Industry Innovators: Security infrastructure

Share this article:
Industry Innovators: Hall of Fame
Industry Innovators: Hall of Fame

Approva

Enterprise resource planning (ERP) is a necessary part of large organizations. It also is very difficult to manage from the perspective of policy violations because of its native complexity. Infor has been building ERP systems for a long time. All of that experience and expertise has gone into the Approva Certification Manager.

The Approva tool does just one thing: It looks for violations of policy within an ERP system. By identifying and mitigating these violations, one also mitigates risk. The ability to mitigate risk is predicated on being able to identify it and at the bottom of that risk identification is the ability to find violations of policy.

There are two big differentiators for this product. One is that it is ERP-system agnostic. It already has connectors for the major ERP systems, but if we wanted to develop our own ERP product it would be straightforward to implement a connector for it using The Studio. These connectors are, basically, policy rule sets. The product comes complete with a large set of pre-made policies. One can modify those policies using the Rules Builder or write new ones.

The second differentiator is, as one probably would imagine, the rules engine. The policies come from the experience of the company in 194 countries with more than 70,000 customers.

The Approva Certification Manager typically runs on-premises in application and database servers. However, it can run in the cloud as a hosted environment or it can run as a hybrid. It performs continuous monitoring focusing on data and data flows as it looks for policy violations. Once the violation is spotted, it is reported in a manner that supports mitigation action. The workflow is automated and a detailed audit trail is created recording the total process for future audits. This also results in a closed-loop, problem-reporting process that allows auditors and administrators to see exactly what was done to correct the violation.

It takes a lot of creativity to make a system that monitors a large ERP system. A major strength of the Approva system is that, although Infor has its own ERP product, the Approva system is ERP product agnostic. It would have been easy to create a system that monitored only the Infor system, but to support virtually any ERP product available and give the capability of supporting ones that have not yet been thought about is truly innovative.

AT A GLANCE

Vendor: Infor

Flagship product: Infor Approva Certification Manager

Cost: Contact vendor

Innovation: ERP-agnostic risk identification and management through data monitoring.

Greatest strength: Deep knowledge of ERP processes.

Page 3 of 3
Share this article:
close

Next Article in Reviews

Sign up to our newsletters

More in Reviews

Mitigating risk is not as simple as it seems

Mitigating risk is not as simple as it ...

This month, our Technology Editor Peter Stephenson looks at risk and policy management.

Digging deep with forensic tools

Digging deep with forensic tools

Gathered here are some of the most comprehensive digital forensic tools available.

The more things change...

The more things change...

SIEMs today are powerful beasts and they are necessary - if not always sufficient - for the protection of your enterprise.