SAP has announced plans to deliver a range of GRC services. The news came at the SAPinsider governance, risk and compliance (GRC) conference in Vienna where the company unveiled details of the first service.
The SAP Cloud Identity Access Governance will deliver Identity as a Service (IDaaS). Built on the SAP HANA Cloud Platform the service and will enable customers to deploy a single sign-on (SSO) solution. For users this will reduce the number of times they have to enter their security credentials. Meanwhile security and operations teams will be able to manage user access and apply compliance controls to data access.
Kevin McCollom, head of solution management for GRC solutions, SAP said: “We are building upon our extensive experience with GRC and security to help customers harness the latest security and performance benefits of SAP HANA Cloud Platform. Our first service, access analysis, is designed to simplify access governance, thereby enabling customers to quickly and reliably assess and mitigate risks to ensure compliance.”
Extending processes and compliance across all platform
There is already a SAP HANA Cloud Platform SSO solution available to customers. This new IDaaS solution will integrate with it and, according to the press release: “Simplify the management of identities across a cloud and on-premises software landscape.” By creating a single SSO for users, IT departments hope to reduce the level of Shadow IT that is currently around the business.
It is Shadow IT that opens the door for hackers. End users reuse their enterprise security credentials on multiple systems to make remembering passwords easy. By using them on a third-party service which is then breached allows hackers to try those credentials on other systems. This is a major concern for IT departments so anything that makes deploying an SSO solution that supports hybrid computing will be welcomed.
SAP is also providing attendees with an update on its GRC tools roadmap. Customers will be keen to see what SAP is going to deliver and when. They will also want to see how they can integrate them into other security solutions. At the moment, SAP has not given much away. For example SAP has not announced any new APIs for its GRC tools.
Conclusion
This is an interesting announcement from SAP. As a German company it will be very aware of the concerns over data privacy and compliance regulation. It will be interesting to see how quickly it brings its Cloud Identity Access Governance, access analysis service to market.
