Automobile Manufacturer increases visibility to proactively manage business risks
DownloadIndustry – Automobile Manufacturer
Company Size – Top 25 fortune 500
Challenge
Expand a comprehensive cybersecurity program to include business-critical application optimization and security to strengthen resiliency of SAP systems.
Solution
The Onapsis Platform assesses SAP for vulnerabilities and misconfigurations to understand potential business impact, define remediation strategies and set baselines. With Onapsis, the company was able to build security into projects from the start, continually monitor their entire landscape and prevent configuration drift, ensuring their business-critical applications stay secure and online.
The automobile manufacturer is a longtime SAP partner and relies on the business-application software provider solutions for its global finance and purchasing processes, customer care and after-sales applications. The company is widely considered an early adopter of cybersecurity solutions and recognized as an innovator among fellow Fortune 500 companies and manufacturing organizations. In 2015, the company expanded its comprehensive cybersecurity program to include business-critical application optimization and security technologies with the goal of further strengthening the resiliency of core business applications including SAP.
The first step for the company’s cybersecurity team was to audit and inventory its SAP applications within the network to ensure the highest possible level of visibility and monitoring in support of stringent SLAs with application owners. The second objective was to develop a continuous SAP application security management process that would accelerate and prioritize risk management and drive shared, intelligence-driven remediation processes among its SAP and application owners.
To accelerate its SAP cybersecurity objectives, the automobile manufacturer partnered with Onapsis to augment and multiply the value of application management and GRC tooling provided by SAP and other vulnerability management solutions.
It implemented the SAP-certified Onapsis Platform, which combines a preventative, behavioral-based and context aware approach for detecting, identifying and mitigating risks to business operations, compliance with regulatory mandates and overall cybersecurity posture.
- Scanned and remediated vulnerabilities quickly
- Reduced effort and time spent on QA
- Ensured all applications meet security and compliance requirements
“The main goal of our partnership with Onapsis was to automate SAP application monitoring and vulnerability management in a way that would allow our cross-functional teams to build, deploy and manage better, more resilient SAP applications faster at a lower cost,” said the Director, SAP Center of Excellence at the company. “We knew The Onapsis Platform would enable the SAP security team to show the application teams and business owners where configuration and code imprecisions were inhibiting optimal application performance, while also prioritizing vulnerabilities and SAP Security Notes. We knew this would also provide us the compensating controls necessary to exceed baseline Sarbanes-Oxley (SOX) compliance standards.”
Results
The Onapsis Platform for SAP provided immediate value for the automobile manufacturer.
“Before Onapsis, we had baseline operational and security controls for our SAP applications,” said Director, SAP Center of Excellence at the manufacturer. “Now after implementing The Onapsis Platform, we have an enhanced level of visibility that allows us to proactively manage potential risks to the stability, integrity and performance of the applications we rely on to run our core business operations. It is truly a case where cybersecurity has enhanced the resiliency and stability of our business operations.”
“Onapsis is a true partner to us,” continued the Director. “We count on the Onapsis Research Labs to alert us to the latest critical vulnerabilities and rely on The Onapsis Platform to automate SAP risk management practices. Our teams now communicate more effectively and Onapsis has become an integral part of our overall cybersecurity strategy.”