SAP Enables Secure, End-to-End Compliant Identity Management

LAS VEGAS, Oct. 2 /PRNewswire-FirstCall/ -- With governance, risk and compliance (GRC) issues acknowledged by leading industry analysts as the number one driver of identity management projects at organizations worldwide, SAP AG today announced the immediate availability of new GRC Web services from SAP that enable the seamless integration of identity management software solutions with SAP(R) GRC Access Control, the market-leading application for monitoring and enforcing user access and authorization controls. Based on open standards and built on the SAP NetWeaver(R) platform, these new Web services from SAP open up the full capabilities of SAP GRC Access Control and allow identity management software vendors to tightly integrate their respective solutions, providing customers with a single set of tools to efficiently and cost-effectively manage user identities, enforce corporate security policies and ensure compliance with regulatory mandates. The announcement was made at SAP(R) TechEd '07, being held in Las Vegas, Nevada, Oct. 1 - 5.

(Logo: http://www.newscom.com/cgi-bin/prnh/20050310/SFTH009LOGO-a)

SAP, together with leading identity management software providers including IBM and Sun Microsystems, is responding to the challenges faced by CFOs and CIOs in proving to auditors that they are effectively controlling their financial and IT-related risks by combining complete, automated, end-to-end compliance controls with the full range of identity management functionality. In addition to the integration efforts currently underway by IBM and Sun, SAP is also using these new Web services to integrate its SAP NetWeaver(R) Identity Management component, created following SAP's acquisition of identity management software provider MaXware earlier this year, with SAP GRC Access Control to provide an end-to-end solution for compliant provisioning across heterogeneous IT environments. The provision of open interfaces to link SAP products with those of third-party software providers continues SAP's open partner strategy and preserves its customers' freedom to build and deploy a solution of choice that best fits their needs, using both SAP and non-SAP components.

Compliance continues to be the number one business driver in the identity and access management market, according to industry analyst firm IDC (1). Furthermore, as organizations continue to move to a highly distributed environment of enterprise service-oriented architecture (enterprise SOA), business users are increasingly working with multiple devices, applications and systems, and are often involved in multiple business processes spanning company boundaries with customers, distributors and suppliers. To help companies solve the growing challenge of managing identities and improving security, while at the same time ensuring compliance in this increasingly distributed and highly regulated environment, SAP is providing customers its own solution through its combined GRC and identity management offerings, and is also working with partners such as IBM and Sun to bring together continuous compliance capabilities with core identity management functionality.

"Compliance initiatives are the major driver for the security and identity and access management markets, accounting for more than 70 percent of all revenue," said Sally Hudson, research director, security products and services, IDC. "As government and industry regulations proliferate, alongside other market forces such as greater security threats and a broadening enterprise workplace, companies will require integrated, standards-based software solutions to successfully manage through this new environment."

"Faced with growing security threats and increasing regulatory oversight, more and more companies are demanding seamless integration between their GRC and identity management solutions," said Narina Sippy, senior vice president and general manager, Governance, Risk and Compliance Business Unit, SAP AG. "Today's competitive and global business environment demands that organizations open up their enterprises to make important resources available to more people than ever before. At the same time, these organizations are required to provide unprecedented levels of transparency to outside stakeholders. More than ever, it's imperative that companies keep a watchful eye on the safety, privacy, security and integrity of valuable data assets. The new GRC Web services offered by SAP, along with the SAP NetWeaver Identity Management component and the integration efforts of IBM and Sun, provide our customers with an integrated toolset making possible truly secure, compliant identity management across heterogeneous IT systems."

Identity Management Leaders Integrate with SAP GRC Access Control

Integration efforts by leading identity management software providers IBM and Sun are already well underway to tightly link IBM Tivoli Identity Manager and Sun Java System Identity Manager, respectively, with SAP GRC Access Control. This integration will bring together critical compliance capabilities -- including segregation of duties (SoD) enforcement, risk analysis and remediation, compliant user provisioning, role management, audit and reporting -- with key identity management functionality, such as user provisioning, authorization and authentication, password management and directory services.

"The successful integration of IBM Tivoli Identity Manager and SAP GRC Access Control provides extensive customer value and demonstrates IBM's commitment to improving customer IT environments by embracing industry interoperability with our comprehensive security and compliance management solutions," said Joe Anthony, program director for identity management, IBM Tivoli. "SAP customers now can incorporate SoD checking from SAP into their Tivoli Identity Manager user lifecycle management workflows prior to provisioning entitlements that would result in SoD violations. Testing for SoD violations after they have been established is reactive; IBM Tivoli Identity Manager can provide a proactive, automated, rules-based approach that helps ensure business controls and roles are firmly established, helping to mitigate risk and save valuable time in security audits."

"We are excited to see that the integration work between Sun and SAP is going so well," said Jim McHugh, vice president of marketing, software infrastructure, Sun Microsystems. "With the integration of the Sun Identity Manager into SAP GRC Access Control, SAP customers can now take advantage of one of the leading user provisioning solutions as part of their standard compliance process."

The new Web services from SAP are available immediately as part of SAP GRC Access Control.

(1) IDC, "Worldwide Identity and Access Management 2007-2011 Forecast and 2006 Vendor Shares," by Sally Hudson and Jon Crotty, July 2007. SAP(R) TechEd '07 in Las Vegas, Munich, Shanghai and Bangalore

More than 15,000 SAP customers, partners and technical experts are convening at SAP(R) TechEd '07 to learn how to transform existing business processes and IT landscapes and take advantage of the power and flexibility of enterprise service-oriented architecture. Celebrating its 11th anniversary, SAP's largest ecosystem education event of the year offers more than 1,000 hours of lecture-driven and hands-on sessions. SAP TechEd is being held in Las Vegas on October 1-5, Munich on October 17-19, Shanghai on November 6-7 and Bangalore on November 28-30.. For more information, please visit http://www.sapteched.com/.

About SAP Solutions for GRC

SAP solutions for governance, risk and compliance (SAP solutions for GRC) promote business viability by unifying corporate strategy, control initiatives, opportunity discovery and loss mitigation across the extended enterprise. A unified approach to GRC overcomes the challenges of driving corporate strategy, regulatory compliance and risk management across disconnected systems, regions and functions, creating increased business performance and competitive advantage. SAP solutions for GRC processes are enabled across SAP and non-SAP systems, working together with GRC ecosystem partner content, technology and applications to provide the most effective solution for governance, risk and compliance available today. Currently more than 2,200 companies worldwide use SAP solutions for GRC. For more information about SAP solutions for GRC, please visit http://www.sap.com/grc.

About NetWeaver Identity Management

SAP NetWeaver Identity Management reduces the complexity and cost associated with managing permissions and passwords. All of the SAP NetWeaver Identity Management functionality is delivered as a component of an integrated, open business process platform - so access and identity information can be correctly linked with systems, Web services and business processes. The component supports an enterprise service oriented architecture (enterprise SOA) and is designed to work not only with SAP applications but with all systems, instances and applications in a heterogeneous and often global IT environment. For more information about SAP NetWeaver Identity Management, please visit http://www.sap.com/platform/netweaver/components/IDM.

About SAP

SAP is the world's leading provider of business software*. Today, more than 41,200 customers in more than 120 countries run SAP(R) applications-from distinct solutions addressing the needs of small businesses and midsize companies to suite offerings for global organizations. Powered by the SAP NetWeaver(R) platform to drive innovation and enable business change, SAP software helps enterprises of all sizes around the world improve customer relationships, enhance partner collaboration and create efficiencies across their supply chains and business operations. SAP solution portfolios support the unique business processes of more than 25 industries, including high tech, retail, financial services, healthcare and the public sector. With subsidiaries in more than 50 countries, the company is listed on several exchanges, including the Frankfurt stock exchange and NYSE under the symbol "SAP." (Additional information at )

(*) SAP defines business software as comprising enterprise resource planning and related applications such as supply chain management, customer relationship management, product life-cycle management and supplier relationship management.

Any statements contained in this document that are not historical facts are forward-looking statements as defined in the U.S. Private Securities Litigation Reform Act of 1995. Words such as "anticipate," "believe," "estimate," "expect," "forecast," "intend," "may," "plan," "project," "predict," "should" and "will" and similar expressions as they relate to SAP are intended to identify such forward-looking statements. SAP undertakes no obligation to publicly update or revise any forward-looking statements. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations The factors that could affect SAP's future financial results are discussed more fully in SAP's filings with the U.S. Securities and Exchange Commission ("SEC"), including SAP's most recent Annual Report on Form 20-F filed with the SEC. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates.

Copyright (C) 2007 SAP AG. All rights reserved.

SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serve informational purposes only. National product specifications may vary.

For customers interested in learning more about SAP products: Global Customer Center: +49 180 534-34-24 United States Only: 1 (800) 872-1SAP (1-800-872-1727) For more information, press only: Scott Behles, +1 (212) 653-1328, scott.behles@sap.com, EDT Hilmar Schepp, +49 6227 7-46799, hilmar.schepp@sap.com, CET

SAP Press Office, +49 (6227) 7-46315, CET; +1 (610) 661-3200, EDT; press@sap.com

Katja Schroeder, Burson-Marsteller, +1 (212) 614-4981, katja.schroeder@ bm.com, EDT

Janina Buchholz, Burson-Marsteller, +1 (415) 591-4081, janina.buchholz@bm.com, PDT

Uwe Schaad, Burson-Marsteller, +49 69 238 09-31, uwe.schaad@bm.com, CET