Product & Pricing Proposal Sales Director Trevor Tibbals May 27, 2020 3 MISSION • Provide Consumers Energy with modern, scalable and automated Identity, Governance, Administration and Security services that are business friendly and efficiently grant the right person the right access while giving Consumers Energy the necessary insights to ensure access to sensitive data is being tracked appropriately Confidential 4 Objectives Governance Establish an effective riskbased governance program that can deliver benefits by quickly delivering flexible and repeatable processes and meeting audit and contractual requirements. Automation Provide IAM tools and services that align with modern standards and best practices to drive operational efficiency, continuous compliance, scalability, service delivery, and reliability. Awareness Improve situational awareness and visibility via automation that provides the speed and accuracy of identifying who has access to applications, data and infrastructure for all user types. Confidential 5 Obligations • Establish visibility across ABAP Systems, data, and infrastructure for proper access, security, and enablement • Align security and business enablement to ensure compliance • Improve delivery of system access to Consumers through automation • Meet business entity expectations with effective and reasonable solutions Confidential 6 Defined Use Cases Primary • Provide Governance and Compliance needs for SAP ABAP systems • SOD Analysis, Mitigating Controls, User Access Review, Firefighter / Emergency Access Management • Integration • Platform needs to be able to integrate with SAP IDM and OneIdentity Secondary • Extend GRC Capabilities to non SAP ABAP Apps • Attestation, Provisioning, User Access Requests, SOD Management • Potentially allowing further consolidation and the capability to sunset SAP IDM Confidential Saviynt Intelligent Identity Hub 1 MODULAR PLATFORM. 5 PRODUCTS. IDENTITY RISK EXCHANGE IDENTITY GOVERNANCE & ADMINISTRATION or APPLICATION ACCESS GOVERNANCE INTELLIGENT PLATFORM 99.5% or higher availability Flexible deployment model DATA ACCESS GOVERNANCE IDENTITY HUB CLOUD PRIVILEGED ACCESS MANAGEMENT SOC2 Type II CAPABILITIES Secure Saviynt Cloud with FedRAMP ATO certification (on Saviynt Cloud or on-premise appliance) Always current, unlimited upgrades Zero / Low on-premise footprint 120+ connectors incl. built-in RPA BOT LARGEST CLOUD IDENTITY GOV. WAREHOUSE 1.4B Identity Associations 25,000 Managed Applications 1M Enterprise Roles 56,000 Requests/Day Confidential 10 An industry decorated leader Named an IGA LEADER in all 3 major analyst reports (Gartner, Forrester, and KuppingerCole) “ The only IGA provider listed in Gartner’s SOD Monitoring Market Guide and AWS Security Competency Named an Overall Leader in KuppingerCole’s 2020 Leadership Compass report for SAP Access Control Tools for SAP Environments Saviynt successfully combines two sets of capabilities. On the one hand, they provide strong support for SAP specifics in access control and management. On the other hand, Saviynt is not limited to SAP environments, but delivers services for a broad range of target systems, plus comprehensive IGA capabilities. This allows to build a central solution for IGA and business software access control. 2018 TRUST AWARD FINALIST – KuppingerCole 2020 Confidential 11 ” Recognized as an industry leader by top analysts Confidential 12 Saviynt for SAP "Saviynt differs from other vendors in this market segment by their focus on delivering security and access governance solutions for a broad variety of systems, including full support for IGA (Identity Governance and Administration). However, they also provide in-depth KuppingerCole 2020 support for SAP" Cross-App SOD Management PAM with Audit Log + Screen Recording SOD Remediation Workbench Automated Identity Lifecycle Management Intelligent Access Request & Preventative Risk Analysis Automated Role Engineering Risk Based User Access Reviews License Management Continuous Control Monitoring Saviynt Highlights - From KuppingerCole’s 2020 Leadership Compass Report for Access Control Tools for SAP Environments Confidential 14 Saviynt’s Value to Consumers Energy FRICTIONLESS INTELLIGENT ACCESS. CLOUD NATIVE. Support for hybrid with right tenancy ACCELERATED UNIFORMITY. FASTER TIME TO VALUE BETTER COMPLIANCE & SECURITY. Business ready interface, intuitive, seamless, built for collaboration that reduces end user burden by over 60% Single & familiar pane for identity + security + compliance management, deliver more value Built to scale. Single platform, built grounds-up for seamless integration Only fully featured IGA Platform-aaS in the market Expansive & certified connectors along with built-in BOT Faster onboarding, lower integration cost by over 50% than legacy vendors Do more with scarce security resources with low code | no code and outof-box business ready features and solutions from our marketplace Ingrained deep analytics and intelligence delivers better security at scale Strike the right balance between preventive, predictive and reactive security Confidential 15 Application Access Governance • Prevent toxic combination of access and reduce internal fraud • Cross-application SOD management to manage end to end business processes • Support for all major ERPs and the ability to onboard custom apps within 6 weeks • Actively prevent proliferation of risky access with preventive SOD simulation in access request • Industry leading IGA platform enabling user lifecycle automation more IGA withvendor Saviyntto AAGfeature – • DoOnly in Gartner SOD Controls Monitoring Guide • IncludedMarket identity lifecycle management and risk-based access request and review, emergency / privileged access management with session recording • Included license management • Extend automated integration with custom critical apps with CONNECTOR BOT • Available industry vertical compliance library Confidential 16 Identity Governance & Administration • Reduce end user friction with industry leading ‘business ready’ web interface, mobile app, inline browser request and ServiceNow app • Lower end user request approval and review fatigue with built-in access recommendations • Integrated AI/ML identity analytics engine (peer / outlier, policy-based, SOD risks, etc.) • Automate last mile application integration and reduce human errors during provisioning with built-in CONNECTOR BOT Do more with Saviynt IGA – • Manage AD, Azure Active Directory and other groups with integrated succession management • Perform service account management including RPA BOT governance • Govern heritage PAM vaults and privileged IDs • Manage 3rd party access with vendor and customer access management Confidential 17 18 Saviynt’s Proposal – Primary Use Case Product Description Application Access Governance • • • • • • • • • • • • SAV-SW-AAG –SAP Quantity Fine grained access hierarchy analysis and management Out of box SOD ruleset for financial, HR and business processes Out of box compliance controls library and continuous monitoring Emergency / fire-fighter access management and monitoring Application Role / rule mining Application SOD analysis and remediation, mitigating control management Attribute-based privilege design and management Risk and usage analytics Intelligent access request Risk-based access certification Provisioning / assignment of coarse-grained access Transport for application roles Up to 11,500 Users Covers All SAP ABAP Systems • 2 Instances (Dev & Production) • • Annual Subscription Training Services • • • • Remote Training – Instructor Lead We have Level 100 and Level 200 training sessions $1500/participant based on minimum of 5 participants being purchased Pricing can very based on the number of sessions being purchased Annual Subscription $313,407 $313,407 $7500 • 5 Participants Ad Hoc Purchase not included in above pricing Pricing Expires 60 days from presentation Confidential 19 Saviynt’s Proposal – Secondary Use Case Product Description Enterprise Identity Administration • • • • • • • • • Enterprise Identity Governance • SAV-SW-ID-ADMIN SAV-SW-ID-GOVERN Quantity Risk based access request management (self-service, delegated) Automated provisioning & de-provisioning Enterprise Role Management Attribute based (ABAC) provisioning rules management Identity event policy management Task management Account and access import / export / reconciliation Password Management / Self-service or delegated password reset Reporting and dashboard Risk-based Access Certification / Attestation (user manager, role owner, resource / entitlement owner, role content and event-based) • Enterprise segregation of duty (SOD) assessment and management (risk analysis, risk remediation workbench, mitigating controls) • Continuous controls monitoring, reports and dashboard Annual Subscription • • • Up to 11,500 Users Up to 25 Apps 2 Instances (Dev & Production) $140.086 • • • Up to 11,500 Users Up to 25 Apps 2 Instances (Dev & Production) $196,121 Annual Subscription $336,207 Pricing Expires 60 days from presentation Confidential 20 Saviynt’s Proposal – Volume Discount if Purchased Together Quantity Annual Subscription Product Description Enterprise Identity Administration • Same As Previous Slide • • • Up to 11,500 Users Up to 25 Apps 2 Instances (Dev & Production) $102,730 Enterprise Identity Governance • Same As Previous Slide • • • Up to 11,500 Users Up to 25 Apps 2 Instances (Dev & Production) $143,822 Application Access Governance • Same As Previous Slide • • • Up to 11,500 Users Covers All SAP ABAP Systems 2 Instances (Dev & Production) $250,726 SAV-SW-ID-ADMIN SAV-SW-ID-GOVERN SAV-SW-AAG –SAP Annual Subscription $497,278 Pricing Expires 60 days from presentation Confidential 21 Included Product Description Annual Maintenance • • • • Platinum Level Support, Maintenance and Managed Platform Services 24x7 support (telephonic, online) Access to product updates and upgrades 99.5% uptime, coverage: Sev 1 - 24x7 | SLA: Sev 1 - 1h (4h), Sev 2 - 8h (3d), Sev 3 - 24h (7d) [time to respond (time to resolve)] Managed Platform • • Deployment of available hotfixes, patches as necessary to OS, application and database server, Saviynt software 1 annual upgrade to major release SAV-SVS-MAINT SAV-SVS-MGDSVS Pricing Expires 60 days from presentation Confidential Business ready IGA as a Service Rapid Hybrid Delivery Managed Platform Continuous Upgrades On Premise Appliance On-Demand Scale SOC2 Type II 24x7 99.5% Operations A v a i l a b i l i t y Feature Enhancements PLATFORM OPERATIONS PLATFORM UPGRADE • Regular system backup / restore • Monitoring of integration points / feeds • Proactive system health and performance monitoring of Identity & Access Governance / Intelligence platform and its integration points • Troubleshoot platform issues and incident management, perform performance tuning • Participate in root cause analysis • Perform change control and release management • Prepare periodic reports on system health, performance, audit support • Provide resolution support for Severity 1 / 2 / 3 incidents • Perform OS and DB update / upgrade / maintenance / hardening • Deploy Saviynt updates / hotfixes / upgrades • Align release management with product roadmap • Merge client specific customizations with product upgrades • Typical upgrade cycle of 1 major upgrade and 2 minor upgrades Aligned with Business Goals SLAs / OLAs Time to Respond (Time to Resolve) Thank you