Security

11:55 AM
Mariano Nunez
Mariano Nunez
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Why Secure the ERP Jewels in Paper Vaults?

Enterprise resource planning systems are among the most critical for any organization. That makes them very attractive and rewarding targets for attack. Are generic security measures appropriate?

Today’s extended enterprise businesses invest vast chunks of their overall IT spend in upgrading and extending their enterprise resource planning (ERP) systems. Business leaders and IT heads place enormous value in ERP, and rightly so. Large organizations rely heavily on ERP applications to automate and improve efficiencies in finance, human resources, procurement, sales, logistics, and many, many other vital business-critical functions.

Because ERP systems are among the most critical for any organization, that makes them a very attractive and rewarding target for attack. So why do so many organizations assume that generic IT security measures are sufficient for the protection of their most valued processes and sensitive information? As the leading provider of ERP cyber-security solutions, part of the job is alerting business owners to the imminent dangers of leaving ERP systems vulnerable, while recommending the implementation of a comprehensive solution specifically designed to automate the security of valuable ERP systems.

These dangers are certainly very real, and the volume of security vulnerabilities and associated risks affecting ERP systems is increasing rapidly. A number of common misconfigurations are also exposing business-critical information to high-level risks, such as the possibility of malicious parties performing espionage, sabotage, and fraud attacks against vulnerable organizations.

Hackers shutting down ERP systems will quickly paralyze any business’s operations, disrupting integration with any number of business operations and even deleting sensitive information. Fraudsters may choose to modify financial information, tamper with sales and purchase orders, create new accounts, modify merchant data, and more. In highly competitive markets, it’s even possible that ERP systems may be unlocked in order to extract customer, vendor, or HR data -- maybe even planning information, balances, sales data, or unique designs and schemas.

Fortunately, considering the scale and critical nature of the threat, protecting business ERP systems is quick and painless.

A certified ERP security suite is installed in minutes. It will automatically discover and map ERP applications on any network, and is then ready to implement custom scan schedules and security policies to suit the needs and perceived threats of any organization. Insecure configurations and security risks detected are presented through a variety of different reports across any channel, detailing all threats and prioritizing mitigation activities. Without a specialist ERP security suite, business owners and CTOs must invest far greater resources to discover all of the security parameters that must be checked before manually connecting to each component, and then laboriously attemp to understand the involved risks before creating a string of reports.

It’s hard to imagine a business that wouldn’t regard specialized ERP protection as a no-brainer once the facts are presented. Who wouldn’t want to decrease financial fraud risks, enforce compliance requirements, protect against external hackers and insider threats, and drastically reduce audit costs, quickly and cost-effectively? Only purpose-built protection ensures ERP peace of mind.

Mariano Nunez is the CEO and co-founder of Onapsis, managing the strategic direction of the Company. A respected authority on SAP Security, Mariano is credited for being the first security researcher to present on real-world threats to SAP systems. He is also the developer of ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Becca L
50%
50%
Becca L,
User Rank: Author
6/30/2014 | 1:59:01 AM
Pulling out the stops for high-priority informaiton
Mariano, thanks for sharing! Firms often have to apply patchwork security solutions to their data to makes sure the highest-value elements are receiving the best defenses (which are often uneconomical to spread throughout the firm's system). These are usually documents critical to the business's continued operations and as you describe it, enterprise resource planning falls into this top tier. I'm curious how much extra protection you think ERP merits than other highly essential and sesitive business systems?
More Commentary
SEC Examinations: What to Expect When the SEC Is on It's Way
Theodore Eichenlaub highlights trends in SEC expectations and how to approach a risk assessment of your compliance program.
The Value of Predictive Analytics in Financial Services
Risk management and customer data are two key areas where data analytics is being applied in financial services.
Moving the Trader Closer to the Investment Process
The sell side can demonstrate more value by applying analytics to pre- and post-trading, and by educating buy-side clients about broker segmentation, trading behavior and algorithm shortcomings, and more.
Wirehouses May See More Independent BDs as Retention Packages Expire
Retention bonuses are expiring, leaving brokerages vulnerable to attrition. Is access to technology making it easier for brokers to go independent?
SCI: A Whale of a Regulation
The SEC's Reg SCI weights in at a whopping 742 pages. Here is what you need to know about the oversized regulation.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video