New Securosis Whitepaper Examines Security Model for SAP Cloud Deployments

Independent research firm debunks “lift and shift” myth and outlines foundational elements for building a comprehensive security program when migrating SAP implementations to the cloud

BOSTON, MA – February 8, 2017 – Securosis, an independent research and analysis firm dedicated to thought leadership, objectivity, and transparency, today, with Onapsis Inc, released a whitepaper outlining the foundational security elements organizations should build on when migrating their SAP applications to the cloud. “Securing SAP Clouds,” based on research by Securosis and made available via Onapsis, the global experts in SAP and Oracle application cybersecurity and compliance, covers various topics such as how cloud services are different, how it affects SAP implementations and then maps existing security controls to fit within cloud deployments.

Migrating SAP applications to a cloud environment is a complicated process which requires security to be a top priority. However, unlike transitioning other business applications to the cloud, there is no singular model for what SAP cloud security looks like. This is because many SAP applications are heavily customized and applying the same on-premise strategy to the cloud will result in an insecure implementation.

“Proper implementation is tricky – if you simply ‘lift and shift’ your old model into the cloud, we know from experience that it will be less secure and cost more to operate. To realize the advantages of the cloud you need to leverage its new features and capabilities – which demands a degree of reengineering for architecture, security program, and process,” said Adrian Lane, Analyst and CTO, Securosis.

“We have been receiving an increasing number of questions on SAP cloud security, so this research paper is intended to tackle major security issues for SAP cloud deployments. When we originally scoped this research project we were going to focus on the top five questions people had, and quickly realized that grossly under-served the audience needs for a more comprehensive security plan,” continued Lane.

“Securing SAP Clouds” covers the division of responsibility between an organization and the cloud vendor, which tools and approaches are viable, changes to the security model and advice for putting together a cloud security program for SAP.

“This whitepaper is a must-read for anyone looking to migrate and run their SAP systems to the cloud. Adrian does a great job of outlining what organizations should be cautious of when planning their migration, and provides detailed information for setting up an effective strategy for securing such critical data,” said Mariano Nunez, CEO and co-Founder, Onapsis.

To download “Securing SAP Clouds” please visit:

On March 2nd at 2pm EST, Securosis and Onapsis will host a webcast titled “Securing SAP Clouds” to further discuss this topic. For more information, or to register, please visit:

About Securosis

Securosis is an information security research and advisory firm dedicated to transparency, objectivity, and quality. We are totally obsessed with improving the practice of information security. Our job is to save you money and help you do your job better and faster by helping you cut through the noise and providing clear, actionable, pragmatic advice on securing your organization.

About Onapsis

Onapsis cybersecurity solutions automate the monitoring and protection of your SAP applications, keeping them compliant and safe from insider and outsider threats. As the proven market leader, global enterprises trust Onapsis to protect the essential information and processes that run their businesses.

Headquartered in Boston, MA, Onapsis serves over 200 customers including many of the Global 2000. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, Deloitte, E&Y, IBM, KPMG and PwC.

Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs.

These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the
Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms.

Onapsis has been issued U.S. Patent No. 9,009,837 entitled “Automated Security Assessment of Business-Critical Systems and Applications,” which describes certain algorithms and capabilities behind the technology powering the Onapsis Security Platform™ and Onapsis X1™ software platforms. This patented technology is recognized industry wide and has gained Onapsis the recognition as a 2015 SINET 16 Innovator.
For more information, please visit, or connect with us on Twitter, Google+, or LinkedIn.

Onapsis and Onapsis Research Labs are registered trademarks of Onapsis, Inc. All other company or product names may be the registered trademarks of their respective owners.

Request a Demo from Onapsis

Ready to eliminate your SAP cyber security blindspot?

Let us show you how simple it can be to protect your business applications.

Request a demo