Filling the Need For Non-Cloud ERP Managed Security Services

Pat Phelan
VP, Market Research
3 min read
Filling the Need For Non-Cloud ERP Managed Security Services

Where are the managed security services providers for non-cloud ERP?

It’s not difficult to locate a managed services provider (MSP) eager to pull you into the latest versions of Oracle’s and SAP’s cloud-based ERPs and business applications suites. But it’s a different situation entirely to try finding a managed security services provider (MSSP) capable of securing the non-cloud versions of this software and able to helping you move at your own pace toward future cloud-based and composable ERP solutions.

There are critical needs largely unfulfilled in an organization’s path from ERP-today to ERP-tomorrow. Non-cloud systems that Oracle and SAP are no longer willing to support – unless you’re willing to pay a hefty premiums – and more modern versions typically sit at the center of myriad customizations and integrations that would send most MSSPs running for the door. Few have the expertise, insight, or talented engineers needed to ensure that ERP doesn’t become a weak link in the enterprise security chain.

Securing a complex ERP environment can be difficult and time-consuming

“In most cases organizations spend months if not years customizing their SAP or Oracle implementations and also spend a significant amount of money with third party contractors to get the implementations done,” the TechTarget’s SearchERP has a blunter take: “The typical ERP environment is a soft target. It includes multiple components, including network hosts, web components, databases, thick clients and mobile apps. These complexities keep IT and information security (infosec) professionals on their toes year-round.”

Could Rimini Street be moving into the MSSP space?

This summer, Rimini Street served notice that it intended to help reduce those complexities and smooth the path from the realities of today to the promised futures of ERP. Its recently announced Rimini Protect™ offering is an innovative suite of security solutions providing “zero-day” proactive security protection for Oracle and SAP environments – including applications, middleware, and databases – faster than traditional, dated software vendor patching models.

That announcement prompted Enterprise Times to ask, “Is Rimini Street moving to be an MSSP?

“As database products age, so does support from the major vendors. Many offer support for a period of time or for a given number of releases,” author Ian Murphy points out. “The expectation is that most customers will update in that period of time.”

That’s a situation that many enterprises encounter as their vendors reduce or cut off support for older systems and applications that licensees believe can still provide years of dependable service. But without upgrades and patches, the code bases may become susceptible over time to unknown vulnerabilities as vendors neglect to apply timely fixes.

Software vendors prefer to focus on the future, often leaving loyal customers behind

“While the industry has been working hard to move to a modern cloud world, it has a long legacy tail,” Enterprise Times explains. “For many of those customers moving from those old on-premises versions of software is a huge problem. In many cases, it is not just a simple update to a new version. Whole sections of bespoke code need to be rewritten to make the change.”

A key component of Rimini Protect is Rimini Street Advanced Application and Middleware Security (AAMS), which protects against both known and unknown vulnerabilities using Java Runtime detection and remediation before attacks reach their intended target. This protection includes releases that are no longer fully supported by the vendor.

Unlike traditional vendor security patching, AAMS is extremely accurate and protects immediately without disrupting business operations and with minimal system performance impact. Security controls provide continuous monitoring and protection. With this solution, enterprises gain zero-day protection for applications and middleware.

While there are many MSSPs, few have the capabilities or interest to fulfill the needs of enterprises using older versions of Oracle and SAP ERPs. “It’s a very crowded market, and Rimini Street would have to spend significant amounts of money to gain a foothold and traction,” Enterprise Times asserts. But, it adds, “There is ample room for it to become an MSSP in the database, Oracle, SAP, and application space.”

The article notes that this would be an extension of what Rimini Street already provides its customers and “means it can ramp up its security services without impacting its existing business.” If you ask someone at Rimini Street, it simply means continuing to innovate in offering a better support experience.

You may also like: