Today, based on research performed by our Research Labs, both the U.S. government and business press are discussing the critical topic of SAP business application cybersecurity, bringing it to top of the agenda for CISOs and CIOs worldwide.
I’m excited to announce that Onapsis has just developed a new functionality to provide users with virtual patching for SAP systems. This new capability will allow organizations to have immediate protection from SAP specific vulnerabilities as soon as the Onapsis Security Platform identifies new cybersecurity risks and compliance violations. This is a huge achievement for business-critical application security! Now, information security and SAP BASIS teams will have the time they need to properly evaluate, test and apply the related SAP security notes/patches.
I’m pleased to announce that today we’re kicking off our second annual Onapsis Roadshow series in North America. With all that is going on in the world of SAP cybersecurity, I feel like our roadshows could not have come at a better time.
Not too long ago I published a blog which discussed operationalizing your SAP cybersecurity strategy. In that post I discussed the confusion around division of responsibilities, who should own SAP security, and how SAP security gets operationalized within the organization as this is a common problem my team and I have noticed across organizations.
Today, the Ponemon Institute has released its latest research study titled Uncovering the Risks of SAP Cyber Breaches. As the first independent research study on SAP cybersecurity trends, more than 600 global IT security practitioners were surveyed to uncover perceptions about the threat of an SAP cyber breach and how companies are managing the risk of information theft, modification of data and disruption of business processes.
Business-critical applications running on SAP such as enterprise resource planning (ERP), customer relationship management (CRM), human capital management (HCM), business intelligence (BI) and supply chain management (SCM) house an organization’s most valuable data and support mission-critical business processes. As we enter 2016, it’s no surprise that these systems have become major targets to nation-state attacks, intellectual property theft, financial fraud and sabotage.
Recently, I published a post on the SAP Security Gap. This post discussed the present disconnect between security professionals and business executives on the vulnerability of their SAP systems. With SAP Cyber-Security continuing to be a topic of concern making mainstream headlines, it is critical that organizations begin to think about this notion in more detail if they wish to truly secure their enterprise applications such as SAP or Oracle.
The BlackHat USA conference, held in Las Vegas, is one of the biggest technical IT security conferences in the world - making it one of the most relevant events for the IT security community during the year. In addition to attendees discussing and learning many new attacks and novel security techniques, Blackhat USA is THE place where people can get a deep understanding of security best practices via trainings and security research presentations.
Onapsis has just completed its first annual North American Roadshow Series including stops in the Bay Area, Houston, Minneapolis and in New York. With over 100 attendees from Oil & Gas, Utilities, Retail, Manufacturing, Banking, Technology, Life Sciences and the Government industries, these events were a huge success for our customers. Representatives from the top 30 F1000 companies brought a unique perspective on how they are planning to, or have already implemented an SAP cybersecurity strategy with Onapsis at the core of their programs.
It feels like déjà vu all over again!
Back in the early 2000’s, I was involved in the widely publicized, EMC Business Continuity survey – which indicated a very large disparity between IT and business executives regarding the vulnerability of their business-critical data. Fast forward to today and I’m seeing a very similar scenario play out again. But this time, it has to do with the vulnerability of an organization’s business-critical SAP systems.