Boston, MA – January 18, 2018 – Onapsis, the global experts in SAP and Oracle application cybersecurity and compliance, today announced key highlights from another highly rewarding year. The momentum from this year confirms the company’s leadership in the newly established market of business-critical application security. In addition to an outstanding increase in year-over-year recurring revenue for the fifth consecutive year, Onapsis added dozens of new Fortune 2000 customers across the United States and Europe, representing industries including Oil & Gas, Energy, Entertainment and Pharmaceuticals. Driving this growth was the confirmation of Onapsis as the de-facto standard for securing SAP platforms, as well as Onapsis’s product expansion into Oracle E-Business Suite, further demonstrating the company goal to secure ERP applications from cyberattacks.
“I’m very proud of the achievements and growth of the company in 2017 as it marks another hallmark year of rewarding milestones achieved by Onapsis. Our sustained hypergrowth and immediate acceptance of new product enhancements further validates the very real and evolving urgency organizations face to gain visibility into and proactively protect applications that run their most critical business processes. As threats in the market continue to progress and organizations are faced with strategic digital or cloud transformation projects, we are continuing to provide the market with the advanced research, technology and processes necessary to protect against threats and safeguard compliance programs as well as the business ‘crown jewels’,” said Mariano Nunez, CEO and Co-founder of Onapsis.
2017 demonstrated a turning point in the maturity of business-critical application cybersecurity. Organizations are no longer looking at this problem as a ‘nice to fix’, but a ‘must fix’ as they move into 2018. Business-Critical Application Security was cited by Gartner in its “Hype Cycle for Application Security, 2017.”1 In the report, contributing VP Distinguished Analyst Neil MacDonald writes, “As business-critical applications are opened up to partners and exposed on the public internet, and as attackers target these applications, their risk profile is changing. By definition, business-critical application security applies to applications critical to the functioning of the business. Downtime of the core ERP system of an enterprise can be catastrophic. Outages and theft caused by hackers should be viewed as critical as downtime caused by hardware or software failures.”
Over 87% of the Global 2000 rely on business-critical applications, such as SAP and Oracle, to manage their data including ERP, HCM, CRM, PLM, BI and SCM. Despite housing an organization’s ‘crown jewels’, i.e. intellectual property, financial, credit card and database warehouse information, and customer and supplier data, SAP and Oracle systems and their application layer are not protected by traditional security solutions. In addition, these systems are very complex, often having been implemented with customizations that map to specific business processes as outlined by an organization, making them more difficult to secure.
“As the ERP cybersecurity market continues to mature, we are proud to have expanded our mission to transform the way that organizations approach not only their cybersecurity posture for SAP, but for Oracle ERP applications as well, whether running on premise or in a cloud environment,” continued Nunez. “We are set up for success in 2018, already executing against very ambitious goals to capture the huge opportunity we have in front of us."
Additional key milestones for Onapsis Inc. in 2017 include:
- Record YoY growth in Annual Recurring Revenue (ARR) and Bookings, for the fifth consecutive year
- Further expansion into marquee Fortune 2000 customers, including two Top-3 technology companies, and key expansion into global pharmaceutical, retail and automotive companies
- Record renewal rate of 90%+ with Onapsis Security Platform customers, including strong business expansion within the customer base
- Expanded the company to over 150+ employees worldwide, including significant growth across the Sales, Product and R&D Teams
- Expanded joint revenue and GTM campaigns through strategic alliances with the world's leading system integrators and audit & consulting firms
- Extended leadership team by appointing Ashish Larivee as Chief Product Officer
- Released the Onapsis Security Platform for Oracle E-Business Suite (EBS) applications to further extend into the Business-Critical Application Security market
- Architected the Onapsis Security Platform to be cloud-ready, supporting on premise, hybrid or private cloud environments and enabling organizations to perform secure digital transformations
- Released GDPR functionality for the Onapsis Security Platform to allow customers to easily meet upcoming compliance mandates
- Continued to keep customers updated with the most recent SAP vulnerability protection with bi-monthly product enhancements with the latest OSP version of 1.9.14
- Developed and expanded business partnerships with industry-leading companies such as Amazon Web Services, Deloitte, IBM, PwC, T-Systems and others
- Named one of the fastest growing technology companies in North America by Deloitte’s 2017 Technology Fast 500TM
- Recognized by SC Magazine as an “Industry Innovator” in Security Infrastructure
- Recognized as a Sample Vendor in the Gartner “Hype Cycle for Application Security, 2017”(1)
- Onapsis Security Platform received outstanding “First Look” review by SC Magazine
- Recognized as a Red Herring Top 100 Company in both North America and Global
- Invited to lecture at over 20 global conferences including, RSA Conference, Black Hat, Evanta CISO, SAP TechEd, SAP GRC, SAP Cybersecurity and numerous others
- Ranked #3 of 50 companies in Great Places to Work Survey
- Continued to develop the company's IP portfolio, filing several new patent applications
- Received national news coverage for securing critical vulnerabilities in SAP HANA2
- Worked with the SANS Institute to produce the first-ever standard mapping the SANS 20 Critical Controls to Oracle E-Business Suite applications
- Co-launched the first ever Ponemon study on Oracle E-Business Suite security
- Worked in conjunction with the Cloud Security Alliance and leading industry experts to form the ERP Security Working Group, the first research group focused on securing cloud implementations of business-critical applications
- Held five presentations at the first annual SAP Cybersecurity event in Las Vegas, NV
- Hosted the 3nd annual Onapsis Roadshow Series, which joined security practitioners with Onapsis experts to discuss the evolving trends in business-critical application cybersecurity, in five cities
(1) Gartner, “Hype Cycle for Application Security, 2017” Analyst(s): Ayal Tirosh, Published: 28 July 2017, ID: G00314199.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Onapsis cybersecurity solutions automate the monitoring and protection of your SAP and Oracle applications, keeping them compliant and safe from insider and outsider threats. As the proven market leader, global enterprises trust Onapsis to protect the essential information and processes that run their businesses.
Headquartered in Boston, MA, Onapsis serves over 200 customers including many of the Global 2000. Onapsis's solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, Deloitte, E&Y, IBM, KPMG and PwC.
Onapsis solutions include the Onapsis Security Platform™, which is the most widely-used SAP-certified cybersecurity solution on the market. Unlike generic security products, Onapsis's context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs.
These solutions are powered by the Onapsis Research Labs, who continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts at the Onapsis Research Labs were the first to lecture on SAP cyberattacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. Onapsis has been issued U.S. Patent No. 9,009,837 entitled “Automated Security Assessment of Business-Critical Systems and Applications,” which describes certain algorithms and capabilities behind the technology powering the Onapsis Security Platform™. This patented technology is well known, industry wide, and has gained Onapsis recognition on the Deloitte Technology Top 500, as a Red Herring North America Top 100 company and a SINET 16 Innovator.
Onapsis and Onapsis Research Labs are registered trademarks of Onapsis, Inc. All other company or product names may be the registered trademarks of their respective owners.