1 Introduction / Executive Summary
For many enterprises, SAP systems are an essential part of their corporate IT infrastructure. Critical business information is stored within ERP systems, and the favored source for employee data is the SAP HR system. Business processes are implemented through portal solutions relying on SAP infrastructure. Data is held in SAP HANA; the migration to S/4HANA is ongoing, and highly individualized functionality is coded right into the existing standard SAP modules by using ABAP or Java.
Although there are many other systems in place which also contain critical information, many businesses still rely on the availability of well-designed and well-protected SAP Systems. Traditionally, SAP systems are a major focus area for internal and external auditors. For the successful implementation of adequate controls, it is essential that all existing SAP systems are covered by an effective solution for managing risks, and within that for managing access control and SoD controls and implementing adequate Access Governance.
SAP solutions remain at the core of the LoB infrastructure of many organizations. Managing access entitlements including roles, but also SoD (Segregation of Duties) rules, firefighter access, and other aspects around identity, access, and security is essential for protecting these business-critical applications.
Many critical business systems are following the trend of shifting to the cloud, using either solutions provided by SAP such as SuccessFactors or Ariba, or to other vendors’ solutions, SAP systems remain at the core of the LoB (Line of Business) application infrastructure of many organizations. While the scope for managing access controls is expanding beyond the traditional ABAP systems and even beyond SAP, these systems are of high criticality for many organizations.
This Leadership Compass focuses on the support for the SAP environment, while a separate document takes a broader perspective across a heterogeneous LoB landscape.
1.1 Highlights
- While the customer requirements for access control solutions for their business applications are expanding in the context of the journey towards SaaS services, many organizations still build their LoB infrastructure primarily on traditional and modern SAP solutions, operated both on premises and in the cloud
- Customers that continue to focus on their traditional SAP environments, with the SAP department being the buyer, commonly look for deep integration into these environments and familiar user interfaces
- In this market segment, we find several vendors with a high degree of specialization in SAP environments, frequently delivering both software and services
- Aside from some large players such as SAP itself and Pathlock, several smaller vendors primarily serve their local markets
- Some of the vendors from the IAG (Identity and Access Governance) space also provide deep support for SAP environments, but in most cases with lesser coverage for extended capabilities such as roll-out support and other features that are provided by the SAP-focused vendors
- With the acquisition of various vendors by Pathlock (formerly Greenlight GRC), a large competitor to SAP has emerged in the market
- Overall Leaders are (in alphabetical order) Pathlock, SailPoint, SAP, and Saviynt
- Product Leaders are (in alphabetical order) Pathlock, SailPoint, SAP, Saviynt, and Xiting
- Innovation Leaders are (in alphabetical order) Pathlock, SailPoint, SAP, Saviynt, and Soterion
- Market Leaders are (in alphabetical order) Pathlock, SailPoint, SAP, and Saviynt