Fortune 500 Manufacturer Turns to Onapsis to Break Down IT Silos and Holistically Secure SAP Applications

Onapsis, the global experts in ERP and business-critical application cybersecurity and compliance, today released a case study published by leading analyst firm Enterprise Management Associates (EMA) outlining how a Fortune 500 manufacturer overcame the challenges to securing its most critical business application, SAP.


SAP systems hold the crown jewels of an organization and run core business processes, including ERP, CRM, SCM, finance management, human capital management and procurement, yet these applications are not fully protected by traditional security approaches. For example, patching vulnerabilities can be difficult given that some require a system be taken out of service—a costly proposition for some of the largest organizations. Further, due to the complexity and customization of the SAP application layer, insecure configurations often go unrecognized.

The case study, authored by EMA Research Director Paula Musich, delves into the efforts of an SAP security practitioner to bring greater awareness and in-depth discipline to securing his company’s SAP deployments, bridging the gap between traditional SAP security and information security teams.

Turning to the Onapsis Security Platform and Onapsis Research Labs, this SAP security professional was able to deliver significant business value throughout the organization at all levels:

  • Operationally: Identified previously unrecognized risks and reduce those risks by 60 percent within the first 12 months
  • Organizationally: Formed what is likely the first unified team to govern SAP vulnerability management and security
  • Strategically: Defined and empowered senior leadership to understand and manage their risk posture around the SAP crown jewels

The case study also outlines six key recommendations for others to drive successful programs to ensure SAP applications are secure and compliant.

“I give [Onapsis] full credit for founding an entire industry and bringing much-needed attention to this space. They’re the first and they’ve been more forward-thinking than anyone else in the space. They have a knowledgebase dedicated to protecting SAP that no one else has. Onapsis is a great partner,” said the SAP security professional, who is now a Senior Manager for the Information Security Team.

Onapsis’s CEO, Mariano Nunez, commented, “Based on the criticality of the information and processes they support, as well as the increased threat landscape, securing enterprise resource planning (ERP) environments such as SAP has become a board level discussion and a top-5 initiative for many CISOs. We are fortunate to work with leading professionals and organizations as the one examined in this case study, who help the industry by sharing their best practices and enable peer organizations to protect their crown jewels as well.”