Managing Risk in the Cloud: Global Apparel Manufacturer Gains Visibility and Threat Intelligence for SAP HEC
DownloadIndustry: Apparel Manufacturing
Company Size: 10k+ employees>5B revenue
Challenge
Gain visibility into SAP HEC operational environment to understand security threats, manage risk, protect supply chain integrity and avoid disruptions to business operations.
Solution
The Onapsis Platform assesses and monitors SAP environments, including those operating in the cloud, for vulnerabilities, misconfigurations and threats. With this insight, the manufacturer can understand risk to their business operations and verify that their supply chain is adequately protected, even when it is being hosted by a third-party.
Background
A large international apparel manufacturer running multiple independent, in-house SAP systems around the world wanted to implement an additional system to cover new geographical regions, but this time running on the SAP HANA Enterprise Cloud (HEC). The business relies on these systems to run their supply chain and manufacturing processes, so ensuring performance, availability and security of the new system was critical.
While moving to SAP HEC would bring processing, analytics and performance improvements, having an SAP instance outside of their data centers for the first time, along with the shared security nature of cloud implementations, raised major concerns for the project. In order for the implementation to succeed, the manufacturer needed visibility into the SAP HEC operating environment so they could manage risk and verify that their new system was secured in line with their existing standards.
Solution Requirements
- Visibility into the SAP HEC operational environment and configurations
- A way to verify that the SAP HEC environment running their SAP instance was operating in line with the manufacturer’s security baselines
- Ability to continuously monitor their new cloud SAP instance for security vulnerabilities, missing patches, misconfigurations, threats, etc.
Solution
The apparel manufacturer found their ideal solution in Onapsis, including them as a mandatory security control for the SAP HEC implementation. Onapsis provided visibility into the cloud operational environment, continuous vulnerability assessment and threat monitoring, empowering the organization to understand and manage risks for their business-critical supply chain. With direct insight into the cloud environment, the manufacturer is now able to verify that their instance is being secured according to contractual obligations and their security baselines. Given this was their first cloud implementation—the first time they were no longer responsible for operating, maintaining and securing SAP themselves—this “trust, but verify” approach was an essential element to the project, powered by the data and insights provided by Onapsis.
“We knew moving our sap instance to a cloud environment would introduce new risks and we needed a solution to support the shared security model. Only onapsis provides visibility into the sap hec operational environment so we can ‘trust, but verify’ that our system is secured to our standards. We can now continually monitor risk, ensure the integrity and security of our supply chain and protect our business.”
CISO, Apparel Manufacturer
Results
- Visibility into cloud environment: Onapsis assesses and monitors the SAP HEC environment for system vulnerabilities, misconfigurations, threats and more so the organization can verify the security posture of their cloud instance
- Threat intelligence: Onapsis not only finds security issues, but also provides essential context so the manufacturer can understand business impact and risk
- Proactive risk monitoring: The organization now has operational insights in the event that something goes wrong with their instance—they can be proactive versus having to wait to be notified by SAP
- Reduce business disruptions: Protecting the security and integrity of their supply chain minimizes risk to system availability and business operations to help ensure strong brand reputation