1 Introduction / Executive Summary
For many enterprises, SAP systems are an essential part of their corporate IT infrastructure. Critical business information is stored within ERP systems, and the favored source for employee data frequently is the SAP HR system. Business processes are implemented through portal solutions relying on SAP infrastructure. Data is held in SAP HANA; the migration to S/4HANA is ongoing, and highly individualized functionality is coded right into the existing standard SAP modules by using ABAP or Java.
SAP solutions remain an important element of the LoB infrastructure of many organizations but are increasingly complemented by other vendor’s solutions. Managing access entitlements including roles, but also SoD (Segregation of Duties) rules, firefighter access, and other aspects around identity, access, and security is essential for protecting these business-critical applications.
Many critical business systems are following the trend of shifting to the cloud, using either solutions provided by SAP such as SuccessFactors or Ariba, or to other vendors’ solutions. Thus, the scope for centralized access controls is expanding beyond the traditional ABAP systems and even beyond SAP. The requirements for solutions are expanding, either by supporting a broader range of systems or by delivering adequate integration points with other solutions covering, e.g., SaaS applications.
Although there are many other systems in place which also contain critical information, many businesses still rely on the availability of well-designed and well-protected SAP Systems. Traditionally, SAP systems are a major focus area for internal and external auditors. For the successful implementation of adequate controls, it essential that all LoB systems are covered by an effective solution for managing risks, and within that for managing access control and SoD controls and implementing adequate Access Governance.
This is reflected in this Leadership Compass, where deep support for both SAP environments and other vendor’s business applications is in focus. We will also focus on a broader range of supported deployment models, with preference for deployments that include as-a-service models.
- The customer requirements for access control solutions for their business applications are changing rapidly in the context of the journey towards SaaS services, with many organizations needing solutions that cover a range of Line of Business (LoB) applications from different vendors, operated in varying models
- We expect the trend towards supporting a broader range of LoB applications to continue, within SAP’s own portfolio, e.g., SuccessFactors
- New entrants to the market focus on a deeper integration of cross-system IGA (Identity Governance & Administration), and access control solutions for LoB applications, putting pressure on established vendors
- For non-SAP solutions, the long-standing experience regarding best practice role models, critical access rule sets, and SoD (Segregation of Duty) role sets is still lacking at most vendors; thus, few are already delivering the depth of support they provide for SAP ECC, and customers should carefully evaluate in their PoCs whether support for other systems delivers on their expectations and requirements
- Aside of some large players such as SAP itself and Pathlock, several smaller vendors primarily serve their local markets
- Some of the vendors from the IAG (Identity and Access Governance) space also provide deep support for SAP environments, but in most cases with lesser coverage for extended capabilities such as roll-out support and other features that are provided by the SAP-focused vendors
- With the acquisition of various vendors by Pathlock (formerly Greenlight GRC), a large competitor to SAP has emerged in the market
- Overall Leaders are (in alphabetical order) One Identity, Pathlock, SailPoint, SAP, and Saviynt
- Product Leaders are (in alphabetical order) EmpowerID, One Identity, Pathlock, SailPoint, SAP, and Saviynt
- Innovation Leaders are (in alphabetical order) EmpowerID, One Identity, Pathlock, SailPoint, SAP, and Saviynt
- Market Leaders are (in alphabetical order) One Identity, Pathlock, SailPoint, SAP, and Saviynt