After spending close to a decade in the world of cybersecurity, it was quite surprising to realize that so many organizations still struggle with properly protecting their ERP applications. Hello Onapsis friends and family! My name is Cindy Valladares and I joined this fantastic company a few months ago to lead our product marketing efforts. My goal is to be a regular new voice in your world of ERP cybersecurity -- and I’m hoping that you would engage with me by posting your comments, questions and feedback! Feel free to also connect on LinkedIn and let me know you read this blog when you do.
In most organizations, even though SAP/Oracle systems are highly critical to an organization’s core functioning (over 92% of the Global 2000 use them) and they are an integral part of our economy (over 77% of the world’s transaction revenue touches these ERP systems), there is minimal visibility into the security or compliance of these applications -- creating a blind spot.
Why is it so difficult to protect these systems and defend against internal misuse and external attacks? Security teams need to constantly adapt to address evolving threats, we all know that, but I believe that the “blind spot” is more acute in this situation. These business-critical applications are usually out of scope for security teams, while the SAP/Oracle administrators are primarily focused on availability and uptime. Very few organizations are able to implement an integrated program to manage security and compliance risk. This problem is compounded by the distributed responsibilities and disparate goals driving the IT and security teams so they can run the business.
To get additional insight into this topic, we’re partnering with 451 Research to understand three primary security concerns and how they’re affecting cybersecurity strategies for organizations. We encourage you to attend our joint webcast, Today’s Top Security Concerns: Are Your ERP Applications Ready? In this webcast (Nov 1 @ 1pm ET) you will learn:
- About the importance of security hygiene, especially in ERP applications -- steps to take to continuously monitor, update and maintain these systems.
- Why compliance projects are topping the demand and attention of information security teams -- and the importance of automated audit reporting.
- How to build an ERP cybersecurity program to address security and compliance requirements.
Here is a sneak peek on the last point, where we will discuss the importance of having visibility into your ERP landscape, and defining and enforcing security policies to prevent configuration drift. We’ll discuss how to assess vulnerabilities, prioritize them based on risk and create remediation plans. Lastly, how to have monitoring or other compensating control during the window when your systems are vulnerable, in order to detect changes that introduce security or compliance risks. I look forward to having you on the webcast!
Source: SAP Corporate Fact Sheet, July 2018 https://www.sap.com/corporate/en/documents/2017/04/4666ecdd-b67c-0010-8…
Source: Oxford Economics/SAP analysis, Feb 2018