Multinational Food Manufacturing Company Case Study
DownloadIndustry – Food Production
Company Size – 160k+ employees, >$115B revenue
Challenge
As one of the world’s largest food production and shipping companies, with involvement in agriculture, animal nutrition and protein, food and financial and industrial processes, this 150-year-old multinational organization with locations in 70 countries operates at a scale and reach unlike many others. This operational footprint presents them with significant challenges and opportunities from an SAP perspective. They have 400 SAP applications spanning 40 products and 25,000 users, and undertake nearly 400 active projects per month. Given this magnitude and the critical nature of these systems, the organization needed a solution that would help them identify, understand and mitigate security risks across their entire landscape. With security baselines established, they needed a way to measure and operationalize them across new and existing application use cases, including new business ventures, partnerships and growth projects from the start.
As well as SAP security and meeting internal baselines, the organization needed support in terms of regulatory compliance, responding to and demonstrating adherence with legislation such as GDPR and CCPA. Maintaining both their security and compliance posture, despite the significant volume of change involved with managing an SAP system of this scale, was essential for achieving their ultimate goal of cyber resiliency for their business-critical applications.
- Understand business risk due to system vulnerabilities
- Streamline the SAP patching process
- Prevented unauthorized changes and misuse, supporting application stability
- Integrated directly with SIEM to monitor for SAP threats
- Ensured compliance with internal and industry policies
“Most security professionals can’t spell SAP, yet 77% of global GDP passes through SAP systems. This establishes them as critical systems, but the lack of knowledge around the systems means they are often overlooked. The further up the stack you go, the more specialized this knowledge becomes. There are very few SAP security specialists that look at specific applications and how they pose a threat this is what makes Onapsis such a valuable partner for us.”
Solution
Onapsis’s pedigree in both security and compliance for SAP positioned them as the perfect solution for the food production company. The success comes from a relationship based on a partnership, instead one between customer and provider, with each side understanding the role they play. Onapsis provides the actionable insight and continuous monitoring the organization needs to understand security and compliance risk within their SAP environments, but it is ultimately up to the organization to prioritize and respond to these risks given their risk posture and tolerance. Likewise, if the organization needs additional information or support, Onapsis provides the expertise they need to act and protect their applications. By partnering with Onapsis, the organization keeps their global SAP stable, protected and compliant with security baselines. They are able to:
- Gain visibility to make informed decisions about levels of acceptable residual risk
- Discover and understand business risk due to system vulnerabilities, missing patches and misconfigurations, which helps to frame conversations around risk with internal business partners
- Simplify compliance and demonstrate they are in line with internal security baselines and industry regulations
- Streamline the patching process and understand how to prioritize missing SAP notes
- Continuously monitor their system health, which helps to maintain application availability and stability, and identify and prevent unauthorized changes, misuse or cyberattacks
- Integrate directly with their SIEM with custom alarms to inform SOC of potential exploits or threats to SAP systems & applications
- In the future, manage change via code and transport analysis to accelerate development, avoid downtime or errors and minimize manual reviews