Industry Innovators: Security infrastructure

Share this article:
Industry Innovators: Hall of Fame
Industry Innovators: Hall of Fame

Approva

Enterprise resource planning (ERP) is a necessary part of large organizations. It also is very difficult to manage from the perspective of policy violations because of its native complexity. Infor has been building ERP systems for a long time. All of that experience and expertise has gone into the Approva Certification Manager.

The Approva tool does just one thing: It looks for violations of policy within an ERP system. By identifying and mitigating these violations, one also mitigates risk. The ability to mitigate risk is predicated on being able to identify it and at the bottom of that risk identification is the ability to find violations of policy.

There are two big differentiators for this product. One is that it is ERP-system agnostic. It already has connectors for the major ERP systems, but if we wanted to develop our own ERP product it would be straightforward to implement a connector for it using The Studio. These connectors are, basically, policy rule sets. The product comes complete with a large set of pre-made policies. One can modify those policies using the Rules Builder or write new ones.

The second differentiator is, as one probably would imagine, the rules engine. The policies come from the experience of the company in 194 countries with more than 70,000 customers.

The Approva Certification Manager typically runs on-premises in application and database servers. However, it can run in the cloud as a hosted environment or it can run as a hybrid. It performs continuous monitoring focusing on data and data flows as it looks for policy violations. Once the violation is spotted, it is reported in a manner that supports mitigation action. The workflow is automated and a detailed audit trail is created recording the total process for future audits. This also results in a closed-loop, problem-reporting process that allows auditors and administrators to see exactly what was done to correct the violation.

It takes a lot of creativity to make a system that monitors a large ERP system. A major strength of the Approva system is that, although Infor has its own ERP product, the Approva system is ERP product agnostic. It would have been easy to create a system that monitored only the Infor system, but to support virtually any ERP product available and give the capability of supporting ones that have not yet been thought about is truly innovative.

AT A GLANCE

Vendor: Infor

Flagship product: Infor Approva Certification Manager

Cost: Contact vendor

Innovation: ERP-agnostic risk identification and management through data monitoring.

Greatest strength: Deep knowledge of ERP processes.

Page 3 of 3
Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Reviews

Sign up to our newsletters

More in Reviews

Protecting email both ways

Protecting email both ways

Protecting your organization from attacks brought into the system by email is an ongoing challenge, says Peter Stephenson, technology editor.

Attestation at its best

Attestation at its best

Private Core vCage protects systems. It's a little complicated under the covers, but in practical use is simplicity itself.

Mobile devices are the new endpoints...and both need protecting

Mobile devices are the new endpoints...and both need ...

The use of social media spreads throughout the internet and cares little if the participants are Joe and Jane or the Massive Big Company. They're all swimming in the same ...