Network Security, Vulnerability Management

SAP says 7 cloud products not currently up to security standards


SAP SE this week publicly disclosed that seven of its cloud products "do not meet one or several contractually agreed or statutory IT security standards at present," adding that the ERP software giant is actively taking steps to remediate these issues.

SAP identified the problematic products as SAP Success Factors, SAP Concur, SAP/CallidusCloud Commissions, SAP/Callidus Cloud CPQ, SAP C4C/Sales Cloud, SAP Cloud Platform and SAP Analytics Cloud. The first four solutions on the list were obtained via acquisitions.

The company says the disclosure was not prompted by a security incident, and that it is aiming to complete the bulk of the remediation by the second quarter of 2020.

"As SAP continues with its review, it does not believe that any customer data has been compromised as a result of these issues," said the company in an investor relations statement. "In an effort to ensure that the affected products meet relevant terms and conditions and in addition to technical remediation, SAP has decided to update its security-related terms and conditions. These remain in line with market peers."

SAP also said that it will contact and provide support to affected users, which comprise roughly nine percent of the company's 440,000 customers.

Application cybersecurity company Onapsis, whose specializations include security for SAP solutions, also released a statement. "Onapsis is aware of the news regarding cybersecurity issues with some of SAP's cloud solution offerings and we are working with our customers to ensure they are protected," said Juan Perez-Etchegoyen, CTO at Onapsis. "As SAP's leading partner for cybersecurity, we believe this proactive communication demonstrates a strong commitment from SAP to their customers, which will ensure they have the ability to make sound cybersecurity and compliance decisions to protect their mission-critical business applications."

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.