SAP SuccessFactors contains some of an organization’s most sensitive and regulated data, including employee PII and bank account details to support payroll. Protecting this data – ensuring only authorized users can access and modify it, minimizing risk of breach – is essential for avoiding fraud and costly compliance violations.
Costly, unexpected project delays due to manual code reviews and lack of transport visibility
A global chemical company relies on SAP for their business critical applications and leverages custom code development to support their organization. However, the organization struggled to keep up their development cycles at a pace that aligned with the speed of their business. A manual code review process with no way to check transports for errors, led to long, error prone, development cycles for SAP applications. Additionally, it was difficult to implement changes without impacting existing system performance, or introducing security or compliance issues. This resulted not only in missed project deadlines but also unexpected costs, due to remediation efforts and rework when errors in code were brought into production.
“Onapsis helps us address two of the biggest trouble areas in our change management processes—custom code and transports. A third-party solution for analyzing these that integrates into SAP ChaRM allows us to get things right the first time and avoid costly rework and manual analyses.”
Security Architecture Manager, Global Chemical Company
Onapsis Control automates code scans, checks transports, and reduces development cost and time
The company found the ideal solution in Onapsis Control. They were able to eliminate their manual code review processes and automatically scan hundreds of lines of codes in minutes for errors. Onapsis Control’s detailed explanations and step-by-step remediation guidance shortened their time to resolution and accelerated their development cycle. Deep visibility into their transport errors prior to production enabled the resolution of problematic transports prior to import. This eliminated the need to remediate production errors and also enabled projects to be delivered on time and within budget. The company was able to use Onapsis Control’s ability to check code and transports for quality issues that can negatively impact system performance, compliance, and security. They were also able to ensure that system changes enabled by transports did not impact system performance,. Because they received timely, critical threat intelligence from the Onapsis Research Labs, the company had confidence they could stay ahead of the latest potential threats to their SAP landscape.
“With Onapsis, we can be more confident that the changes we’re making aren’t going to cause disruptions or performance issues while addressing security and compliance at the same time. It’s a win for everyone.”
Security Architecture Manager, Global Chemical Company
Implementing Onapsis Control has enabled the company to incorporate security earlier into their application development cycle, thereby reducing costly errors in production that affect manufacturing and delivery processes. Deep scanning of transports ensures that configuration or authorization changes that violate company policy or manufacturing process guidelines are blocked and, ultimately, rewritten prior to being deployed in the production environment.
This resulted in a 75% reduction in the number of security and quality errors imported into production. As a result, their development process is more secure and efficient, and they have eliminated time-consuming rework and costly system disruption or downtime. The development team also replaced their time-consuming manual code review process with the automatic code scans of Onapsis Control, reducing their code review cycle time by 25%.
Rex Thexton of Accenture discusses why onapsis is an important part of keeping your mission-critical applications secure and compliant, especially when moving to the cloud.
Chaitanya Geddam at Accenture talks about how the Onapsis risk assessment process helps their Oracle customers get answers in hours instead of years.
Listen to Tara Khanna at Accenture discuss today’s risk landscape as it applies to SAP security and how Onapsis can help develop your strategy.
Hear from James Carrigan at Verizon why they decided to partner with us to help their customers secure their mission-critical applications and add value to their offerings.
Highlighted in a recent IDC survey of 430 IT decision makers, 64% of organizations have experienced a breach of their ERP systems, either SAP or Oracle E-Business Suite. Why?
With this in mind, the Onapsis Research Labs works very closely with both SAP and Oracle to help identify and fix vulnerabilities. When we find a vulnerability, it is our mission to help keep organizations protected. We provide a solution, The Onapsis Platform, and best practices and advice.
Dating back to 2019, SAP has issued three HotNews Security Notes for Solution Manager (SolMan). The most recent in March 2020 addresses a critical vulnerability. An exploit of this vulnerability can be unauthenticated, needing no user credentials, leading to access of any SAP system to potentially cause fraud, theft and disruption.
As a result, the Onapsis Research Labs, who found this SolMan vulnerability, has issued an updated SAP Security In-Depth (SSID) report providing best practices for preventing cyberattacks against SAP SolMan. We highly encourage you to apply this latest SAP patch and also follow our guide for keeping SolMan and your SAP landscape secure.
For more information, check out our blog post analysis of the March 2020 SAP Patch Day
ON DEMAND
SAP’s July Security Notes include a fix for a critical vulnerability – CVSS score of 10 out of 10 – named RECON. Successfully exploiting RECON could give an unauthenticated attacker full access to the affected SAP system, including the ability to modify financial records, view personal identifiable information (PII), corrupt data, delete or modify logs and traces, and other actions that put essential business operations and regulatory compliance at risk.
The Onapsis Research Labs first identified this vulnerability in May 2020 and has worked closely with the SAP Security Response Team on a mitigation strategy. More than 40,000 SAP customers may be vulnerable to RECON, with upwards of 2,500 Internet-facing systems facing even greater risk.
Attend this session to learn:
