SAP Enables End-to-End Compliant ID Management

LAS VEGAS -- With governance, risk and compliance (GRC) issues acknowledged by leading industry analysts as the number one driver of identity management projects at organizations worldwide, SAP AG (NYSE: SAP) today announced the immediate availability of new GRC Web services from SAP that enable the seamless integration of identity management software solutions with SAP® GRC Access Control, the market-leading application for monitoring and enforcing user access and authorization controls. Based on open standards and built on the SAP NetWeaver® platform, these new Web services from SAP open up the full capabilities of SAP GRC Access Control and allow identity management software vendors to tightly integrate their respective solutions, providing customers with a single set of tools to efficiently and cost-effectively manage user identities, enforce corporate security policies and ensure compliance with regulatory mandates. The announcement was made at SAP® TechEd ’07, being held in Las Vegas, Nevada, Oct. 1 – 5.

SAP, together with leading identity management software providers including IBM and Sun Microsystems, are responding to the challenges faced by CFOs and CIOs in proving to auditors that they are effectively controlling their financial and IT-related risks by combining complete, automated, end-to-end compliance controls with the full range of identity management functionality. In addition to the integration efforts currently underway by IBM and Sun, SAP is also using these new Web services to integrate its SAP NetWeaver® Identity Management component, created following SAP’s acquisition of identity management software provider MaXware earlier this year, with SAP GRC Access Control to provide an end-to-end solution for compliant provisioning across heterogeneous IT environments. The provision of open interfaces to link SAP products with those of third-party software providers continues SAP’s open partner strategy and preserves its customers’ freedom to build and deploy a solution of choice that best fits their needs, using both SAP and non-SAP components.

Compliance continues to be the number one business driver in the identity and access management market, according to industry analyst firm IDC 1. Furthermore, as organizations continue to move to a highly distributed environment of enterprise service-oriented architecture (enterprise SOA), business users are increasingly working with multiple devices, applications and systems, and are often involved in multiple business processes spanning company boundaries with customers, distributors and suppliers. To help companies solve the growing challenge of managing identities and improving security, while at the same time ensuring compliance in this increasingly distributed and highly regulated environment, SAP is providing customers its own solution through its combined GRC and identity management offerings, and is also working with partners such as IBM and Sun to bring together continuous compliance capabilities with core identity management functionality.

“Compliance initiatives are the major driver for the security and identity and access management markets, accounting for more than 70 percent of all revenue,” said Sally Hudson, research director, security products and services, IDC. “As government and industry regulations proliferate, alongside other market forces such as greater security threats and a broadening enterprise workplace, companies will require integrated, standards-based software solutions to successfully manage through this new environment.”

SAP AG (NYSE/Frankfurt: SAP)