RSAC 2020 and Business-Critical Application Security

It’s no secret: we’re seeing a transformational shift in technology. The enterprise architecture we used to know is changing. Today, global organizations are reliant on the internet, cloud and other key digital initiatives to drive business efficiencies. However, these same technologies have created new security challenges that network and endpoint solutions were not designed to solve.  

I’m so passionate about this trend that I will be joining a panel at the RSA Conference 2020 with Accenture, and CISOs from Levi’s Strauss and Proctor & Gamble to discuss ‘Addressing Risk, the Cloud, and the Applications that Run Your Business’ on Tuesday, February, 25 at 2 pm at The Park Central Hotel San Francisco, Stanford Room, 3rd Floor. I encourage you to join me. 

These new enterprise architecture and distributed network models are also creating challenges for packaged and off-the-shelf business applications from vendors such as SAP and Oracle. These ERP and other business-critical applications weren’t architected with the internet or the cloud in mind. Cybersecurity wasn’t even in its’ infancy stages when these systems were designed, and to no surprise, these systems are becoming increasingly vulnerable, and at stake are the crown jewels of the Global 5000.

I was stunned in October to learn that an IDC survey revealed 64% of ERP deployments had been breached in the last 24 months. Additionally, the research found that 74% of business-critical applications, such as ERP systems, are connected to the internet.

IDC’s research calls attention to a central area of vulnerability for the enterprise, and one that will continue to increase for at least the next decade—business-critical application protection. The fundamental shift (from on-prem to cloud) in today’s network topology leaves business applications more open to attacks than they’ve ever been.

With the increase in frequency, sophistication and number of attack vectors, traditional point network solutions designed to secure the four walls of a business are no longer enough. CISOs and IT leaders need to protect the data wherever it travels or resides. So, when it comes time to develop a thoughtful security strategy, they must think about where their regulated information, financial and manufacturing data and core intellectual property is located. Moreover, it needs to be secured.

The answer? It’s in the core applications that run their business and the global economy, such as SAP, Oracle, as well as SaaS applications including SuccessFactors, Ariba and more. If that information is leaked or somehow lost or disrupted, it could have damaging effects on a business’s bottom line, reputation and entire supply chain. Most business leaders know the risk is there today, especially with key vulnerabilities such as 10KBLAZE and Oracle PAYDAY coming to light in 2019. In the next decade, the industry will continue to see more hackers and attack types, shedding light on how big of a vector these applications are and how little defense there is today. The market is rapidly expanding, and the opportunity to solidify leadership is here.

Onapsis is changing the game with a comprehensive and holistic approach to application protection which is aligned with how businesses work in today’s world. That is one of the main reasons I joined the Onapsis board—the company provides everything from vulnerability scanning and threat detection to compliance and governance for business-critical applications. 

I look forward to seeing many of your in a few weeks at the RSA Conference 2020.  And don’t forget to register for ‘Addressing Risk, the Cloud, and the Applications that Run Your Business’ panel on Tuesday, February, 25 at 2 pm at The Park Central Hotel San Francisco, Stanford Room, 3rd Floor.