Feature Story

By Kat Rollin

April 8, 2008 - Companies today are increasingly faced with the arduous task of complying with national and international regulations governing privacy, security, and financial integrity. Addressing security and compliance in an ad-hoc, reactive manner leads to an inflexible environment with a great deal of manual effort and cost . You need to find a manageable and cost-effective way to accomplish your security and compliance objectives over the long term, in a preventative manner. Sun and SAP can help you implement automated continuous compliance with a solution that integrates Sun identity management solutions with SAP solutions for governance, risk and compliance (GRC).

Complex Environments Require Automated Processes

For many organizations, compliance is difficult simply due to the number of applications in an enterprise, as the proliferation of user identities multiply across the company. The processes for managing access are usually complex and rarely automated, while access to sensitive data and transactions is almost always controlled manually. In order to gain control of this complex environment, you need an automated solution that combines identity lifecycle management with compliance and corporate governance capabilities.

SAP GRC Access Control Manages SAP Users

Today's SAP environment consists of many applications supporting both SAP ERP and non-ERP business functions. Users in the SAP environment are governed by highly customizable, complex authorizations mechanism that can support thousands of users, roles, and processes, all of which require authentication, authorization and testing. For these reasons, SAP user provisioning is best served by SAP's dedicated compliance tool - SAP GRC Access Control, which automates end-to-end GRC processes cross applications and cross processes, including corporate governance and oversight, risk and compliance management, and reporting. SAP GRC Access Control identifies SAP users and prevents access and authorization risks in cross-enterprise IT systems to mitigate fraud and reduce the cost of continuous compliance and control.

Managing Users across the Enterprise

However, to control the entire enterprise IT landscape - including development and QA systems, Web applications, databases, directories, email, legacy and homegrown applications, etc. - for all types of users - a combined solution utilizing Sun Java System Identity Management Suite is required. Sun and SAP offer an integrated solution with Java System Identity Management Suite and SAP GRC Access Control that provides continuous compliance by automating provisioning and auditing of user access across enterprise IT resources, including custom and Web applications, mainframes, directories, databases, operating systems, and ERP applications.

Java System Identity Manager software, recognized by analysts as a leading provisioning solution, helps ensure that access to sensitive information is subject to the most secure control possible by enforcing security policy and global standards through repeatable and sustainable processes. The software provides automated user provisioning and deprovisioning, identity synchronization, password management, end-user self service, audit and compliance, directory services, strong authentication, role-based access control, single sign-on with secure remote access, and federation for millions of users, including extranet users.

Automatic Benefits

The scalability of provisioning from Java System Identity Manager software, combined with the risk analysis and remediation of SAP GRC Access Control, is designed to prevent the chaos that can ensue from cross-application provisioning conflicts. For example it can prevent an accounts payable user from creating a vendor in one system and then paying the same vendor in another system. The solution automatically and continuously monitors user access to reduce the risk of unauthorized user provisioning. And, it automatically detects and reacts to potential risks such as dormant accounts and provides a central point to instantly revoke a user account across all systems in the enterprise. The powerful capabilities of the combined SAP and Sun solution enable:

• Compliance with national and international regulations governing privacy, security, and financial integrity


• Enterprise-wide identity auditing and reporting


• Repeatable, auditable, enforceable security processes through a role- and rule-based approach


• The ability to review the status of access privileges at any time


• The ability to analyze risks and simulate mitigating controls before provisioning


• Accountability for who has access to what and who approved what, and when


• Easy viewing for auditors and process owners

Taking It Step by Step

Implementing anything across the enterprise can be a challenging task. Sun recommends taking a staged approach to implementing GRC in a studied, phased approach to overcome perceived barriers by stakeholders and to maximize return on investment.

Sun and SAP

To deliver the flexibility required to be competitive, you look for partners who intimately understand your challenges and collaborate to provide solutions to address them. Sun and SAP have been doing just that since 1993 when they formed a powerful alliance to provide mission-critical enterprise solutions. As part of the alliance, Sun and SAP work together to develop joint solutions, like the integrated solution for compliance, so you can implement automated, continuous compliance, perform real-time risk analysis, and reduce the risk, time, and cost of compliant user provisioning.

Formerly a systems engineer for Sun, Kat Rollin now reports on partner solutions for sun.com and develops technical marketing communications for the technology industry.