The SAP Security Gap

It feels like déjà vu all over again!

Back in the early 2000’s, I was involved in the widely publicized, EMC Business Continuity survey – which indicated a very large disparity between IT and business executives regarding the vulnerability of their business-critical data. Fast forward to today and I’m seeing a very similar scenario play out again. But this time, it has to do with the vulnerability of an organization’s business-critical SAP systems.

Chinese most likely using one of top three most common SAP exploits, as identified by Onapsis, to compromise US agencies

The Hill publication reported on November 3, 2014 that Chinese hackers roamed around unnoticed for months inside the network of USIS, is the biggest commercial provider of background investigations to the federal U.S. government.[1] In fact, two of the company’s biggest customers were the Department of Homeland Security (DHS) and the Office of Personnel Management (OPM).

Oracle Critical Patch Update (CPU April 2015)

As a company, Onapsis is focused on the security of business-critical applications such as SAP and Oracle. While our focus is on SAP applications, we have been doing research on Oracle business applications as well to identify and report critical vulnerabilities. In this sense, Oracle is different from SAP in regards to the method and timing that security patches are released and available to end users.

Pages