Enforcing a new password policy on an SAP system isn't always an easy task. Most of the existing SAP implementations have been running in production for many years, and since that moment SAP password-related profile parameters evolved to provide enhanced security based on the complex and always changing compliance requirements (SOX, PCI, HIPAA, etc). The problem is, basically, the fact that by default user passwords are compliant to the policies only when created/changed. If the user is never forced to change the password they could potentially have ever-lasting non-compliant passwords.
As we enter the New Year, there is a lot to look back on that has gotten Onapsis to where it is today. The security industry has never been more complex, and as the need for reliable business-critical application security solutions increases, Fortune 500 companies are looking for a reliable solution they can trust to protect their processes and data running on SAP. In 2014, Onapsis established itself as the defacto solution to solve the most pressing SAP security and compliance challenges.
SAP is a complex and ever changing system, whether because of changes introduced to SAP implementation to better suit the business, or through the application of Security Notes (Patches) to ensure that newly disclosed vulnerabilities are mitigated.
As cyber-threats become more advanced, organizations face a constant dilemma: how to best implement a comprehensive security strategy that covers all areas of the business including critical infrastructure and applications. We hear from many security professionals that their SAP applications and systems are “covered” because they have a firewall and SAP systems sit inside the perimeter. After all, anything inside the firewall is safe from attacks right? Wrong. Security professionals that are true thought leaders have long abandoned this notion.
2014 has been an incredible year for SAP security. Advanced threats targeting SAP systems that run business-critical applications are rising at an alarming rate. This year alone there have been 391 security notes to date, with 46% ranking as 'high priority' vulnerabilities. Out of these, our Research Labs reported 44 new vulnerabilities and 35 advisories affecting SAP platforms and related products such as SAP HANA, BusinessObjects, and SAP Business Suite running CRM and ERP.