Enterprise Resource Planning (ERP) Security Working Group
Download the Enterprise Resource Planning (ERP) Security Working Group Charter
CSA Enterprise Resource Planning (ERP) Security Working Group seeks to develop best practices to enable organizations that run their business on large ERP implementations, such as SAP or Oracle applications, to securely migrate to and operate in cloud environments. Every ERP deployment is something that is unique to each organization. In most cases organizations spend months if not years customizing their SAP or Oracle implementations and also spend a significant amount of money with third party contractors to get the implementations done. This makes standard security measures more difficult to implement due to the differences of each deployment. With the complexity of these large implementations, combined with the criticality of data and processes housed in these applications, it is imperative that industry best practices be established to provide companies with security guidelines when migrating to the cloud in order to protect the organization’s critical infrastructure.
Planned Deliverables for 2017/2018:
- State of ERP Security in the Cloud
- Whitepaper: Secure migration of SAP Applications to the Cloud
- Whitepaper: Secure migration of Oracle Applications to the Cloud
- Guidance for Cloud ERP SLAs
Scope and Responsibilities
Provide best practices for the safe and secure migration of complex ERP systems such as SAP and Oracle to the cloud. This includes best practices on defining SLAs with cloud service providers to understand who will be responsible for implementing security and providing reporting. Help organizations determine what security offerings are guaranteed by the cloud service provider they select to run these applications.
Enterprise Resource Planning (ERP) Security Working Group Leadership
Enterprise Resource Planning (ERP) Security Co-chairs
Charlie has over 16 years of experience in audit, risk and compliance arena and has held various technical and leadership positions in the Information Technology and Security field. He has expertise in SAP Security and GRC, ISO and SOX Risk Assessments, Developing Security Strategies and Roadmaps. He is sought out to speak on Security and GRC topics at various conferences sponsored by the Internal Audit Institute (IIA) and SAPinsider. Prior to joining IBM, Charlie was the Director of Enterprise Business Systems at American Water where he led the SAP Security and GRC implementation.
Kevin has more than 21 years of experience in security, risk compliance, business process controls, information technology controls design & implementation and assessments of policies and procedures, with specialization in compliance, application security and business process controls. Kevin currently leads Deloitte & Touche LLP’s Cyber Risk Application Security – SAP group and its associated alliance.
Kevin has led many projects including cyber assessments, cyber program development, security implementations, compliance reviews and streamlining, GRC implementations and full scale enterprise transformations.
Juan Pablo Perez-Etchegoyen
Juan Pablo leads the Research & Development teams that keeps Onapsis on the cutting-edge of the business-critical application security market. He is responsible for the design, research and development of Onapsis’ innovative software solutions, and helps manage the development of new products as well as the SAP cyber-security research that has garnered critical acclaim for the Onapsis Research Labs. He is regularly invited to speak and host trainings at global industry conferences including Blackhat, HackInTheBox, Troopers, and SAP TechEd/DCODE. Prior to joining Onapsis, Juan Pablo led many Information Security consultancy projects for Companies in Latin America, EE.UU. and Europe. His strongest experience is in the field of Penetration Testing, Web Application Testing, Vulnerabilities Research, Information Security Auditing’s and Standards.
Enterprise Resource Planning (ERP) Security Working Group Initiatives
Please contact Working Group Leadership for more information.
JOIN WORKING GROUP
Enterprise Resource Planning (ERP) Security Working Group Downloads
Description: The State of ERP Security in the Cloud briefly highlights some of the issues and challenges of migrating ERP solutions to the cloud. The document examines common security and privacy risks that organizations might incur during a transition to the cloud, as well as how organizations have mitigated these hazards.