Cybersecurity and compliance leader, Onapsis, has extended the Onapsis Security Platform (OSP) to include the Enforce and Protect module to “lock down” SAP systems, preventing them from drifting into an insecure or non-compliant state and enabling InfoSec and SAP teams to protect their systems and enforce compliance.
“Keeping SAP business-critical applications protected and compliant can be a constant struggle for security, compliance and BASIS teams alike,” said Ashish Larivee, chief product officer, Onapsis. “This means that even securely-configured systems often unknowingly drift back into an insecure or non-compliant state.”
Based on feedback from hundreds of global SAP customers, Onapsis developed Enforce and Protect to overcome the threat of configuration drift, which can leave organisations vulnerable to both attack and regulatory penalties.
Onapsis researchers discovered that, because SAP system misconfiguration fixes have long been documented in security notes, attackers may be able to gain access to valuable business data or take control of the system.
Configuration drift can be caused by emergency fixes and problem resolutions, or by deploying new functionality. In fact major business projects such as digital transformation can be the source of configuration drift. Onapsis cites incorrectly assigning high-privilege access or turning off critical audit logs and RFC connection configurations as examples of common problems leading to configuration drift.
“This new capability will prevent such risks and help protect SAP systems that contain the crown jewels for many businesses,” said Larivee.
Enforce and Protect, available in June, will enable OSP customers to:
- automatically stop critical system changes
- receive an alert if an update could make the system insecure or non-compliant
- approve out-of-band configuration changes
- record and log changes for audits and investigations
- maintain secure configuration settings, and
- ensure configurations adhere to corporate policies.