Industry Innovators: Security infrastructure
Industry Innovators: Hall of Fame
Enterprise resource planning (ERP) is a necessary part of large organizations. It also is very difficult to manage from the perspective of policy violations because of its native complexity. Infor has been building ERP systems for a long time. All of that experience and expertise has gone into the Approva Certification Manager.
The Approva tool does just one thing: It looks for violations of policy within an ERP system. By identifying and mitigating these violations, one also mitigates risk. The ability to mitigate risk is predicated on being able to identify it and at the bottom of that risk identification is the ability to find violations of policy.
There are two big differentiators for this product. One is that it is ERP-system agnostic. It already has connectors for the major ERP systems, but if we wanted to develop our own ERP product it would be straightforward to implement a connector for it using The Studio. These connectors are, basically, policy rule sets. The product comes complete with a large set of pre-made policies. One can modify those policies using the Rules Builder or write new ones.
The second differentiator is, as one probably would imagine, the rules engine. The policies come from the experience of the company in 194 countries with more than 70,000 customers.
The Approva Certification Manager typically runs on-premises in application and database servers. However, it can run in the cloud as a hosted environment or it can run as a hybrid. It performs continuous monitoring focusing on data and data flows as it looks for policy violations. Once the violation is spotted, it is reported in a manner that supports mitigation action. The workflow is automated and a detailed audit trail is created recording the total process for future audits. This also results in a closed-loop, problem-reporting process that allows auditors and administrators to see exactly what was done to correct the violation.
It takes a lot of creativity to make a system that monitors a large ERP system. A major strength of the Approva system is that, although Infor has its own ERP product, the Approva system is ERP product agnostic. It would have been easy to create a system that monitored only the Infor system, but to support virtually any ERP product available and give the capability of supporting ones that have not yet been thought about is truly innovative.
AT A GLANCE
Flagship product: Infor Approva Certification Manager
Cost: Contact vendor
Innovation: ERP-agnostic risk identification and management through data monitoring.
Greatest strength: Deep knowledge of ERP processes.