SAP & Oracle Security
commissum services encompass all aspects of enterprise application security, from initial requirements analysis, through design review, code security and implementation advice, to specialised security testing that is tailored specifically to the business application.
Large-scale enterprise applications such as SAP and Oracle are becoming standard for many organisations in the private and public sectors. As the backbone of financial, HR, supply chain, and customer relationship management, they provide the analytical functions and business information that is critical to running operations and remaining competitive.
These enterprise applications, in terms of cost of up-front investment and ongoing business continuity, are among the most critical of an organisation's corporate assets. However, from a security perspective, in many cases they are the weakest link.
A common perception is that security starts and ends with an application’s authorisation and authentication mechanisms. However, this is just scratching the surface of the security challenge in a large-scale deployment. Potential threats to integrity, availability and confidentiality are widespread. These threats reside at the infrastructure, database and application layers, in customisation, in the interfaces between systems, and in the files that exist on the file system.
These enterprise application issues are exacerbated by the following:
- A lack of consistent, formally-published security best practice.
- General lack of awareness of the potential issues.
- Scarcity of knowledge and experience in enterprise application security.
In this uncertain environment, our consultants will work with you, bringing to bear their years of experience in enterprise application security within the public, private and defence sectors, to help you address the risks that you face.
Approach to enterprise application assurance
commissum’s Enterprise Application Assurance Services encompass all aspects of security from initial requirements analysis, through design review, bespoke code security and implementation advice, to specialised security testing that is tailored specifically towards each particular application.
Depending upon your requirements, commissum can provide services addressing:
- Segregation of duties.
- Authorisation and access control.
- Auditing and monitoring.
- Infrastructure security assessment.
- Host OS hardening.
- Database security.
- Code review and development assurance.
- Application security testing.
- Training and mentoring.
Ideally, a client will engage the services of commissum’s specialists from the earliest phases of a project. It is significantly more cost-effective to design with best practice security in mind from the start. However, the knowledge and skills of the commissum team can be applied at all stages, particularly as independent assurance specialists forming part of the critical design review process.
Customer benefits of enterprise application assurance
commissum’s independent and objective advice provides clients with the following:
- A concentrated pool of security-focused resource with specialist enterprise application security skills.
- Objective, independent advice on enterprise application security and assurance.
- Guidance on best practice control measures and corrective action required to improve security deployment and integrity.
- Assurance that implementations are able to resist a range of attacks.
- Benchmarking of outsourced implementations against appropriate and relevant industry-accepted practice.
- Specialist skills and experience with enterprise application security in H.M. Government and the defence industry.
- Specific experience and knowledge of working with the public sector to address the security challenges of enterprise applications in shared services environments.
- Recommended hardened configurations for system components.
Get in touch with one of our security consultants today
- No obligation
- Expert advice
- Tailored solutions
"We engaged with commissum for the first time this year and found them highly professional and a pleasure to do business with. We were particularly pleased with the report provided which was of excellent quality, with an appropriate level of detail and clarity in its recommendations. I would happily refer others to commissum.”
Mr Billy K, IT Director, National Law Firm
Latest News
Alleged Chinese Government Hacking Department back in action
Allegedly the Chinese state sponsored cyber division named as Unit 61398 are back in action after a lull in their activities. This group that allegedly specialises in governmental and industrial espionage was very active and successful up until February this year. The targets of Unit 61398, also known as APT1, have ...Tue 21 May, 2013 //
Leading USA military contractor QinetiQ hacked and ransacked by Chinese hackers for three years
A new report from Bloomberg, the business information provider (www.bloomberg.com/news/2013-05-01/china-cyberspies-outwit-u-s-stealing-military-secrets.html) outlines how hackers from China stealthily infiltrated the computer systems of QinetiQ North America, a leading espionage and military contractor to the US government, and the US branch of the British defence technology company QinetiQ. A vast range of highly ...Wed 08 May, 2013 //
Suspected hacker arrested after “biggest-ever DDoS attack”
Police in Spain have arrested a Dutch national on suspicion of launching the largest-ever “Distributed Denial of Service” (DDoS) attack. Sven Olaf Kamphuis, 35, was arrested on April 25th near Barcelona, Spain. At the time, he was in possession of a specially-equipped van set up as a mobile computing and ...Tue 30 Apr, 2013 //
