Commissum

Enterprise Application Assurance


SAP & Oracle Security

Commissum services encompass all aspects of enterprise application security, from initial requirements analysis, through design review, code security and implementation advice, to specialised security testing that is tailored specifically to the business application.

Large-scale enterprise applications such as SAP and Oracle are becoming standard for many organisations in the private and public sectors. As the backbone of financial, HR, supply chain, and customer relationship management, they provide the analytical functions and business information that is critical to running operations and remaining competitive.

These enterprise applications, in terms of cost of up-front investment and ongoing business continuity, are among the most critical of an organisation’s corporate assets. However, from a security perspective, in many cases they are the weakest link.

A common perception is that security starts and ends with an application’s authorisation and authentication mechanisms. However, this is just scratching the surface of the security challenge in a large-scale deployment. Potential threats to integrity, availability and confidentiality are widespread. These threats reside at the infrastructure, database and application layers, in customisation, in the interfaces between systems, and in the files that exist on the file system.

These enterprise application issues are exacerbated by the following:

  • A lack of consistent, formally-published security best practice
  • General lack of awareness of the potential issues
  • Scarcity of knowledge and experience in enterprise application security

In this uncertain environment, our consultants will work with you, bringing to bear their years of experience in enterprise application security within the public, private and defence sectors, to help you address the risks that you face.

Approach to Enterprise Application Assurance

Commissum’s Enterprise Application Assurance Services encompass all aspects of security from initial requirements analysis, through design review, bespoke code security and implementation advice, to specialised security testing that is tailored specifically towards each particular application.

Depending upon your requirements, we can provide services addressing:

  • Segregation of duties
  • Authorisation and access control
  • Auditing and monitoring
  • Infrastructure security assessment
  • Host OS hardening
  • Database security
  • Code review and development assurance
  • Application security testing
  • Training and mentoring

Ideally, a client will engage the services of Commissum’s specialists from the earliest phases of a project. It is significantly more cost-effective to design with best practice security in mind from the start. However, the knowledge and skills of our team can be applied at all stages, particularly as independent assurance specialists forming part of the critical design review process.

Customer Benefits of Enterprise Application Assurance

Commissum’s independent and objective advice provides clients with the following:

  • A concentrated pool of security-focused resource with specialist enterprise application security skills
  • Objective, independent advice on enterprise application security and assurance
  • Guidance on best practice control measures and corrective action required to improve security deployment and integrity
  • Assurance that implementations are able to resist a range of attacks
  • Benchmarking of outsourced implementations against appropriate and relevant industry-accepted practice
  • Specialist skills and experience with enterprise application security in H.M. Government and the defence industry
  • Specific experience and knowledge of working with the public sector to address the security challenges of enterprise applications in shared services environments
  • Recommended hardened configurations for system components