July 30, 2018

July 30, 2018 | Phil Etherton | Director, Security Services

Another news piece has surfaced, that highlights the ever-rising threat of cybersecurity attacks, with companies and government agencies exposed to data breaches by hackers. Unlike other articles on the topic, this one deals specifically with risks posed to thousands of unpatched business systems from software publishers SAP and Oracle.

As the leading third-party support and managed services provider for these SAP and Oracle business systems, Spinnaker Support has long been publicizing shortcomings of the one-size fits all, often late to the rescue, and intrusive security patches provided by Oracle and SAP. Their security shortcomings are why we’ve launched next-generation security and vulnerability protection that out-delivers the big ERP vendors in critical ways. We deliver this as part of our standard third-party support at no additional charge to our customers.

Eric Auchard authored, Study Warns of Rising Hacker Threats to SAP, Oracle Business Software which was recently published through Reuters on July 25, 2018. The study, conducted by security firms Digital Shadows and Onapsis, discusses how vulnerabilities related to ERP applications can be exploited to access sensitive information. The study infers that those at higher risk have failed to install patches or take other security measures. In their latest research, Onapsis and online monitoring firm Digital Shadows identified some 17,000 SAP and Oracle software installations exposed to the internet at more than 3,000 top companies, government agencies, and universities.

From our perspective, security patches can be helpful but don’t go far enough. Spinnaker Support integrates security with ERP application experts, who follow certified ISO 27001:2013 processes, and leverage modern threat and vulnerability tools that proactively monitor for threats. We are the only provider of third-party SAP and Oracle support, including the big ERP software vendors, to deliver a comprehensive, outside-in, full stack solution – spanning enterprise applications, application framework, development platforms, databases, middleware, server operating systems, and network components.

Implementing vendor patches can be risky for an IT team, which is exactly why they are infrequently installed. There is no real transparency as to what these universal patches include, impact, or correct, not to mention break. Spinnaker Support’s team of security experts will advise on patch criticality, and often find methods outside the code to reconfigure and block such security breaches. Oracle and SAP historically have had their share of ‘missing the mark’ on corrective actions.  The internet is full of recent examples of where the vendor patching did not fix the common vulnerabilities and exposures (CVE) on the first release – hence giving customers a false sense of security. Patching isn’t the solution; customers must implement a more comprehensive security strategy with Intrusion Detection Tools, which sit alongside your network monitoring traffic and report on suspicious activity.

You can read more details regarding our security offering at Spinnaker Support Security and Vulnerability Protection.

More and more enterprises that run SAP and Oracle are switching to Spinnaker Support for higher-touch, more responsive, and more passionate support at a fraction of support fees paid to the software publishers. We elevate their experience with SAP’s and Oracle’s powerful solutions, ensuring a higher level of security protection. Because – with great support, people, processes, and tools – business applications can drive the business forward faster.