Enterprise applications vendor SAP and networking company Cisco Systems are touting their new marketing alliance on governance, risk and compliance (GRC) business processes as a major milestone in their 18-month-old partnership.
"This puts together two giants in their fields," Shai Agassi, president, product and technology group at SAP, said during a Wednesday conference call. "It allows us to look at the GRC problem from top down with [SAP's] processes and information, and from the bottom up with [Cisco's] network and infrastructure, and then connect up the dots."
The two companies firmly cemented their budding friendship in May 2005 when Cisco signed up to license SAP's service-oriented architecture (SOA) platform known as Enterprise Services Architecture (ESA).
Since that time, the vendors have been discussing a variety of areas for cooperation, but the move to team up on GRC announced Wednesday was driven by their customers, according to Doug Merritt, executive vice president and general manager of SAP's suite optimization products and technology group. Some 80 percent of SAP's customers also use Cisco technology.
The move brings together SAP's upcoming trio of new GRC applications with Cisco's service-oriented network architecture (SONA), which debuted in December. SONA aims to link together all the IT resources in an enterprise's network including servers and storage, building more intelligence into the network through the use of services that operate across all the resources.
The new SAP products are GRC Repository and GRC Process Control, due out on Nov. 30, and GRC Risk Management expected to ship sometime in December. Cisco hopes to come out with tools and adaptors to make it easier for customers to use the GRC/Sona combination in the same time frame, said Bill Ruh, vice president of advanced services at Cisco.
The relationship is initially focused on SAP and Cisco working with customers and partners in the U.S. and Canada, but the vendors plans to expand the deal to include other geographies, Merritt said. When SAP's products appear later this year, they will be available globally. The vendor has yet to release pricing for the new GRC applications and although it's offering them as separate products, Merritt expects them mostly to be bundled with existing GRC applications such as Compliance Calibrator and Firefighter.
SAP is planning other third-party vendor partnership announcements around its GRC offerings, but its executives Wednesday kept emphasizing the "unique" nature of the tie-up with Cisco.
Over the past four to five months, the two companies have been working on integrating Cisco's network infrastructure with SAP's application infrastructure. They're also defining use cases or real-life scenarios for deploying the GRC/Sona technology combination, Merritt said. So far, the vendors have developed four to five scenarios, in the areas of how best to ensure confidential data like Social Security numbers is not deliberately or inadvertently leaked within or outside a company and around customer support service level agreements.
In recent years, SAP has committed to more collaboration with other IT vendors, Merritt said. "SAP has really changed its stripes; that's hard for a grown tiger to do," he added.
For the moment, the GRC Repository is full of SAP compliance policies, but the vendor's keen to establish "an open ecosystem" around the product, encouraging vendors and customers to populate the repository themselves. Merritt expects SAP to make a number of additional GRC announcements before year-end where customers will commit to help "prime the pump" for content for the repository, he said. Cisco's Ruh agreed. "Within the repository we can see our policies interacting those of our partners and of SAP; there will be a lot of synergies," he added.