With the New Year approaching I thought it might be a good time to reflect on my observations for the SAP GRC and security market in 2012 and think about what 2013 might have in store for us.
Observations from 2012
With the release of SAP GRC 10.0 in late 2011 this year was always going to be an exciting one in the SAP GRC space. As expected, we’ve seen a lot of customers migrating from older versions of GRC into the new, ABAP based, application. Many have taken the opportunity to revisit their business case for GRC and consider how they could take advantage of what the new software has to offer. This has led to a significant increase in the deployment of process controls and risk management in 2012. We have also seen customers using their migration or upgrade project as an opportunity to re-evaluate automated access provisioning and as a result are seeing more projects in this area.
Whilst perhaps not as high profile we have also seen interesting developments in the SAP security space. The new authorisation concept in SAP HANA together with SAP’s push into mobility and cloud computing solutions have given our SAP security team a number of new technical challenges to solve. They have found it interesting to be at the cutting edge on this area and it’s been a great way to apply their existing SAP security knowledge.
In conclusion, a year of consolidation and expanded reach for SAP GRC with a number of interesting developments in the SAP security space.
Looking forwards to 2013
So what does 2013 have in store in the SAP Security and GRC space?
If our recent survey is anything to go by then automated controls are going to be a big topic in 2013. With over 63% of respondents intending to invest in this area in the next 12 months next year looks set to be an important year for SAP GRC Process Controls. This product is maturing fast and it's flexibility means that customers are putting it to a number of innovative uses. For me, this will be the biggest growth area in 2013 in terms of GRC but I also think we will continue to see an increase in access controls automation initiatives with further migrations/upgrades and more customers maturing in their usage of the access controls 10.0 products.
Continuous transaction monitoring and proactive fraud prevention continue to gather interest and we can expect new products from SAP to address this growing market. Demand for these products will also be fuelled by the increased interest in process controls and I think we can expect to see deeper integration with SAP process controls from vendors like Oversight and Greenlight.
HANA and mobility will remain strong focus areas for SAP in 2013 and this will drive a need for security solutions to address the new business risks that these solutions create. This was again borne out by our survey results which found that 48% of respondents planning to invest in mobility solutions together with additional security and 26% with similar plans around HANA.
All in all, I think 2013 has a positive outlook in terms of opportunities for those with SAP security and GRC experience. With continued ‘doom and gloom’ in the overall economy those working in the IT security and GRC space are fortunate to see a continued increase in the demand for their skills. The challenge, as it has been this year, is to align our efforts and solutions with the overall economic climate – a continued focus on return on investment and delivering cost savings is crucial in achieving this goal.