SAP and CA have teamed up to pitch integrated offerings that aim to unify the governance, risk and compliance strategies typically segregated between the IT and business sides of an organisation. One analyst calls this partnership "disruptive". Customers lack a framework with which to map out the risks in the IT processes and their impact on business processes, says James Dunham, group vice-president of GRC (Government, Risk and Compliance) solutions with SAPG. "IT understands risks related to the IT infrastructure, but don't know what processes that impacts on the side the application space," says Dunham. And execs on the business side may be aware of risks in their business applications, but not how those relate to the IT infrastructure. GRC strategies are siloed even within the IT infrastructure, as well as within the business side, says Dunham. Integration will be offered initially for the areas of security, IT project and portfolio management, and service performance. The chosen areas resulted from consultation with key customers about their top risk concerns and the drivers behind them, says Tom McHale, vice-president of product management at CA. That customer feedback led to the companies offering integration for an initial three groups of products: CA Enterprise Log Manager, CA Clarity PPM, and CA Wily Application Performance Management which will integrate with SAP BusinessObjects Risk Management and SAP BusinessObjects Process Control. McHale says following this base integration, CA and SAP will continue to offer other integrations and "knocking them off one by one". The result will be a catalogue of use cases, or risk scenarios based on SAP methodology, that address other situations, like how to govern extending the order-to-cash process to a new region. Vivian Tero, programme manager for governance, risk and compliance infrastructure with IDC, thinks that the integration between SAP and CA is definitely "very disruptive" given the flow of information between business and IT is often minimal. "Those processes are very co-dependent, so if there is minimal interaction between the functional units, there's always going to be room for inefficiencies and errors in compliance or risk mitigation," says Tero. There are other vendors attempting this sort integration, such as Oracle and Novell, who focus on linking GRC to identity access. But Tero says Oracle and Novell lack the breadth and depth that the SAP and CA partnership will offer. "They're going to be pushing a lot of information — security and compliance — up to SAP GRC Manager, which goes beyond just an identity attribute," she said. The partnership should offer further value given the many joint customers the SAP and CA share, says Tero. Echoing this, Dunham said the integration will be a differentiator for SAP and CA in the hybrid environments in which they often exist. "We believe that mapping together gives us a real competitive differentiator ... for some of the other larger competitors inside this space, the guys that have a lot of red (Oracle applications) on their box," said Dunham.