration with Process Control, Risk Management

The Novell Difference Innovation and Leadership User Provisioning Web Access Management Security Information and Event Management

Over 6,000 Customers Agree

Questions? © SAP 2008 / Page 34 Geoffrey Coulehan, SAP Market Development