In any online collaboration, fear is never far from the surface. Whether they are connected through the Internet or through back-end communication, companies fear for the safety of their data.
SAP AG takes that fear into consideration with the security features of its mySAP.com software platform, which allows for collaborative e-business via portals and marketplaces. To prevent the wrong eyes from peeking at a company's data, SAP designed a three-step process for e-business security to encompass registration, authentication and authorization.
The first step in SAP security is to define a security policy, according to Sachar Paulus, an SAP director of product management. A company needs to define goals and decide which data will be kept private at the management level, as well as at the IT level.
Next, the company needs to implement the processes for security. SAP provides a set of standard processes, sufficient for 80% of transactions, he said. These processes cover user management, which is typically the most expensive due to the different rules that need to be implemented.
The third step is applying the security technology, such as a single sign-on. SAP supports security markup language, digital signatures, Public-Key Cryptography Standards (PKCS) standards and x.509 standard certificates, according to Paulus.
"We provide interfaces for all of this ... so customers don't need to buy additional software if they don't have specific needs," he said.
The security for mySAP is basic security out of the box, said Lance Travis, service director at Boston-based AMR Research. "It's middle-of-the-pack, comparable to everyone else that has an Internet application," he said.
For customers needing higher levels of security, SAP has partnerships with Entrust, RSA, VeriSign, Computer Associates International and Safelayer, among others, Paulus said.
SAP could be better at providing more support for security and being more aggressive with its security partnerships, Travis said.
Overall, though, security for mySAP is as tight as anybody else's, and companies don't need to worry about their data, said Travis. "What they provide native is what 60% of the people in the world are comfortable with,'' he said. "For those who are either more security conscious or have more stringent requirements, third parties get (those companies) the things they need."
FOR MORE INFORMATION: