SAP SE this week publicly disclosed that seven of its cloud products “do not meet one or several contractually agreed or statutory IT security standards at present,” adding that the ERP software giant is actively taking steps to remediate these issues.
SAP identified the problematic products as SAP Success Factors, SAP Concur, SAP/CallidusCloud Commissions, SAP/Callidus Cloud CPQ, SAP C4C/Sales Cloud, SAP Cloud Platform and SAP Analytics Cloud. The first four solutions on the list were obtained via acquisitions.
The company says the disclosure was not prompted by a security incident, and that it is aiming to complete the bulk of the remediation by the second quarter of 2020.
“As SAP continues with its review, it does not believe that any customer data has been compromised as a result of these issues,” said the company in an investor relations statement. “In an effort to ensure that the affected products meet relevant terms and conditions and in addition to technical remediation, SAP has decided to update its security-related terms and conditions. These remain in line with market peers.”
SAP also said that it will contact and provide support to affected users, which comprise roughly nine percent of the company’s 440,000 customers.
Application cybersecurity company Onapsis, whose specializations include security for SAP solutions, also released a statement. “Onapsis is aware of the news regarding cybersecurity issues with some of SAP’s cloud solution offerings and we are working with our customers to ensure they are protected,” said Juan Perez-Etchegoyen, CTO at Onapsis. “As SAP’s leading partner for cybersecurity, we believe this proactive communication demonstrates a strong commitment from SAP to their customers, which will ensure they have the ability to make sound cybersecurity and compliance decisions to protect their mission-critical business applications.”