Onapsis and Deloitte have announced a new strategic partnership that brings the Onapsis Platform for securing SAP and Deloitte’s SAP cyber risk management capabilities together. They are targeting shared clients who already use SAP S/4HANA Cloud, or leveraging RISE with SAP and Cloud ERP digital transformations.
Mariano Nunez, CEO and co-founder at Onapsis, said, “We look forward to offering Deloitte and Onapsis’ shared clients a path to adopting SAP’s latest enhanced capabilities such as RISE with SAP and SAP S/4HANA Cloud securely by design.
“By helping our clients safeguard their critical SAP systems, we can also help them continue to prioritize their cybersecurity and regulatory compliance programs while being operationally efficient.”
Two companies, three solutions
At the heart of this announcement are three solutions that the two companies have jointly built. Customers can choose any combination of these, but the strength of the alliance comes when they adopt all three.
- Vulnerability Management (VM): This is built on Deloitte’s VM offering for SAP. It is now integrated with the Onapsis Assess platform. It will deliver a secure-by-design framework for SAP implementations backed by cyber assessment and other tools. Customers start with a secure SAP environment allowing them to reduce the cost of remediating vulnerabiities.
- Secure Software Development: This solution combines Deloitte’s Secure Software Development and DevSecOps offering with the Onapsis Assess and Onapsis Control platforms. It supports clients’ SAP development processes, allowing them to incorporate security, compliance, and quality checks. The solution also delivers continuous code development, integration, and deployment. Once deployed, solutions are continuously monitored.
- Threat Detection & Monitoring: The solutions brought together here are Deloitte’s Threat Detection & Monitoring offering and the Onapsis Defend platform. It will take advantage of Deloitte’s SAP-specific library of security use cases and research from Onapsis Research Labs. Security teams get visibility and context to quickly respond to threats against their ERP applications. It also integrates into existing security operations centre solutions.
According to Kevin Heckel, Deloitte Risk & Financial Advisory application security solution leader and managing director, Deloitte & Touche LLP, “By incorporating vulnerability management and secure coding as standard services, we offer our clients services and solutions that can help them mitigate cybersecurity threats and safeguard their digital assets—while utilizing broad SAP security approaches.
“Together, Deloitte and Onapsis can help our clients achieve their ERP transformation goals in a secure and resilient manner.”
Enterprise Times: What does this mean?
Both Onapsis and Deloitte have established practices delivering security solutions for SAP products. Bringing them together makes perfect sense and gives customers the best of both vendors. What is interesting is that this is an alliance rather than an acquisition by Deloitte. It will be interesting to see if this leads to greater integration at a later date.
Onapsis has regularly published studies that show how attackers continue to target SAP deployments. Constant scanning for known vulnerabilities is coupled with the speed with which proof-of-concept code is developed.
Deloitte, has built its cybersecurity practice across a wide range of industries. Its experience of working with SOCs and development teams gives this a broad appeal to customers. It’s experience of working with the boardroom will also help gain adoption of these solutions.
