Apparity

The Apparity platform for EUC governance consists of three modules – Discovery, Registration, and Active Management – that make up its core capabilities. They can be deployed together or independently, on-prem or in the cloud, and are also available as part of Apparity Cloud, the company’s SaaS offering. We will discuss the specifics of each module in more detail below. For now, we will talk in broad strokes.

The platform as a whole is designed to address the needs of both end users and regulators. In order to do this, it must satisfy (and largely succeeds in satisfying) two somewhat conflicting desires: it must allow you to govern your EUC assets securely, and provably, while at the same time provide a minimally frustrating end user experience. This is achieved through various means, including smart notifications, automation of user tasks, tasking, versioning, workflows, attestation cycles, appropriately scoped user views, proactive risk management (capturing risk before it enters your system), and so on. In a nutshell, it centrally governs your spreadsheets and other EUC apps while introducing minimal friction for your end users.

In addition, Apparity does not take the typical approach to spreadsheet (and, by extension, EUC) management. Instead of storing your assets in a relational database and serving them from there – a time consuming and expensive method – it decomposes your spreadsheets into XML and treats all changes to them in the same way that you would treat source code. This allows Apparity to leverage the scalability, efficiency and accuracy of source code management technology while allowing you to track changes, provide version control, and audit your environment in a way that eliminates the performance and financial overheads associated with the conventional approach of a relational database.

Apparity’s Discovery module scans your system to detect the EUC applications in your system, as well as any metadata associated with those applications and any common problems within them. The criteria your applications need to meet to be classed as an EUC are configurable and are particularly expansive in the case of spreadsheets. Discovery scans can be executed on an ad hoc basis or scheduled, and incremental scanning is supported (meaning that only changed or new files will be looked at).

Fig 1 – Asset inventory in the Registration module

In addition, Apparity Fingerprint attaches a unique ID to each EUC asset in order to track it wherever it goes. This remains with all subsequent versions of that asset, which can then be tracked by the software wherever it goes. It doesn’t matter if it’s renamed, copied, moved, or whatever, the fingerprint will remain, and the asset will still be trackable.

Moreover, the Discovery module includes the ability to detect new EUC assets at the point of creation, allowing you to shift users towards IT-managed platforms instead. A dashboard for analysing the results of your scans, and for ‘flagging’ new EUC apps as they are created, is also available, as are usage/impact assessment and data lineage.

Fig 2 – Integrity check using the Active Management module

The Registration module does what it says, allowing you to register EUC applications to the platform using an assessment wizard in order to add them to an EUC inventory. They can then be managed by applying the appropriate controls (in other words, onboarded) within the Active Management module. Once an application is registered and onboarded, any configured controls (policies, for instance) will then be applied to it, as you would expect. You can also measure exposed risk and check file integrity using the Active Management module.

Various other functionality is available, including spreadsheet and database version comparisons, excess format analysis (used to detect and prune excess empty space, a particularly useful quality in the cloud), and the Model Map Explorer, which provides a real-time view of your entire EUC app population and its upstream and downstream connections with other file types (allowing for complex model impact analysis and an easier exploration of risks associated with data flows). Apparity has also integrated its solution with various third-party governance, risk and compliance (GRC) products, such as RSA Archer and IBM OpenPages, as well as with human resources systems.

Apparity’s combination of source code management and fingerprinting means that you do not need to centralize all of your spreadsheets and other EUC assets into specific folders, and you do not have the upheaval and expense of relying on relational databases. This is an attractive prospect. At the same time, these capabilities are not as a unique as they once were, and no longer provide serious differentiation. We also like that Apparity has integrated with popular GRC solutions, although again this is not unique. Likewise for the fact that it offers its platform as a SaaS.

Rather, for our money, the most meaningful differentiator offered by Apparity is its emphasis on the broader EUC landscape, and not just spreadsheets. Given the increasing use of non-spreadsheet EUC – low-code and no-code platforms come to mind, for instance – this is rather forward looking. More to the point, neglecting to manage your non-spreadsheet EUC assets is a significant risk, in much the same way (though, at least at present, to a lesser extent) as neglecting to manage your spreadsheets.

Another advantage, as already discussed, is that Apparity has been designed to meet the demands of both your regulators and your users. This has resulted in various compelling advancements to its ease of use, without (as, frankly, you would expect) compromising regulatory compliance.

The Bottom Line

Apparity remains a mature and competent, if slightly de rigueur, spreadsheet management solution. At the same time, it has successfully parlayed that solution into an equally competent – and far more exciting – platform for EUC governance.