Onapsis Comply Packs For Onapsis Assess

Automatically Audit IT Controls Across Your SAP Landscape Eliminate Time-Consuming Manual Efforts for Testing Controls and Collecting Audit Evidence

Challenge

Increased Compliance Pressure and Enforcement for Sensitive SAP Data

Business-critical applications powered by SAP hold the customer, financial, product, employee, and other data needed to keep the organization running and progressing. This type of sensitive data is also heavily regulated by financial and privacy directives (e.g., SOX, PCI DSS, GDPR), with the consequences of non-compliance becoming increasingly steep. Regardless of industry, the pressure to maintain compliance, provide evidence of high security standards, and avoid significant financial or damage has never been greater.

IT general controls testing underpins many of these compliance requirements and regulatory frameworks. Unfortunately, testing IT general controls and collecting audit evidence for business-critical SAP applications is labor-intensive and highly prone to errors due to its manual nature. How many 1000s of hours have your under-resourced teams spent in the past year on menial audit tasks instead of making progress on other more valuable projects and initiatives?

54% of organizations say their cyber and security program is unable to help avoid getting their organization in trouble with regulators 1
~70% of cybersecurity workers feel their organization doesn’t have enough cybersecurity staff to be effective 2

Solution

Right-Sized, Frictionless Audit Capabilities with Onapsis Comply Packs

Transform Onapsis Assess into a powerful SAP audit engine with Onapsis Comply packs. Powered by research and insights from the Onapsis Research Labs, these add-on packs generate the automated testing and evidence you need to quickly validate that IT general controls are in alignment with various 

regulatory requirements (e.g., SOX, NIST/ISO, GDPR, NERC CIP, PCI DSS). 

  • Eliminate manual efforts around testing and collecting audit evidence
  • Identify potential violations earlier and gain prioritization capabilities to stay ahead of auditors
  • Consume only what you need with right-sized policy packs that fit your exact compliance needs

Automate Controls Testing & Evidence Collection

  • Automatically Identify Deficiencies & Potential Findings
    Comply packs evaluate target SAP systems against IT general controls-related elements of various regulations and frameworks (e.g., SOX, GDPR, NIST, ISO)
  • Improve Accuracy and Reduce Manual Effort
    Reduce human error in controls testing and evidence collection for more accurate and repeatable results
  • Offset Cybersecurity Staffing Shortages
    Automating manual efforts frees up resource hours and enables teams to work on higher-value projects that drive the business

“We reduced repeat ITGC deficiencies by over 40%.”

– F500 Consumer Goods Company

Gain Right-sized, Frictionless Audit Capabilities

  • Choose the Amount and Type of Content You Need
    Comply packs are based on regulations or frameworks, so you can pick and consume only the policies you want for your compliance needs
  • Keep Up with New Risks and New Controls
    The Onapsis Research Labs regularly updates policies and generates new ones based on changes in regulations and their latest security intel

“We reduced the time we spend preparing for audits by 99%”

– F100 Chemical Company

Achieve Immediate Value with Out-of-the-Box Policies for Onapsis Assess

With Onapsis, you can choose the right Comply add-on pack license(s) for your internal and external audit needs with regularly updated policies focused on popular regulations and security frameworks. You can also customize these policies in Assess to meet your exact business needs.

  • Sarbanes-Oxley (SOX)
  • Data Privacy (GDPR)
  • PCI DSS
  • ISO / NIST (ISO:27001, NIST 800-53, and NIST 800-171)
  • NERC CIP

 “We’ve automated 83% of our ITGC tasks” 

– F500 Manufacturing Company


1 A C-suite United on Cyber-Ready Futures: Findings from the 2023 Global Digital Trust Insights, PwC, 2022  
2 Addressing the cybersecurity workforce staff shortage, SecurityMagazine, 2022
3 Requires Onapsis Assess subscription license(s)

Protecting Your Company from SAP Cyber Threats: A CEO Fireside Chat

ON DEMAND

Reflecting on over three decades of experience in tackling enterprise security, founders & CEO’s Mariano Nunez (Onapsis) and Richard Hunt (Turnkey) will share their lessons learned and provide practical tips and best practices for securing your organization. We will examine how the approach to SAP security has shifted and the most significant threats facing organizations today and where SAP security fits within the larger context of cybersecurity.

Onapsis Research Labs: April 2023 Patch Tuesday Security Briefing

On Demand Webinar

The threat intelligence and impactful research from The Onapsis Research Labs power the security responses of the largest ERP vendors. To date, the Labs have discovered and mitigated well over 1,000 vulnerabilities and zero-day threats over the years – far and away the most by any threat intelligence group. 

Over the past few months, the Onapsis Research Labs has continued our close working relationship with SAP and their Product Security Research Team (PSRT) as we helped investigate and remediate a family of vulnerabilities in SAP core systems. The SAP PSRT response has been rapid and comprehensive, demonstrating their continued commitment to protecting all SAP customers in partnership with Onapsis.

In this security briefing the Onapsis Research Labs will cover this family of vulnerabilities and provide our insights and security recommendations for you and your team.

CIO’s 2022 Transformation Report Card

Top trends and insights on how executives can approach their transformation initiatives.

Digital transformation and innovation remain a top priority for tech executives, but how are these projects going? And, are they delivering tangible benefits to the business?

