Novell Compliance Management Platform Update CMP CMP Extension

  • Slides: 25
Download presentation
Novell Compliance Management Platform Update CMP & CMP Extension for SAP Environments Leo Castro

Novell Compliance Management Platform Update CMP & CMP Extension for SAP Environments Leo Castro Product Marketing Manager lcastro@novell. com Patrick Gookin Product Manager pgookin@novell. com.

Agenda • CMP • Automation Validation • Continuous Compliance • CMP & CMP/SAP Roadmap

Agenda • CMP • Automation Validation • Continuous Compliance • CMP & CMP/SAP Roadmap • CMP 1. 0 SP 2 • SAP • SAP Lab Status • Orion - CMP for SAP 2. 0 2 • CMP 2. 0 Themes • Questions © Novell, Inc. All rights reserved.

CMP & Continuous Compliance

CMP & Continuous Compliance

Automation and Validation Supporting Governance, Risk Management, and Compliance 4 © Novell, Inc. All

Automation and Validation Supporting Governance, Risk Management, and Compliance 4 © Novell, Inc. All rights reserved.

Compliance Management Platform Industry Leading Modular Product Offerings Tightly integrated compliance and governance solutions

Compliance Management Platform Industry Leading Modular Product Offerings Tightly integrated compliance and governance solutions Novell® Access Manager Novell® Identity Manager Solutions Novell® Sentinel™ 5 © Novell, Inc. All rights reserved.

IDC defines an “infrastructure GRC packaged software ecosystem” within which Novell has some coverage

IDC defines an “infrastructure GRC packaged software ecosystem” within which Novell has some coverage Infrastructure GRC Software Information GRC Management Source: 6 IT GRC Management IT Continuous Controls Monitoring Access Control / Segregation Of Duties Analysis IT Security Compliance Audit and Analysis Change Audit and Analysis Database Audit and Analysis IDC’s Worldwide Governance, Risk, and Compliance Infrastructure Taxonomy, 2010 © Novell, Inc. All rights reserved.

Novell and SAP ® Help Customers Drive to Integrated Excellence and Achieve the Right

Novell and SAP ® Help Customers Drive to Integrated Excellence and Achieve the Right Balance of Controls and Processes • Identity / security integration with access controls • Spreadsheets • Manual documentation • Siloed compliance infrastructure 7 © SAP 2008 / Page 7 © Novell, Inc. All rights reserved. • Tight integration with access control and identity management • Fully integrated processes and policies bringing clear visibility to impact on business objectives • Risk management • Security management • Process management • Access management • Integrated “out-ofbox” policies, processes and best practices

SAP – Novell – Deloitte Joint Offerings 8 © SAP 2008 / Page 8

SAP – Novell – Deloitte Joint Offerings 8 © SAP 2008 / Page 8 © Novell, Inc. All rights reserved.

Roadmap

Roadmap

Overall CMP Roadmap Q 3 2010 Q 4 2010 Current Offering • CMP extensions

Overall CMP Roadmap Q 3 2010 Q 4 2010 Current Offering • CMP extensions for SAP environments: Access Control integration 1 H 2011 Orion CMP 2. 0 CMP extensions for SAP environments: IT Continuous Compliance Platform Process Control and Risk Management Integration IT Compliance Manager CMP 1. 0 SP 2 IDM 4. 0 Support Sentinel 6. 2 NAM 3. 1. 2 10 2 H 2011 © Novell, Inc. All rights reserved.

CMP 1. 0 SP 2

CMP 1. 0 SP 2

CMP 1. 0 SP 2 • Q 4 2010 • Product Upgrade Release •

CMP 1. 0 SP 2 • Q 4 2010 • Product Upgrade Release • IDM 4. 0 Support • Sentinel 6. 2 • AM 3. 1. 2 12 © Novell, Inc. All rights reserved.

CMP Extension for SAP Environments

CMP Extension for SAP Environments

CMP SAP Lab Status • Novell SAP Lab • Kudos to Holger Dopp &

CMP SAP Lab Status • Novell SAP Lab • Kudos to Holger Dopp & Rick Moore • Completing SAP Application Configuration • Building out the initial Use Cases • Purpose: • Engineering support • Demo recording capabilities • VM Template capability • NODS Lab • Must aquire hardware • Establish maintenance/support 14 © Novell, Inc. All rights reserved.

Orion - CMP SAP 2. 0 • Q 4 2010 • Expanded SAP GRC

Orion - CMP SAP 2. 0 • Q 4 2010 • Expanded SAP GRC Support • SAP GRC Process Control • SAP GRC Risk Management 15 • SAP GRC Access Control Enhancements • Bug fixes/enhancement requests © Novell, Inc. All rights reserved.

SAP GRC Process Control Integration • Integration with SAP Business. Objects Process Control –

SAP GRC Process Control Integration • Integration with SAP Business. Objects Process Control – – – 16 Development of Process Control Alert Adapters > Occurrence of High-Risk Activities > Occurrence of Process Violations > Occurrence of Critical System Outages Development of Automated Mitigation Controls > Restart Identity Services > Roll-back of Improper Data Changes > Account Locking Scenario Development and Documentation © Novell, Inc. All rights reserved.

SAP GRC Risk Management Integration • • 17 Key Risk Indicator Components – CMP

SAP GRC Risk Management Integration • • 17 Key Risk Indicator Components – CMP KRI Gateway Driver – IT-related KRIs – KRI Dashboards – KRI Reports Integration with SAP Business. Objects Risk Management – Implementation of Event-Based KRI Interfaces – Scenario Development and Documentation © Novell, Inc. All rights reserved.

Novell IT Key Risk Indicator Examples • • • 18 Risky Behavior Indicators >

Novell IT Key Risk Indicator Examples • • • 18 Risky Behavior Indicators > Bad Login Attempts > Password Changes > Authorization Changes IT Performance Indicators > Metrics for System Availability > Workflow Run-Times > Provisioning / Deprovisioning Statistics Monitor the Need for, and Effectiveness of, Controls > Identify Out-of-Policy Administration Activity > Verification of Performance of Control Tasks © Novell, Inc. All rights reserved.

CMP 2. 0 Themes

CMP 2. 0 Themes

CMP 2. 0 Themes • Unified Compliance Framework • IT Risk Management Framework •

CMP 2. 0 Themes • Unified Compliance Framework • IT Risk Management Framework • KRI Gateway • IT Risk Assessment 20 • Content Packaging Framework • Flexible Product Bundling © Novell, Inc. All rights reserved.

Unified Compliance Framework • 21 © Novell, Inc. All rights reserved. Fo

Unified Compliance Framework • 21 © Novell, Inc. All rights reserved. Fo

IT Risk Management • IT Risk Assessment • IT Risk Dashboard • KRI Support

IT Risk Management • IT Risk Assessment • IT Risk Dashboard • KRI Support • KRI Gateway • KRI Modeling and Implementation 22 © Novell, Inc. All rights reserved.

Content Packaging Framework • Package, Deploy and Maintain Solutions • IDM Policies • Sentinel

Content Packaging Framework • Package, Deploy and Maintain Solutions • IDM Policies • Sentinel Correlation Rules • Reports • Role Models • Workflow Definitions • KRI Definitions 23 • Implementations of IT Controls • SI Solution Delivery © Novell, Inc. All rights reserved.

Flexible Product Bundling • Core product bundle • Focus on Continuous Control Monitoring •

Flexible Product Bundling • Core product bundle • Focus on Continuous Control Monitoring • Support for extensions (ie SAP) • 24 Compliance support for any product combination © Novell, Inc. All rights reserved.

Questions?

Questions?