Application security, governance and risk management, next-generation technologies and secure development
Agreement will help customers protect users and data in ERP applications from SAP and Oracle
Michael Novison (miguelnovinson) •
May 20, 2022
Pathlock has merged with Appsian to form a 500-person giant that protects users and data in enterprise resource planning applications from SAP and Oracle.
Bringing together Pathlock, Appsian and Security Weaver will allow the company to grab a larger share of the $110 billion market focused on compliance testing for commercial apps, according to CEO Piyush Pandey. Companies trust ERP applications for things like human resources, finance, supply chain management, and business analytics and want to make it easy to protect all the critical information it contains.
“We want our customers to comprehensively manage risk across different applications with a single tool, which not only helps automate the process, but also helps with testing,” Pandey tells Information Security Media Group. “We want to combine these tools into one platform so people can get a comprehensive view of risk.”
Growth capital firm Vertica Capital Partners combined Pathlock, Appsian and Security Weaver and adopted the Pathlock name for positioning and branding purposes even though Appsian was the larger company. Pandey was the CEO of Appsian and had been working for over a year to build a platform that could provide security, compliance, governance, and automation around SAP and Oracle (see: Attackers target unpatched SAP applications).
As part of the transaction, Pathlock also raised $200 million from Vertica to expand its data security and application governance capabilities. Pandey says the combined company will continue to invest in and support its existing product portfolio while creating an integrated platform that will have a cloud component and a better user interface.
A centralized view of ERP risk
By the end of this year, Pandey says, customers will be able to manage the risk of different ERP applications from a single instance, regardless of whether the instance is on-premises or in the cloud or involves SAP or Oracle. Once the integration is complete, she says, customers will be able to purchase the access control, security control compliance, and vulnerability management features, either together or separately.
Pathlock’s access control capabilities run the gamut from segregation of duties and provisioning and deprovisioning to role design and privileged access management, according to Pandey. And enforcement of security control and visibility make it possible to test, verify and provision in real time and stop transactions when they violate company policy, he says.
Bringing the capabilities of Pathlock, Appsian, and Security Weaver to a single platform will require some development work with API calls so customers can choose between on-premises and cloud-based versions of the products. Relying on APIs for integration means Pathlock can forego rebuilding anything and instead create procedures and steps to configure and reuse your existing tools.
“It’s about bringing things together,” says Pandey. “We have five different doors and five different rooms, and we’ll put the right door in the right place so things can go.”
Appsian traditionally sold to more than 300 data security clients with an emphasis on HR department support and the Oracle platform, while Pathlock excelled at protecting financial services clients on SAP’s ERP platform, according to Pandey. . Meanwhile, Security Weaver exclusively supported SAP.
Security needs around SAP tend to be most acute in the manufacturing, healthcare, higher education, and government spaces, while Oracle’s ERP offering tends to be more popular with large, distributed organizations in industries such as healthcare. , higher education, and state and federal services. agencies, according to Pandey.
The need for scale
Customers adopting Pathlock typically aren’t using it to replace a direct competitor and, in most cases, have relied on consultants or attempted on their own to automate the manual processes associated with compliance and auditing. Pathlock’s portfolio overlaps with SecurityBridge for SAP security in Europe, as well as SailPoint and Microsoft for access governance.
The combined organization currently relies on North America for 60% of its revenue, Europe for 30% and other regions such as Asia, Australia and Latin America for the remaining 10% of revenue, according to Pandey. Much of Pathlock’s growth outside of North America and Western Europe has been opportunistic, and Pandey says the company wants to stay focused on the world’s biggest markets.
Pandey hopes the mega merger will streamline automation and deliver tangible benefits to lines of business outside of CISOs, including human resources, finance and controller. Pathlock has 1,200 customers today, and Pandey would like the company to quadruple or quintuple its revenues over the next half decade by cross-selling existing customers or gaining additional large customers globally.
“No one has provided this accurate and necessary risk management, compliance and automation tool to business owners,” says Pandey. “This is not just a solution for CISOs, but it gives business owners a way to see how they’re going to protect everything.”