Read this report to:

  • Discover how leaders are measuring ROI from their transformation initiatives related to efficiency, productivity, and the ability to support new business models and products.
     
  • Explore the key factors that are separating successful transformation initiatives from failing projects.
     
  • Understand how leaders are scoping initial projects and establishing important metrics.
     
  • Learn how CIOs are increasing collaboration between business and IT, addressing change management challenges, and putting innovation in the hands of the entire organization.

How a Global Apparel Manufacturer Secured Its First SAP Cloud Migration

Industry: Apparel Manufacturing
Company Size: 10k+ employees>5B revenue

Customer Profile

A large international apparel manufacturer needed to expand its operations into new regions by deploying a new SAP system in the SAP HANA Enterprise Cloud (HEC), a common project for companies managing the complexities of SAP security for retail manufacturing. For their first-ever cloud implementation, the company partnered with Onapsis to gain critical visibility and enable a “trust, but verify” approach to their new environment, ensuring a secure cloud migration and operation.

The Challenge: Gaining Visibility in a New Cloud Environment

While moving to SAP HEC offered performance benefits, having a business-critical SAP instance outside of their own data centers for the first time raised major security concerns. To succeed, the manufacturer needed to overcome several key challenges:

  • Gaining visibility into an SAP HEC operational environment managed by a third party.
  • Verifying that the cloud provider was adhering to the manufacturer’s internal security baselines and contractual obligations.
  • Navigating the shared responsibility model for a cloud implementation without having direct control over the infrastructure.
  • Establishing a “trust, but verify” capability to continuously monitor risk in their new cloud-based SAP instance.

The Solution: The Onapsis Platform for “Trust, but Verify”

The apparel manufacturer chose Onapsis as a mandatory security control for their SAP HEC implementation. The Onapsis Platform provided the exact “trust, but verify” capability the project required by delivering:

Deep Visibility into the Cloud Environment

Onapsis provided direct insight into the SAP HEC operational environment and system configurations, which the manufacturer otherwise would not have had.

Continuous Vulnerability & Threat Monitoring

By providing continuous insight into the new cloud instance, the platform empowered the organization to manage risk to their business-critical supply chain. This included comprehensive vulnerability management to assess for security vulnerabilities, missing patches, and misconfigurations, as well as real-time threat detection to monitor for active threats.

Security Baseline Verification

The manufacturer was able to use the data and insights from Onapsis to verify that their cloud instance was being secured according to their own internal security standards and contractual agreements with the provider.

The Results: Confident and Secure Cloud Operations

With Onapsis, the manufacturer successfully navigated its first SAP cloud implementation, gaining the visibility and assurance needed to protect its critical supply chain.

Results at a Glance

  • Complete visibility into their SAP HEC cloud environment’s security posture.
  • Enabled a “trust, but verify” approach to manage their third-party cloud provider.
  • Proactive risk monitoring to identify and address issues without waiting to be notified by the provider.
  • Minimized business disruptions by protecting the security and integrity of their critical supply chain.

“We knew moving our SAP instance to a cloud environment would introduce new risks and we needed a solution to support the shared security model. Only Onapsis provides visibility into the SAP HEC operational environment so we can ‘trust, but verify’ that our system is secured to our standards. We can now continually monitor risk, ensure the integrity and security of our supply chain and protect our business.”

CISO, Apparel Manufacturer

A Blueprint for Secure Cloud Migration

This manufacturer’s success provides a clear model for securing your own cloud journey. Their key to success was adopting a “trust, but verify” approach. Key takeaways for your organization include:

  • Build security in from the start of any cloud project to avoid costly delays.
  • Gain independent visibility into your cloud provider’s environment to ensure your security standards are being met.
  • Continuously monitor your cloud SAP instance for new threats and vulnerabilities post-migration.
Onapsis Webinar

1000 Reasons: Lessons Learned from a Decade of Business-Critical Application Security

Insights from Onapsis Founders on Protecting Critical Systems of Leading Brands and Modern-Day ERP Security Strategies

ON DEMAND

Over a decade ago, Onapsis was founded in a small office in Buenos Aires, Argentina. Today, the organization has grown by leaps and bounds with a global presence and capabilities centered around protecting the critical systems of hundreds of the world’s leading brands including 20% of the Fortune 100. Join this fireside chat with two of the founders of Onapsis – Mariano Nunez, CEO, and JP Perez-Etchegoyen, CTO – to hear their take on the state of critical application security, thoughts on modern day SAP and Oracle attacks and threat actor groups, and a new way of thinking about ERP security to protect what matters most to your organization.

Shift Left: Five Reasons Why You Should Extend DevSecOps to Your SAP Environment

Enhancing Security and Efficiency: Exploring the Benefits of DevSecOps Integration in SAP Environment

ON DEMAND

What is DevSecOps? It is the process of implementing security best practices within the application development lifecycle. As digital transformation projects accelerated work schedules on new code and applications, security frequently fell to the wayside in favor of business application output. With the average SAP system having well over 2 million lines of custom code, large global enterprises are growing more concerned about how vulnerable their critical applications may be. Join this webinar to get a better understanding of why you, too, should consider incorporating your SAP application development into a broader DevSecOps framework and some best practices on how to get started in your SAP development.