The two vendors on Sept. 6 announced a joint marketing and sales relationship centered around three new SAP offerings launched as part of the same introduction: a new SAP GRC (Governance, Risk and Compliance) Repository, GRC Process Control and GRC Risk Management application.
Cisco, through its SONA (Service-Oriented Network Architecture), can help enterprises link business processes managed by SAP software with configuration of and control over the IT infrastructure.
"With the GRC repository, we can store and manage third-party, internal and government compliance content. SAP can then implement best practices and integrate with SONA. [SONA] can then provide in the repository the events captured related to areas we want to manage, whether its policy or compliance," said Amit Chatterjee, senior vice president of governance risk and compliance at SAP, in Palo Alto, Calif.
Officials said the partnership was driven by customer demand.
"Eighty percent of our top 3,000 customers have SAP. This is responding to their request to join the business process side and the IT side," said Paul McNab, marketing vice president at Cisco, in San Jose, Calif. By linking the control and configuration aspects of the SONA architecture to the GRC repository, SAP and Cisco can allow network configuration to be based on business policies. And when specific IT events such as a security breach affect the business, SONA allows business policies to guide the notification process, whether its by e-mail, an automated voice message or another method, he said.
Cisco also brings to the table tools and services to help enterprise customers deploy GRC "from the business and IT perspective" and scale that deployment globally. "Its a match made in heaven," McNab said.
Cisco is developing tools that exploit an existing interface with SAPs NetWeaver, which provides the foundation for GRC, to allow SONA services to be tied into an enterprises GRC system. Some of those services include security, application-oriented networking and location-based services.
"You may want to locate someone before you notify them [of a security breach]. Then once you notify them, what presence capability do they have? Can I set up a voice call, a video conference? The toolkit shows how to tie those services into appropriate applications like GRC that sit on top of NetWeaver," McNab said.
Ultimately, the combination could give enterprises better perspective on how IT fits into risk management, said Kathleen Wilhide, research director for compliance solutions at IDC (International Data Corp.), in Framingham, Mass.
"SAPs offering combined with Ciscos put structure, context and process in place around the different IT activities—how they relate to risks from an IT and business standpoint. This will help prioritize activities—how all the IT processes align with the business processes under Sarbanes-Oxley," she said.
Cisco, which hopes to continue to fuel its growth by moving into the middleware space with SONA, benefits from the SAP relationship by gaining credibility as a middleware company, according to John Rymer, vice president of the development and architecture team at Forrester Research, in Cambridge, Mass.
"SONA is essentially an attempt to provide a middleware environment that runs on switches and routers rather than servers, but its a business that will take Cisco quite a while to develop. Cisco desperately needs this kind of involvement and relationships with software players—SAP being a major provider of enterprise software. If Cisco shows up at GM or Citibank IT and says, Hi, were here to sell you middleware [Cisco would have no credibility] but if they showed up with SAP on this governance initiative, they get a chance to play. Cisco really needs deals like this to make their SONA program fly," he said.
SAP, for its part, benefits from the relationship by getting help in overcoming technical barriers to selling its software, Rymer said. "SONA is an upgrade to an environment that most clients already have: Cisco gear. By performing that upgrade, SAP gets security, location services and other information thats going to be important for them to satisfy that set of problems, without having to go and build it themselves," he said.
The partnership is unique in the industry, although Sun Microsystems has approached the problem from a software perspective, said John Hagerty, vice president at AMR Research, in Boston. The Cisco-SAP partnership "dives into the hardware components. This is untrodden territory," he said.
But the arrangement is not exclusive, and SAP could bring additional vendors into the effort, according to Wilhide.
"I suspect SAP will expand into broader relationships with other IT vendors. Identity management, change and configuration management—these are areas where there are a lot of control weaknesses uncovered, and there are a lot of vendors in those spaces," she said.