Quick Facts
Organisation
SAP SE
Industry
Enterprise Resource Planning and Business Intelligence Software
Challenge
SAP required a secure document management environment that was accredited for the storage and collaboration of Government sensitive and classified material to support the delivery of the company’s solutions.
Solution
Kojensi SaaS
Results
- Provides an Australian Government-accredited multi-level security classified information sharing and document collaboration platform.
- As a SaaS cloud platform Kojensi was quickly deployed and is scalable to easily add new users and global SAP entities.
- Ensures SAP can securely collaborate internally and with global Government, public sector and regulated industry customers on sensitive data to meet domestic and international Government security requirements.
“The Kojensi platform has an on-going role in SAP and its use is being expanded across additional SAP jurisdictions. Kojensi is now a recognised part of SAP’s security ‘toolkit’ to support the management of classified and sensitive information in support of customer engagements.”
Background
SAP SE is one of the world’s leading producers of software for the management of business processes, developing solutions that facilitate effective data processing and information flow across organisations. The company develops software solutions that are used by small businesses, midsize companies, and large corporations across the globe, supported by a team of over 110,000 employees worldwide. SAP has more than 230 million cloud users, and more than 100 solutions covering all business functions.
The company has initiated a strategic shift to cloud services across its product range, including a focus on providing security-enhanced cloud capabilities to service Government, Public Sector, Critical and Sensitive Industry and Private Sector customers who need additional security. This has resulted in a rapid increase in opportunities and delivery obligations.
With this security uplift, corresponding increases in requirements for handling and sharing of sensitive and classified information drove the need for SAP, its affiliated companies, and customers to better collaborate and share documents in a highly secure environment.
In response to a key opportunity in an Australian Federal department, SAP made a commitment to the Australian Government (and other national and international authorities) to create, store, manage and handle sensitive and classified material up to PROTECTED in a secure and accredited environment.
Kojensi Quickly Shortlisted to Secure Sensitive and Classified Government Data
To support this opportunity, SAP sought a product that would allow them to share and manage sensitive and classified information which cannot be stored and shared using SAP’s internal data systems and met the security accreditation requirements.
Members of the SAP security organisation had previous experience with the Kojensi platform from archTIS in a large Australian Federal Government department and recommended it. Kojensi is an Australian Government-accredited PROTECTED SaaS cloud platform that enables organisations, their customers and partners to securely share and collaborate on sensitive and classified information within a secure, controlled environment.
Mr. Lindsay Morgan, Director ANZ, Government Security & Secrecy (GS2), SAP Australia Pty Ltd, said, “As a Federal Government-certified platform, Kojensi clearly demonstrated that it has met the identified business need and government requirements for the secure storage and collaboration of sensitive and classified data. There was already sufficient familiarity with and positivity about archTIS as a supplier and Kojensi as an appropriate solution to SAP’s business needs. It was an easy decision to select the platform.”
Kojensi enables SAP to provide on-going support of customer solutions, certification, accreditation and assurance to its customers, including Federal, State Government and regulated industries who wish to contract SAP Secure Cloud offerings. The Kojensi platform uses attribute-based access control (ABAC) policies to ensure both internal users across SAP entities, their customers and other third parties only have access to information on a ‘need to know’ basis. It allows for easy knowledge transfer in a safe and controlled hosted environment without having to grant access to their internal networks. It also provides the ability to audit all activity in the platform to ensure compliance.
“Having the Kojensi solution in place was critical to delivering essential secure cloud solution architecture, design, certification and accreditation activities for a major Federal Government department,” said Morgan.
Ease of Use and Customer Partnership is a Winning Combination
Implementation was a quick process taking just a couple of weeks. However, defining the overall business process and sharing architecture to take advantage of Kojensi’s extensive ABAC functionality and security model required additional effort and planning.
Ms. Ilze Lamberton, Portfolio Operations Lead, Secrecy and Critical Infrastructure, Government Security & Secrecy (GS2), SAP Australia, said, “Kojensi is very appealing because of its low start-up time. It is easy to use and functionally rich. However, compliance is a living program and often requires changes. It easily accommodates any user access and process updates as our requirements change.”
“I can’t thank archTIS enough for the engagement and partnership in rolling out and supporting the solution. They have been very accommodating in answering all of our questions in a very collaborative atmosphere,” said Lamberton.
Expanding the Use Case to Address Other Regulatory Requirements
Kojensi ensures SAP can securely collaborate with its government customers to meet a range of regulatory requirements including the Australian Government Cloud Certifications (PSPF, ISM), and most recently CI-SoNS reform under the SLACIP Bill for Critical Infrastructure protection. This extends strict information security requirements to organisations that fall under critical infrastructure including Energy, Telecom, Financial Services, Utilities, Healthcare and Education.
The initial implementation of Kojensi in January 2021 was thought to be “temporary”. However, the ease of use and power of Kojensi has made it a vital collaboration component to support SAP’s cloud solution delivery to government and regulated industry customers across several jurisdictions.
Lamberton added, “Kojensi has proven itself to be an enabler to our sales and delivery processes for our more sensitive projects and customer security demands. It is now embedded in these processes to easily facilitate secure collaboration with customers on sensitive projects.”
Scaling to Meet Growing Needs in SAP’s International Jurisdictions
While initially rolled out in Australia, SAP is now using the Kojensi solution in multiple countries with plans to expand the usage of the platform to other jurisdictions. The fact that it is Federal Government-certified to PROTECTED has made it easy to leverage Kojensi outside of Australia while meeting the strict requirements of other SAP jurisdictional variances.
Morgan said, “The Kojensi platform has an on-going role in SAP and its use is being expanded across additional SAP jurisdictions. Kojensi is now a recognised part of SAP’s security ‘toolkit’ to support the management of classified and sensitive information in support of customer engagements.”
