SAP and Cisco announced this week that they have created a composite application designed to help companies enforce data privacy policies.
It's a partnership which shows that customers are looking to big vendors for security strategies -- and one that could signal more consolidation in this market, analysts said.
"The fact that well-organized crime syndicates are always finding new vulnerabilities to exploit means there will always be an opportunity for new vendors to create new segments to address them," said Dennis Gaughan, vice president of Boston-based AMR Research. "But I do think that the desire of customers to work with a more manageable number of vendors for their security architecture means that we will continue to see rapid consolidation in this market by the largest vendors."
SAP and Cisco still need to prove themselves on the quality and depth of the integration, Gaughan said. Two years ago, SAP announced it would integrate NetWeaver with Cisco's Service-Oriented Network Architecture (SONA). Integration over specific functionality is the primary requirement in solutions around data privacy and security from customers, Gaughan said.
"People recognize that they need to implement layers of defenses to adequately protect their information," he said. "And that places a premium on the level of integration provided between vendors so I can share context across enforcement points."
Customers are realizing that bolting on one product after another to deal with security threats is unmanageable in the long term, Gaughan said. With this application, SAP customers can leverage existing investments in SAP and Cisco to provide capabilities that in most cases would have required a separate vendor. Also, there's roughly an 80% overlap between the SAP and Cisco install bases, according to SAP.
"We see more calls from customers that are asking about what parts of the security infrastructure they can single source and who are the vendors that can help them," Gaughan said.
Moreover, this data privacy application allows a company to consolidate its GRC operations around a central point of control, when they are typically run as "islands of operation" in separate departments, according to Michael Rasmussen, president of Corporate Integrity, a Waterford, Wis.-based GRC research firm.
The composite application, which combines SAP's GRC products and Cisco's intelligent network services, not only monitors sensitive data and catches possible breaches; it also understands the context of that data in initiating corrective and preventive actions, helping companies enforce network-level policies that match business-level ones, according to SAP's Sharada Achanta, senior director of SAP GRC data privacy solutions.
Cisco's director of business development, Vaughn Miller, said that Cisco now has the ability to see the context of the data from a business perspective -- a key component of data privacy -- and understand the action that must be taken.
"I can't think of vendors better positioned to understand the context of information being used in an SAP application or running across a network than SAP and Cisco," Gaughan said.
Achanta gave the example of an employee sending an email containing a social security number to the wrong person. The Cisco-SAP application can quarantine the message and prevent it from ever reaching its destination. But if there's a legitimate reason for sending the email, the application can be set up to monitor what's going on and send alerts, Achanta said.
"By driving compliance further into the network, users can continue doing their work in business applications uninterrupted while IT centrally deploys and manages many security controls," said Brian Parker, principal with Deloitte & Touche LLP, in a press release. "This approach to data privacy can help to safeguard customers' data regardless of where it resides in the enterprise."
Also, it opens up a wealth of other opportunities for businesses to collaborate, Miller said. "You can put in place business policies that automatically allow data sharing with one particular partner but prevent data from going to others."