This week, SAP brings business analytics to GRC, researchers in Germany say they have identified a security hole in Android, Autonomy has bought the digital assets of Iron Mountain, VMWare has been on the acquisition trail and Compliance 360 releases Universal Assessments.

SAP Releases EPM 10.0

Following major new releases in its business analytics portfolio in March, SAP (news, site) has announced the latest version of its enterprise performance management (EPM) solutions that aim to help companies ensure decisions and actions are aligned with business aims.

According to SAP, EPM 10.0 ensures that central corporate strategy and an understanding of risk guides all business decisions.

With new, shared user interfaces across many applications, learning curves are reduced and people can more quickly become productive with the tools. Among the new features are:

  • Deeper integration between EPM and GRC applications for risk-adjusted planning capabilities
  • Extended capabilities for financial consolidation, including consolidation monitoring, enhanced control and validation capabilities, incremental consolidation and new journal features

It also encompasses the new SAP BusinessObjects Disclosure Management application, designed to establish a collaborative, flexible and compliant process for filing financial and non-financial statements and regulatory disclosures, as well as corresponding extensible business reporting language (XBRL) submissions.

The new release uses a good deal of the functionality that we saw in the analytics release recently and that after only two months. SAP hasn’t really said where it will be going with this next, but has been busy recently with a whole range of releases, so we can reasonably expect to see more on this soon.

Is There a Hole in Android?

Researchers in Germany may have found what appears to be a considerable risk factor in using Android phones. In a recent blog post, researchers from the University of Ulm said they wanted to see if reports of impersonation attacks against Google services were possible.

“The short answer,” they said, “is yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs."

In fact, the research says, 99% of Android devices are vulnerable to attack when they're used to log into a site on an unsecured network.

According to the research, devices running on Android 2.3.3 or older are vulnerable because of a faulty ClientLogin authentication protocol.

ClientLogin is used for authentication by installed applications and Android apps. Basically, to use ClientLogin, an application needs to request an authentication token from the Google service by passing an account name and password via a https connection.

However, if this authToken is used in requests send over unencrypted http, a hacker can easily sniff the authToken. Because the authToken is not bound to any session or device specific information the attacker can subsequently use the captured authToken to access any personal data.

The best protection at the moment is to avoid open Wi-Fi networks at all when using affected apps. If you’re interested in more, check out the blog post.

Autonomy Buys Iron Moutain’s Digital Assets

Meanwhile, you may recall that Iron Mountain (news, site) said that it was looking at selling its digital assists. If you missed it this week, the company has done just that and sold it to Autonomy (news, site) for $380 million.

According to reports, Autonomy has been working with Iron Mountain for some time to finalize the recently announced deal. Autonomy cites processing customer data in the cloud as a strategic component of its information governance business.

Now, the company is adding regulatory compliance, legal discovery and analytics to its capabilities. Iron Mountain will also enable Autonomy to support collection and processing of non-regulatory data from multiple channels including distributed servers, PCs and millions of mobile devices.

Leaving aside the added value that this will bring to Autonomy, the other question that needs to be answered here is whether this is the extent of Autonomy’s acquisition ambitions.

The company has been saying for over a year now that it planned a major acquisition, probably in the US, and even went to the markets in February 2010 to build up a financial war chest.

The Iron Mountain deal looks more like opportunity, though, than anything else, as the Iron Mountain decision to sell its digital assets is a relatively recent one. So the question still remains: Is Autonomy still looking for something in the US, or will Iron Mountain’s assets keep everyone happy?

Compliance 360 Releases Universal Assessments

Compliance 360 (news, site) has announced the availability of its next-generation Universal Assessments application. Designed for integrated use with other Compliance 360 applications, it can also be used to address standalone requirements, including those associated with regulatory compliance, audit and risk management.

Universal Assessments provides new capabilities for gathering and analyzing information that is critical to the success of compliance and risk management programs.

It comes with sophisticated, configurable scoring methodology, enabling compliance and risk managers to identify hot spots in need of attention.

In addition, using the Compliance 360 workflow engine, the oversight of assessments, as well as the management of participation by employees and business partners, can be automated.

Universal Assessments is available from Compliance 360 now as a standalone application and as an add-on to existing systems.

VMWare Buys Shavlik

Finally, VMware (newssite), controlled by EMC, has also been on the acquisition trail and announced an agreement to acquire Shavlik Technologies, which provides cloud-based IT management solutions for SMBs.

Shavlik provides a portfolio of on-premise and SaaS-based management solutions that enables SMBs to manage, monitor and secure their IT environments when moving to virtual and cloud computing IT deployments.

Financial terms of the acquisition were not disclosed, but we have noted before that VMWare has been looking to the SMB market for some time. This just underlines that.