CONTACT AN SAP EXPERT
Search
CONTACT AN SAP EXPERT

Securing Mission-Critical Applications in the Cloud

/in /by

Protect business processes from the core to today’s new cloud edge

Connecting a Complex Mix of Application Environments

The mission-critical applications that run your business-supply chain management (SCM), human capital management (HCM), enterprise resource planning (ERP), customer relationship management (CRM), business intelligence (BI) and other systems-have shifted from running solely within a controlled, self-managed environment to a complex and interconnected mix of on-premises, infrastructure as a service (laaS), platform as a service (PaaS) environments and software as a service (SaaS) offerings.

At the same time, digital transformation, including cloud, DevOps, artificial intelligence, robotic process automation and other initiatives, introduces new software and capabilities in the most agile, fast and cost-effective way possible, with security often being an afterthought. As a result, constant change from continuous integration and continuous deployment can introduce errors, overly privileged user access and vulnerabilities that put the business at risk.
While cloud computing and interconnectivity bring operational benefits, such as agility, cost savings and efficiencies, they also create new challenges. IT, cybersecurity and risk professionals must overcome these challenges to protect the enterprise against internal and external threats, ensure compliance with regulatory requirements and optimize availability. Without a complete view across on-premises, laaS, PaaS and SaaS environments, it’s impossible to understand your company’s true application security risk or accurately identify and address the most severe gaps, vulnerabilities and threats.

Protecting Business Processes from the Core to Today’s New Cloud Edge

Onapsis is purpose-built to protect organizations from cyber threats, streamline regulatory compliance and improve availability and performance of mission-critical applications from SAP, Oracle, Salesforce and others across cloud, hybrid and on- premises deployments. You will get a complete view into your most important applications and how they connect to one another, no matter where the applications are running-without multiple tools and additional expertise. Onapsis simplifies interconnected systems and uncovers risk introduced by connecting applications to help you protect the intelligent enterprise, while ensuring compliance and enhancing performance and availability.

With The Onapsis Platform, you can:

  • Reduce the security and compliance risk of extended business processes

  • Enforce security and compliance baselines

  • Monitor application security, user activity and threats in production

  • Accelerate and ease cloud adoption

  • Trust, but verify, security of cloud applications

Uncovering Risks in Interconnected Applications

As business processes get extended into the cloud, it becomes increasingly difficult for IT, cybersecurity, development and audit and compliance teams to understand which applications and services support critical business processes, how they interconnect with each other and how changes impact compliance, security and performance over time.

Onapsis can help teams answer these and other questions about their extended business processes:

  • Are interconnected processes compliant with relevant regulations and standards?
  • Do connected SaaS applications follow best practices for configuration?
  • Are users assigned too many privileges, violating Segregation of Duties requirements?
  • Is there misuse of privilege?

Delivering Context into the Entire Application Environment

With The Onapsis Platform, your company gains application- and business-level context to the entire application environment, with a 360-degree view of cyber risk across your critical applications, both on-premises and in the cloud. Designed for cross-functional collaboration among IT, cybersecurity, development and audit and compliance teams, The Onapsis Platform gives you:

  • Complete protection of mission-critical applications
  • A holistic view into applications on-premises, in the cloud, in a managed service or in a SaaS model
  • Expertise and experience to help you understand how mission-critical applications can be exploited
  • Security, continuous compliance and the ability to ensure performance and availability

Onapsis Delivers Proven Results

Companies using Onapsis have experienced:

  • 80% reduction in the cost of security testing associated with application modernization
  • 50% acceleration of cloud migration and digital transformation projects
  • 90% automation of manual audit reporting tasks

Protect the Core and Cloud Edge with The Onapsis Platform

Onapsis delivers the actionable insight, secure change, automated governance and continuous monitoring capabilities required by cross-functional teams to optimize workflows and automate manual tasks. Your teams will embrace and accelerate application modernization, cloud and mobility initiatives while keeping your company’s most vital systems and data protected and compliant.

The Onapsis Platform is powered by the Onapsis Research Labs, our dedicated security research team responsible for the discovery and mitigation of more than 800 vulnerabilities in mission-critical applications. The reach of our threat research and platform is broadened through leading consulting and audit firms such as Accenture, Deloitte, IBM, PwC and Verizon-making Onapsis solutions the de-facto standard in helping organizations protect their cloud, hybrid and on- premises mission-critical information and processes.

Onapsis Assess for SAP SuccessFactors

Onapsis Assess for SAP SuccessFactors

/in /by

SAP SuccessFactors contains some of an organization’s most sensitive and regulated data, including employee PII and bank account details to support payroll. Protecting this data – ensuring only authorized users can access and modify it, minimizing risk of breach – is essential for avoiding fraud and costly compliance violations.

