CISO challenges: Addressing cybersecurity blind spots

Cybersecurity blind spots: Applications

Most enterprises rely on complex legacy applications for mission-critical operations. And therein lies the problem. “We had one of our clients tell us ‘A layer in our SAP system was not being taken care of that included managing roles, profiles, authorizations and permissions tied to business functions’,” said Juan Perez-Etchegoyen, CTO at Onapsis, a cybersecurity firm based in Boston that focuses on SAP software. “SAP is so complex that the landscape is hard to control. The security of business-critical apps tends to be outdated and misconfigured. It often takes 18 months for SAP to fix the vulnerabilities uncovered in the market.”

Members of the CISO panel at RSA Conference also recommended that when it comes to application security, make sure interactions are taking place from within the apps and not through a service behind the scenes. “Structure your systems based on a need-to-know

... read more at: