That’s why the validation of The Onapsis Platform for Cybersecurity and Compliance as an SAP Endorsed App is such good news. Onapsis is a Swiss Army Knife of SAP cybersecurity: It does multiple things well, including helping Accenture embed robust security for its global client base.

It’s important to note that SAP works hard to deliver secure solutions. However, the complexities of customizing across hundreds if not thousands of configuration settings can inadvertently open vulnerabilities even in the best of hands. This is where Onapsis comes in. It provides a one-stop-solution and dashboard to identify, measure and continually monitor configuration settings, custom code bases and other aspects of SAP cybersecurity.

This, in turn, makes our job of delivering secure SAP systems to our clients easier and faster, while achieving leading-edge cybersecurity.

In the end, it’s about the ecosystem

For too long, “SAP Security” has equated in many people’s minds to access controls (e.g. roles) and compliance (e.g. GRC, SoD, etc.).  While it’s important to get these aspects right in an implementation, a changing threat landscape – including public cloud migrations and implementations – means that focusing on the cybersecurity elements of the entire ecosystem is just as important. 

Another advantage of Onapsis’ new status is that it enables companies to stay within their SAP-first strategies. Onapsis helps clients gain visibility into the vulnerabilities within their SAP ecosystem all in one place and is continually updated with the latest security research to stay ahead of attackers. When utilizing the strategic relationship between Accenture and Onapsis, our clients can rest easy knowing that two strong SAP players are on guard.

Onapsis provides a robust SAP vulnerability management technical solution that informs remediation and compliments our services. It also offers the ability to feed its information to SEIMs by making SAP’s log data easier to use and performing key analysis before the data even hits the SEIM, reducing the amount of data to be ingested and stored by a client’s SEIM solution. It also enables static scans to identify misconfigurations and can scan custom code for vulnerabilities, then present its results in a consolidated dashboard across all in-scope systems. This in turn can improve visibility, controls and compliance.

Drilling down

Onapsis makes it easier to identify external attackers and internal people who may be ‘misbehaving,’ but that’s only the tip of the iceberg. In 2019, for example, when a security researcher published code that enabled the exploitation of common misconfigurations that could enable bad actors to take over and own SAP systems without detection, the Onapsis Security Platform had already been updated to identify if the exploit was being deployed. That’s why, if a bad actor were to try to elevate privileges or corrupt data, together we and Onapsis can help.

Big-picture improvements

When we implement the Onapsis security platform, a newer, wider world of cybersecurity becomes possible: We can layer-on industry specific tools and processes, incorporating SAP cybersecurity into a broader enterprise vulnerability program.

Because we offer industry specific security knowledge and expertise in operating SOCs, we can perform analysis and correlation to discover signs of compromise, ensuring SAP isn’t a blind spot in the cybersecurity picture.

We also help clients focus on additional elements of a strong robust security posture, such as identity and access management integration with SAP, GRC access controls, ServiceNow integration, encryption and overall threat and vulnerability management. 

With Onapsis as an SAP Endorsed App in our arsenal, we are now able to offer our clients a more robust SAP cybersecurity and compliance service to help secure their business. As a leading business partner of SAP and Onapsis, we are incredibly enthusiastic about Onapsis joining the rank of SAP’s newest Endorsed Apps designation.

Bottom line, the combination of us and Onapsis constitutes a clear path to robust cybersecurity services for clients using SAP.

 

About Accenture

Accenture is a leading global professional services company, providing a broad range of services in strategy and consulting, interactive, technology and operations, with digital capabilities across all of these services. We combine unmatched experience and specialized capabilities across more than 40 industries — powered by the world’s largest network of Advanced Technology and Intelligent Operations centers. With 513,000 people serving clients in more than 120 countries, Accenture brings continuous innovation to help clients improve their performance and create lasting value across their enterprises. Visit us at www.accenture.com.

Accenture Security helps organizations build resilience from the inside out, so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture helps organizations protect valuable assets, end-to-end. With services that include strategy and risk management, cyber defense, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.

The information in this blog post is general in nature and does not take into account the specific needs of your IT ecosystem and network, which may vary and require unique action. You should independently assess your specific needs in deciding to use any of the tools mentioned. Onapsis as an SAP Endorsed App is not an Accenture tool.  Accenture makes no representation that it has vetted or otherwise endorses this tool and Accenture disclaims any liability for its use, effectiveness or any disruption or loss arising from use of this tool.

This document is produced by consultants at Accenture as general guidance. It is not intended to provide specific advice on your circumstances. If you require advice or further details on any matters referred to, please contact your Accenture representative.

This document makes reference to marks owned by third parties. All such third-party marks are the property of their respective owners. No sponsorship, endorsement or approval of this content by the owners of such marks is intended, expressed or implied.

Copyright © 2020 Accenture. All rights reserved. Accenture and its logo are trademarks of Accenture.

Rex Thexton

Managing Director – Accenture Security, Applied Cybersecurity Lead


Tara Khanna

Managing Director – Platform & Data Security Lead

Subscription Center
Subscribe to Security Blog Subscribe to Security Blog