Global Chemical Manufacturing Company Case Study

/in /by
Industry: Manufacturing, Chemicals
Company Size: 100k+ employees >60B revenue

Challenge

Costly, unexpected project delays due to manual code reviews and lack of transport visibility

A global chemical company relies on SAP for their business critical applications and leverages custom code development to support their organization. However, the organization struggled to keep up their development cycles at a pace that aligned with the speed of their business. A manual code review process with no way to check transports for errors, led to long, error prone, development cycles for SAP applications. Additionally, it was difficult to implement changes without impacting existing system performance, or introducing security or compliance issues. This resulted not only in missed project deadlines but also unexpected costs, due to remediation efforts and rework when errors in code were brought into production.

“Onapsis helps us address two of the biggest trouble areas in our change management processes—custom code and transports. A third-party solution for analyzing these that integrates into SAP ChaRM allows us to get things right the first time and avoid costly rework and manual analyses.” 

Security Architecture Manager, Global Chemical Company

Solution

Onapsis Control automates code scans, checks transports, and reduces development cost and time

The company found the ideal solution in Onapsis Control. They were able to eliminate their manual code review processes and automatically scan hundreds of lines of codes in minutes for errors. Onapsis Control’s detailed explanations and step-by-step remediation guidance shortened their time to resolution and accelerated their development cycle. Deep visibility into their transport errors prior to production enabled the resolution of problematic transports prior to import. This eliminated the need to remediate production errors and also enabled projects to be delivered on time and within budget. The company was able to use Onapsis Control’s ability to check code and transports for quality issues that can negatively impact system performance, compliance, and security. They were also able to ensure that system changes enabled by transports did not impact system performance,. Because they received timely, critical threat intelligence from the Onapsis Research Labs, the company had confidence they could stay ahead of the latest potential threats to their SAP landscape.

“With Onapsis, we can be more confident that the changes we’re making aren’t going to cause disruptions or performance issues while addressing security and compliance at the same time. It’s a win for everyone.”

Security Architecture Manager, Global Chemical Company

Results

  • 25% less time spent on code reviews
  • 65% less costs on remediation activities
  • 75% reduction in security and quality errors imported into production

Implementing Onapsis Control has enabled the company to incorporate security earlier into their application development cycle, thereby reducing costly errors in production that affect manufacturing and delivery processes. Deep scanning of transports ensures that configuration or authorization changes that violate company policy or manufacturing process guidelines are blocked and, ultimately, rewritten prior to being deployed in the production environment.

This resulted in a 75% reduction in the number of security and quality errors imported into production. As a result, their development process is more secure and efficient, and they have eliminated time-consuming rework and costly system disruption or downtime. The development team also replaced their time-consuming manual code review process with the automatic code scans of Onapsis Control, reducing their code review cycle time by 25%.

Volume XV: SAP® Security In-Depth: Preventing Cyberattacks Against SAP Solution Manager

/in /by

Highlighted in a recent IDC survey of 430 IT decision makers, 64% of organizations have experienced a breach of their ERP systems, either SAP or Oracle E-Business Suite. Why?

  • Attackers are specifically targeting the crown jewels of the organization, supported by their ERP systems
  • More ERP systems are exposed to the internet than ever before 
  • Traditional perimeter-focused security approaches are not effective at protecting business-critical applications
  • Software vulnerabilities, if left unpatched, create risk and opportunities for attackers 

With this in mind, the Onapsis Research Labs works very closely with both SAP and Oracle to help identify and fix vulnerabilities. When we find a vulnerability, it is our mission to help keep organizations protected. We provide a solution, The Onapsis Platform, and best practices and advice.

Dating back to 2019, SAP has issued three HotNews Security Notes for Solution Manager (SolMan). The most recent in March 2020 addresses a critical vulnerability. An exploit of this vulnerability can be unauthenticated, needing no user credentials, leading to access of any SAP system to potentially cause fraud, theft and disruption. 

As a result, the Onapsis Research Labs, who found this SolMan vulnerability, has issued an updated SAP Security In-Depth (SSID) report providing best practices for preventing cyberattacks against SAP SolMan. We highly encourage you to apply this latest SAP patch and also follow our guide for keeping SolMan and your SAP landscape secure.

For more information, check out our blog post analysis of the March 2020 SAP Patch Day 

Critical SAP RECON Vulnerability: Who is at Risk & How to Protect Your Business

/in /by

Duration: 60 minutes
Available On Demand

This session will discuss how the Onapsis Research Labs and SAP Security Response Team collaborated to patch the critical RECON vulnerability in record time. You will also learn the details of the RECON vulnerability, who is at risk, what SAP systems are affected, what the business impact could be if exploited and how to protect your organization.

Sitemap  | Terms of Use | Privacy Policy   |  Quality Policy  |  Disclosure PolicySecurity Vulnerability Reporting Guidelines |  ©2025 Onapsis  |  All rights reserved