Oracle Magazine, July/August 2018
Q Why was Onapsis founded What problem were you trying to solve A We launched the company in 2009 after we recognized an industry wide problem organizations were investing heavily in infrastructure security but not in securing the technology layer to ensure their missioncritical applications were properly protected Onapsis was created to work closely with Oracle and SAP customers to provide a security platform to help organizations protect their applications from cybersecurity attacks Q What are some common myths regarding Oracle E Business Suite security and why are they important for organizations to be aware of A Many organizations rely on segregation of duties governance risk and compliance GRC or database security approaches to protect their Oracle EBS implementations but they dont deal with the technology components and security in those applications Companies need to purposefully analyze how they are implementing those applications how they are maintaining them and how they are securing the technology layer They need to do more Many companies believe that when they upgrade to the latest version of Oracle EBS it will improve their security posture Thats true but many companies upgrade only once a year or every other year so its not a bulletproof approach You still need to manage risks install patches review your security approach and reduce the attack surface The new version of the Onapsis Security Platform allows organizations to bridge a critical gap in their current processes and the ways they secure the applications they rely on to run their businesses Q Tell us about the vulnerabilities that exist within Oracle E Business Suite A Our research team the Onapsis Research Labs has found over 200 vulnerabilities in Oracle EBS over the last two years Oracle EBS is a complex product with multiple protocols components and scenarios Each component could have its own vulnerabilities and those vulnerabilities need to be holistically managed That means patching implementing security configurations securing the interfaces managing critical users and authorizations performing an attack surface reduction and more Due to their potential exposure to untrusted networks webbased components should be dealt with immediately followed by components built on other technological layers Business data and supporting business processes are the most critical assets in many organizations and they must be protected An Oracle EBS outage is considered by some organizations as a catastrophic event potentially putting them out of business Based on the existing threat landscape its no longer enough to deliver basic security Organizations need to provide holistic security to secure the most critical assets in the organization We work with Oracle to deliver a platform that provides security against cybersecurity attacks Onapsis and Oracle both want Oracle products to be secure We work with Oracle to deliver a platform that provides security against cybersecurity attacks Onapsis and Oracle both want Oracle products to be secure Juan Pablo Perez Etchegoyen Chief Technology Officer Onapsis SPONSORED CONTENT
You must have JavaScript enabled to view digital editions.