Month: September 2006

Doug Merritt, executive vice president and general manager of suite optimization products and technology at SAP, said that consultants in the compliance arena, regulatory bodies and other vendors will also be able to contribute to this repository. “It allows companies to manage hugely heterogeneous landscapes,” noted Merritt. Merritt said the solution will help risk managers and business owners identify financial, legal and operational risks, analyze business opportunities in light of these risks, and develop appropriate responses.

The key to all three solutions, the company said, is that they give line-of-business executives greater visibility of how governance and risk-management policies are implemented and followed in the course of doing business. Effective GRC management can do more than ensure that companies are in compliance with Sarbanes-Oxley and other regulations, said Merritt. “GRC is more business-driven than just keeping the CEO out of jail,” said Merritt in response to a question from internetnews.com during a conference call this week. “Understanding the relative risks and rewards of different activities is as critical or more critical than regulatory reporting,” he said.

Amit Chatterjee, senior vice president of the risk and compliance management unit at SAP, said that whatever can be monitored can be managed.

SAP GRC Repository and SAP GRC Process Control will be generally available Nov. 30. Other solutions, particularly those pertinent to industry verticals, will become part of the new solution during the second quarter of next year.

SAP also announced that it is bringing these products to market jointly with networking solutions vendor Cisco Systems (Quote, Chart).

http://www.internetnews.com/ent-news/article.php/3630606

But the need for network access control won’t wait that long, so businesses will have to continue to control network access using technology already available in some of Cisco’s products and through other security vendors.

By year’s end, Cisco and Microsoft will offer a limited beta program–with no more than three mutual customers–to gain a more realistic understanding of how their access control technologies will work together. As these beta testers will soon find out, combined network access protection and network access control consists of several client-side software applications that check and communicate the health of laptops, desktops, and other devices attempting to connect into a given network.

On the network side, Cisco routers and switches, Cisco Secure Access Control Server, Microsoft Network Policy Server, and policy servers from other vendors work together to give the thumbs up or thumbs down to any device seeking to connect.

Cisco and Microsoft have cross-licensed the Cisco NAC and Microsoft NAP protocols used to communicate information between clients and networks to help ensure their products continue to work together.

A Forrester Research study of 149 technology decision makers at North American companies found that while more than one-third plan to adopt some type of network access control this year, the rest cite cost and manageability as obstacles to deployment.

http://www.informationweek.com/news/showArticle.jhtml?articleID=192501974