Onapsis to enforce compliance and protect business-critical applications

Onapsis, a provider of business-critical application cybersecurity and compliance, has launched new functionality to lock down SAP systems.

The company has extended the Onapsis Security Platform (OSP) with the launch of the Enforce and Protect product module. OSP claims to be the first platform to enable InfoSec and SAP teams to enforce compliance and protect business-critical applications by actively preventing these systems from drifting into an insecure or non-compliant state.

“Keeping SAP business-critical applications protected and compliant can be a constant struggle for security, compliance and BASIS teams alike. In any large, dynamic environment, multiple teams need to access and modify systems to support ever-changing business requirements,” said Ashish Larivee, chief product officer at Onapsis. “This means that even securely-configured systems often unknowingly drift back into an insecure or non-compliant state. This new capability will prevent such risks and help protect SAP systems that contain the crown jewels for many businesses.”

Ensuring systems are configured securely and stay that way continues to be a difficult problem to solve. The configuration drift threat has the potential to be more damaging to organisations than zero days and other modern attacks and may go unnoticed until an audit or assessment is performed. This leaves organisations vulnerable to attack as well as to regulatory penalties such as GDPR.

The new, patent-pending Enforce and Protect product functionality enables OSP customers to automatically stop critical system changes to prevent SAP systems from becoming insecure or non-compliant.

It also enables them to receive immediate alerts if an unplanned update could make a system insecure or non-compliant, approve out-of-band configuration changes that are required as exceptions, and maintain secure configuration settings that require significant time and investment.

The new functional also provides customers with record and log change activity for audit and investigations and claims to continuously assure configurations adhere to corporate policies for all SAP versions, including S/4 HANA.

“Any large organisation knows the difficulty of implementing secure configurations in their SAP landscape, but once configured, they have no way to ensure that they do not drive back to an insecure state. Onapsis is an example of a provider helping customers address this problem by monitoring system changes at all times and enforcing a ‘clean’ security and compliance posture,” said Scott Crawford, research director at 451 Research.

Headquartered in Boston, MA, Onapsis serves over 200 customers including many of the Global 2000. Its solutions are also the de-facto standard for leading consulting and audit firms such as Deloitte, IBM, Infosys and PwC.

Earlier this year, Onapsis closed a $31m Series C minority funding round. The round was led by new investor LLR Partners, with participation from existing institutional investors .406 Ventures, Evolution Equity Partners and Arsenal Venture Partners. It brings Onapsis’ total funding to $62m and will see David Stienes, partner at LLR Partners, join the company’s board of directors.

Copyright © 2018 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst


The following investor(s) were tagged in this article.