From 2007 to Now: Onapsis’ CEO’s Thoughts on Business-Critical Application Security recognized by Gartner in the Hype Cycle for Application Security

Today Gartner recognized Business-Critical Application Security as an emerging market trend, in the 2017 Hype Cycle for Application Security that has just been released. Having been the first security researcher to present on advanced threats affecting SAP Business-Critical Applications more than 10 years ago at Black Hat 2007, and having later founded Onapsis as the first cyber-security company to focus exclusively on this topic, I see this is an important milestone and validation for our team, customers and partners.

Hype Cycle

Today, 87% of the Global 2000 rely on business-critical applications such as SAP and Oracle to manage their data, such as ERP, HCM, CRM, BI and Supply Chain Management. These systems are truly the lifeblood of the organization as they house and manage all of the critical processes and data that companies rely on to run their daily processes.

If you ask the CIO or CISO of any large organization to identify their most critical applications, you can bet that SAP/Oracle Apps will be the TOP-5, if not the single most important one.

Despite housing an organization’s “crown jewels” – intellectual property, financial, credit card, customer data, supplier data and database warehouse information – Business-Critical Applications are not protected by traditional security solutions. This issue was really brought to the forefront in May 2016 when the DHS worked with Onapsis to release the first ever US-CERT Alert for Exploitation of SAP Business Applications, which was mentioned at the Gartner Security Summit just a month after in June 2016.

While security should always be at the forefront, these critical systems are also subject to strict compliance mandates such as PCI, PII Privacy Laws, SoX, NIST and shortly, GDPR. Maintaining compliance of these constantly evolving systems can be a huge undertaking for Internal Audit teams as they prepare for their 3rd party yearly audits.

At Onapsis, we have pioneered and been solely focused on helping organizations secure these Business-Critical Applications since our inception in 2009. We began lecturing and training on this topic at Black Hat in 2007 and now heading into another Black Hat conference 10 years later we have been amazed at the acceptance and growth in this market from our customers, partners and industry professionals. It truly validates the importance that organizations place on these critical systems, the vital data that resides within them and the way their security and internal audit postures are changing to ensure these systems are secure.

The Onapsis Security Platform is the most widely-used SAP-certified cyber-security solution in the market, being trusted by the world’s largest organizations. I believe that this latest recognition by Gartner will further accelerate the development of this market, helping leading CIOs and CISOs answer one critical, fundamental question: “Are our Business-Critical Applications secure?”