Item: Onapsis
Rating: 9
Author: Jineshwar Panchal

Use Cases and Deployment Scope

Onapsis helps reduce regulatory compliance issues via an automated continuous compliance process for the IT controls related to regulations such as Sarbanes-Oxley (SOX), GDPR, PCI-DSS and others.

Eliminating this manual process improves the accuracy of results and frees up valuable resources to focus on other projects. We specifically are implementing the Onapsis Security Suite to continuously monitor, and alert us on any issues on the SAP systems.

Implementing the Onapsis Security Suite also eliminates rework on the year-end and month-end audits and helps in making the process faster, efficient and accurate, and in case there are violations in the compliances, Onapsis notifies the team via email regarding it.

Pros and Cons

Implement continuous compliance
Gain efficiencies
Reduced risk of non-compliance
Define specific audit policies
More accurate audits

Multiple UIs
No proper customization of UI log-off
Tedious setup of Control component
No proper error messages received

Return on Investment

Helps in automating the regulatory compliances
Increases productivity by freeing resources in the firm
Provides better protection for sensitive information
Tedious to implement
Time difference between the ERP systems and Onapsis Appliances may cause an issue
Difficult to troubleshoot as error messages are not clear

Alternatives Considered

Micro Focus Fortify Static Code Analyzer, SAP Enterprise Portal and PowerConnect for Splunk

There are other tools which we have compared with Onapsis,

SAP ETD
SAP CVA
SecurityBridge

These tools along with the highlighted ones in the above list do not cover all components of Onapsis and as far as we have seen, there is no tool providing the same competencies. It provides good insights, and is constantly updating. On top of that Onapsis Research Labs constantly contributes towards SAP Patch Tuesday regarding multiple "Hot News" vulnerabilities.

Key Insights

Do you think Onapsis delivers good value for the price?

Yes

Are you happy with Onapsis's feature set?

Yes

Did Onapsis live up to sales and marketing promises?

Yes

Did implementation of Onapsis go as expected?

Would you buy Onapsis again?

Yes

Other Software Used

SAP Access Control, SAP HANA, SAP HANA Cloud

Likelihood to Recommend

Onapsis is divided into 4 major components,

Assess
Comply
Defend
Control

In assess, it does a whitebox and blackbox testing of the ERP systems that have been added to the Onapsis console. It highlights relevant application issues and automates the process, also provides the solutions to implement the fix.

In comply, it provides a governance on the various regulatory compliances which the firm has to follow, as well as provides a firm grip to the audit and ERP admin team.

In control, it enables a workflow of 15 pre-defined parameter values within the SAP system and helps monitor, and track the changes made to those parameters. The capabilities are to either block, or request for an approval for changes made to those parameters in addition to just monitoring them.

In defend, it goes through the SAP logs; and compares it with a pre-defined ruleset to alert the end-users via email or SIEM tool or both.

Onapsis - Continually Protecting the Intelligent Enterprise

Overall Satisfaction with Onapsis