Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Service-Oriented Network Architecture

Cisco SONA and SAP Governance, Risk, and Compliance

Promoting a Secure, Responsive Enterprise

Next Step

Read the full-length version of this white paper

Watch a video from Cisco and SAP video on Empowering Business Network Transformation. (2:42 min.)

Read an IDC white paper about governance, risk, and compliance.

When breaches occur in a computer system, enterprises need to respond immediately. Potential breaches are not limited to issues of data privacy and security, but those are the most crucial. Failing to conform to a service-level agreement (SLA) with a customer may threaten a business relationship. Whether the problem is stolen account numbers, hacked e-mails, or missed deadlines, it can severely affect the profitability, reputation, and in some circumstances, viability of the company itself.

Understanding the importance of awareness and response, Cisco and SAP have collaborated on a new security and compliance system. This system connects multiple PCs, mobile devices, remote computers linked through VPNs, and IP phones across the Cisco Service-Oriented Network Architecture (SONA) and ties them into the appropriate business processes that the SAP software solutions govern. The two systems work together to provide an environment that helps to preserve established business relationships and create new business opportunities. Integrating the two systems eliminates disconnects with the external business environment, which means that employees can more accurately monitor business processes.

This secure, responsive environment offers:

  • Real-time event capture across the network
  • Immediate contextual analysis to assess the severity of business impact
  • Predefined steps for escalation and resolution of problems
  • Real-time collaboration with location services
  • Event-driven business networks
  • Transparency and visibility into business processes

To support the responsive enterprise, Cisco and SAP have released three applications, focusing on governance, risk, and compliance (GRC), respectively.

Governance

The governance application integrates events from customer-service applications, IP phones, and historical support interactions, among others, and generates real-time notifications to users based on their location and information delivery capabilities. Cisco SONA technology and the SAP GRC application provide continuous monitoring and periodic compliance testing for customer support SLAs. This governance can apply to various time-based internal or external business commitments, including:

  • Customer loan approvals
  • Delivery times
  • Product spoilage dates
  • Regulatory reporting deadlines

The governance application provides notification before a process fails to meet an SLA performance requirement, thereby providing a reasonable amount of time to respond and eliminate the noncompliance. Enterprises can broadly define the SLAs, referring to any instance in which poor performance would incur a financial penalty.

Risk

The risk application helps to ensure the integrity of critical or classified information, both within the enterprise itself and across logical and geographical borders of the extended enterprise. By analyzing network traffic, the application can identify e-mails or other correspondence that contains sensitive data, for example, credit card or Social Security numbers. Based on predefined business rules, it can instantly determine whether to allow or block the transmission, preventing unintended or premeditated unauthorized distribution of private information. This capability protects the access to and the distribution of sensitive documents, such as:

  • R&D files
  • Personal medical records
  • Financial results

Compliance

This application provides continuous monitoring and periodic testing of the network and IT security environment to detect changes that could compromise IT security compliance. The application focuses on monitoring three critical network events:

  • Unauthorized firewall configuration changes
  • Firewall policy violations
  • Network penetration attempts

It then maps the response to the business processes and controls embedded in the SAP GRC application. Without this continuous monitoring and testing, meeting regulatory requirements would be an expensive burden on an enterprise’s IT department. The enterprise would have to either verify manually the data coming from countless sources or deploy point solutions covering each specific area.

With this Cisco and SAP solution, enterprises can create and sustain significant competitive advantages by:

  • Identifying risk events in real time
  • Quantifying the impact of risk events
  • Routing events to the appropriate business or technology users
  • Developing business processes that eliminate or mitigate the operational and financial impacts of an event
  • Integrating risk management into all areas of the organization