Onapsis and CSA establish ERP Security Working Group

SAP and Oracle security experts Onapsis have partnered with the Cloud Security Alliance (CSA) to establish the ERP Security Working Group.

The initiative, which will be led by CISOs and experts from leading technology companies such as IBM and Deloitte, will develop guidelines and best practices security for security for large-scale cloud ERP deployments.

These will focus on how organizations can best structure service level agreements with cloud service providers to understand division of responsibility for system security.

Business-critical ERP applications are a tempting target for hackers due to sensitive data they contain, and large companies can be unaware of the risks associated with this, according to Onapsis CEO Mariano Nunez.

He said “ERP is the next wave of application security and has been a blind spot for many Fortune 500 organizations who are looking for guidance and best practices as they make major decisions about moving their business critical applications to the cloud.

Guide: five common cloud ERP mistakes, and how to avoid them

“As a lead research pioneer in this emerging space, we are excited to co-lead this initiative with CSA to bring together the ecosystem necessary to accelerate and ease adoption of ERP business-critical applications in the cloud.”

Jim Reavis, CSA CEO, said “Having security standards in place is an important component for any cloud security ecosystem, and is necessary in order to accelerate the adoption of critical business applications to the cloud.

“We’re looking forward to collaborating with some of the most well-respected and knowledgeable security professionals to set the benchmark and create a win for vendors, partners and users.”

Enterprises struggle specifically with the cyber security risks of moving to the cloud and fail to appreciate that this requires a different approach to security for on-premise systems, according to technology specialists.

Charlie Singh, associate partner for security services at IBM said “Enterprises and governments are struggling with the challenge of how to manage their cyber risks as they move their business processes and data to the cloud. This initiative will enable organizations to migrate securely and provide mandates for continued security.”

“It is not a simple ‘lift and shift’ of existing approaches and controls, moving these applications to the cloud requires an entirely new approach,” added Adrian Lane, CTO of Securosis.