BOSTON, MA – June 28, 2018 – Onapsis, the global experts in ERP and business-critical application cybersecurity and compliance, today released a case study published by leading analyst firm Enterprise Management Associates (EMA) outlining how a Fortune 500 manufacturer overcame the challenges to securing its most critical business application, SAP.

SAP systems hold the crown jewels of an organization and run core business processes, including ERP, CRM, SCM, finance management, human capital management and procurement, yet these applications are not fully protected by traditional security approaches. For example, patching vulnerabilities can be difficult given that some require a system be taken out of service—a costly proposition for some of the largest organizations. Further, due to the complexity and customization of the SAP application layer, insecure configurations often go unrecognized.

The case study, authored by EMA Research Director Paula Musich, delves into the efforts of an SAP security practitioner to bring greater awareness and in-depth discipline to securing his company’s SAP deployments, bridging the gap between traditional SAP security and information security teams.

Turning to the Onapsis Security Platform and Onapsis Research Labs, this SAP security professional was able to deliver significant business value throughout the organization at all levels:

  • Operationally: Identified previously unrecognized risks and reduce those risks by 60 percent within the first 12 months
  • Organizationally: Formed what is likely the first unified team to govern SAP vulnerability management and security
  • Strategically: Defined and empowered senior leadership to understand and manage their risk posture around the SAP crown jewels      

The case study also outlines six key recommendations for others to drive successful programs to ensure SAP applications are secure and compliant.

“I give [Onapsis] full credit for founding an entire industry and bringing much-needed attention to this space. They’re the first and they’ve been more forward-thinking than anyone else in the space. They have a knowledgebase dedicated to protecting SAP that no one else has. Onapsis is a great partner,” said the SAP security professional, who is now a Senior Manager for the Information Security Team.

Onapsis’s CEO, Mariano Nunez, commented, “Based on the criticality of the information and processes they support, as well as the increased threat landscape, securing enterprise resource planning (ERP) environments such as SAP has become a board level discussion and a top-5 initiative for many CISOs. We are fortunate to work with leading professionals and organizations as the one examined in this case study, who help the industry by sharing their best practices and enable peer organizations to protect their crown jewels as well.”
Further details can be found in the EMA Case Study on the Onapsis website.

About EMA
Founded in 1996, Enterprise Management Associates (EMA) is a leading IT industry analyst firm that provides deep insight across the full spectrum of IT and data management technologies. EMA analysts leverage a unique combination of practical experience, insight into industry best practices, and in-depth knowledge of current and planned vendor solutions to help EMA’s clients achieve their goals. Learn more about EMA research, analysis, and consulting services for enterprise line of business users, IT professionals, and IT vendors at or You can also follow EMA on Twitter, Facebook, or LinkedIn.

About Onapsis
Onapsis cybersecurity solutions automate the monitoring and protection of your SAP and Oracle ERP and business-critical applications, keeping them compliant and safe from insider and outsider threats. As the proven market leader, global enterprises trust Onapsis to protect the essential information and processes that run their businesses.

Headquartered in Boston, MA, Onapsis serves over 200 customers including many of the Global 2000. Onapsis's solutions are also the de-facto standard for leading consulting and audit firms such as Deloitte, IBM, Infosys and PwC.
Onapsis solutions include the Onapsis Security Platform™, which is the most widely-used SAP-certified cybersecurity solution on the market. Unlike generic security products, Onapsis's context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs.

These solutions are powered by the Onapsis Research Labs, who continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts at the Onapsis Research Labs were the first to lecture on SAP cyberattacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. This patented technology is well known, industry wide, and has gained Onapsis recognition on the Deloitte Technology Fast-500, as a Red Herring North America Top 100 company and a SINET 16 Innovator.

For more information, please visit, or connect with us on Twitter, Google+, or LinkedIn.

Onapsis and Onapsis Research Labs are registered trademarks of Onapsis, Inc. All other company or product names may be the registered trademarks of their respective owners.