Enterprise resource planning vendor SAP AG and IT management vendor CA have teamed up to pitch integrated offerings that aim to unify the governance, risk and compliance strategies typically segregated between the IT and business sides of an organization. One analyst calls this partnership "disruptive."
Customers lack a framework with which to map out the risks in the IT processes and their impact on business processes, said James Dunham, group vice-president of GRC solutions with Germany-based enterprise resource planning vendor SAP AG. "IT understands risks related to the IT infrastructure, but don't know what processes that impacts on the side the application space," said Dunham.
And execs on the business side may be aware of risks in their business applications, but not how those relate to the IT infrastructure. GRC strategies are siloed even within the IT infrastructure, as well as within the business side, said Dunham.
Integration will be offered initially for the areas of security, IT project and portfolio management, and service performance. The chosen areas resulted from consultation with key customers about their top risk concerns and the drivers behind them, said Tom McHale, vice-president of product management with Islandia, N.Y.-based CA Inc.
That customer feedback led to the companies' offering integration for an initial three groups of products: CA Enterprise Log Manager, CA Clarity PPM, and CA Wily Application Performance Management which will integrate with SAP BusinessObjects Risk Management and SAP BusinessObjects Process Control.
McHale said following this base integration, CA and SAP will continue to offer other integrations and "knocking them off one by one." The result will be a catalogue of use cases, or risk scenarios based on SAP methodology, that address other situations, like how to govern extending the order-to-cash process to a new region.
Vivian Tero, program manager for governance, risk and compliance infrastructure with Framingham, Mass.-based IDC Ltd., thinks that the integration between SAP and CA is definitely "very disruptive" given the flow of information between business and IT is often minimal. "Those processes are very co-dependent, so if there is minimal interaction between the functional units, there's always going to be room for inefficiencies and errors in compliance or risk mitigation," said Tero.
There are other vendors attempting this sort integration, such as Oracle Corp. and Novell Inc., which focus on linking GRC to identity access. But Tero said Oracle and Novell lack the breadth and depth that the SAP and CA partnership will offer. "They're going to be pushing a lot of information -- security and compliance -- up to SAP GRC Manager, which goes beyond just an identity attribute," she said.
The partnership should offer further value given the many joint customers the SAP and CA share, said Tero.
Echoing this, Dunham said the integration will be a differentiator for SAP and CA in the hybrid environments in which they often exist. "We believe that mapping together gives us a real competitive differentiator ... for some of the other larger competitors inside this space, the guys that have a lot of red (Oracle applications) on their box," said Dunham.