Written by: Sarwan Rahu, Journalist, AOPG.
If a predominant number of IT professionals – 60% as per a Ponemon Institute’s research – acknowledge the detrimental consequences of the vulnerabilities prevalent in business-critical applications, why aren’t organisations doing more to fix the problem? Why are business-critical systems, which contain valuable business data, susceptible to internal and external threats in the first place? Why is there a strong need to secure robust vulnerability management and monitoring mechanism? Most significantly, what is the role of Onapsis, a leading software brand for the protection of mission-critical applications, in helping businesses identify and knock out existing or imminent vulnerabilities in critical applications?
Those were the core points of discussion in the virtual coffee session with Onapsis held recently. Joining from the United States, David D’ Aprile, Onapsis’ Vice President of Product Marketing, unfolded the session with the milestones achieved by his company. Founded in 2009, Onapsis rose to the ranks at a magnificent pace, winning the loyalty of giants like Sony, Deloitte, the United States Army, and numerous other well-reputed organisations. Later, it went on to acquire other entities within and outside the U.S and partnered with big names like SAP.
Regarding the detection of vulnerabilities in the business-critical applications, D’ Aprile pointed out that Onapsis, as of now, has successfully discovered over 800 vulnerabilities, reported 60 per cent of uncracked vulnerabilities existing in the database of SAP HANA and protected 20 per cent of the Fortune 100s business-critical applications.
The vital component of the virtual media briefing was to understand why businesses need to augment their vulnerability management capabilities. There are numerous reasons for that, according to D’ Aprile. The more companies digitise their operations, the more vulnerable their business-critical applications – or crown jewels, as he called them – become.
In the past few years, the digital transformation and the rapid rise of remote working have exposed business-critical systems to greater risk. Cloud migration, on the other hand, has led to further exploitation of business operations at the hands of cybercriminals, especially if they are conducted in a public cloud environment. In addition, the bad actors have become more advanced and innovative in carrying out malicious operations. The threat actors are targeting business-critical applications, and that too, with increasing momentum.
Talking about the ‘defence-in-depth strategy,’ D’ Aprile shared that many organisations have fortified their business-critical applications but vulnerability can still penetrate and be manipulated by the bad actors, as such, conventional defence strategies usually neglect the protection of the critical application layer.
All these factors have resulted in an immense burden on the senior officials of the organisations. Since most Chief Information Officers (CIOs) and other officials usually lack expertise in the vulnerability management domain, they are less likely to determine the intensity of the risk posed to their business-critical operations. The complexities involved in the risk management procedures are additional factors why business leadership officials misjudge the dangers posed by vulnerabilities.
Finally, D’ Aprile shed some light on the significance of the Onapsis platform. Powered by intelligence insights of Onapsis Research Labs, the Onapsis Platform is fundamentally a security suite for business-critical applications. Onapsis Assess provides systematic, intense, and focused vulnerability management services for business-critical applications, including Oracle and SAP. Profound visibility and automated assessments are a couple of potential features of Onapsis Assess. The other elements of the Onapsis Platform include:
- Defend – a threat monitoring mechanism.
- Control – anti-vulnerability code fixer.
- Comply – landscaping and regulatory tool which provides the added features to keep cybercriminals and threat actors at bay.
Recently appointed Vice President of Onapsis (Asia Pacific), Simon Naylor, who served multiple organisations in the Asia Pacific for over 30 years, was also present in the virtual session. Answering a question regarding the presence of Onapsis in the ASEAN region, Simon said, ”We recently opened our offices in Singapore as we are new in this part of the world, and we look forward to reaching the business organisations and assisting them in protecting their business-critical systems.”
As far as the question about the lack of practical and concrete steps to counter vulnerabilities is concerned, D’ Aprile asserted that there is a mismatch between the budget needed and the money spent on dealing with vulnerabilities in the business-critical applications. In simple words, organisations are more concerned about the other aspects of businesses, such as sales, marketing, and digital transformation. On a positive note, however, with every passing day, he said, organisations are realising the importance of vulnerability management mechanisms.
