Specialist
Former VP at Onapsis Inc
Agenda
- ERP (enterprise resource planning) security industry overview, including the influence of cloud transitions
- Major category participants, including Appsian, ERPScan and Onapsis, as well as more established cybersecurity software companies such as Rapid7 (NASDAQ: RPD), Qualys (NASDAQ: QLYS) and Tenable (NASDAQ: TENB)
- 1-3-year industry outlook, noting opportunities and risks and highlighting potential M&A
Questions
1.
Is the ERP [enterprise resource planning] security industry as simple as just cybersecurity for ERP software or is there more to it? How would you characterise this segment?
2.
You mentioned that ERP systems can be compromised in a number of different ways. Was there an unmet need to address ERP specifically because of this or was it a factor of different vendors addressing different aspects of what ERP was in or around, so there were conflicts or things that were missed? What factors led to this category’s emergence? Do you expect more focus on other application categories, which seems to be happening?
3.
Where are an enterprise’s vulnerabilities if it doesn’t have a dedicated ERP security solution or vendor in place? These companies clearly have cybersecurity, firewalls and possibly even safeguards on the code underlying the ERP systems and customisations you highlighted. What blind spots do ERP security solutions address that other vendors and solutions don’t or not as comprehensively? Is it that these areas are addressed by different vendors and solutions, meaning there isn’t communication and it’s complicated to identify and remediate these issues?
4.
How does companies transitioning to the cloud and engaging in digital transformation efforts influence demand for ERP security solutions? You mentioned the challenges faced by companies in protecting and testing their systems. Do companies want to accelerate moving to the cloud and digital transformation, due to the difficulties of maintaining more on-prem legacy systems and it being more secure? That’s counter-intuitive to an extent, as I believe people historically thought that on-prem and legacy systems should be more protected than in the cloud.
5.
You mentioned ERP solutions specialising or broadening to other areas, such as HR, HCM [human capital management] and SCM [supply chain management]. This seems to have already started, but I suspect that this category is called ERP security because it’s what players started with and it’s likely still the most significant or important category across software solutions. How do you think this will evolve? Do you expect further penetration and adoption in other related software areas?
6.
How would you assess ERP security’s market opportunity? People understand that ERP remains one of the biggest software categories, generating tens of billions of dollars annually. I’ve read that the growth has perhaps decreased to mid-single digits, but that suggests that there is a massive installed base, there’s still growth there and my sense is ERP security penetration is fairly de minimis. Do you think it could become as large as other cybersecurity categories? Do most enterprises ultimately opt for the more traditional firewall and network security and, increasingly, application and cloud security solutions, rather than something specific? How do you think the market opportunity will evolve and grow over the next 1-3 years?
7.
Your comments suggest that the major ERP security vendors don’t offer custom code transformation and security. Do you think any will have the capability to offer this in the next 1-3 years or will a player more focused on code and related security likely seize this substantial market opportunity? You alluded to Veracode.
8.
How would you say the market shares of companies such as Onapsis, Appsian and ERPScan stack up? How are these companies similar and different?
9.
You said that Onapsis is by far the category leader, based on your time at the company, followed by Appsian and ERPScan. Would you say that Onapsis’s market share is more than half, with the other two players rounding it out? Is it a roughly 50/25/25 situation?
10.
Do you think that vulnerability management companies such as Rapid7, Qualys or Tenable could make a major push with ERP security? You said that Rapid7 seems to have a solution set focused on the category.
Could any of these companies function as a consolidator in the category and buy Onapsis, Appsian or ERPScan?
11.
Can you discuss the SI [systems integration] players and their importance in ERP security? You talked about them as potential acquirers. I believe they’re considered to be kingmakers with legacy on-prem software and related cloud transitions and digital transformation efforts, especially in smaller emerging categories.
12.
What’s your 1-3-year outlook for the ERP security category and the key vendors?
Gain access to Premium Content
Submit your details to access up to 5 Forum Transcripts or to request a complimentary one week trial.
The information, material and content contained in this transcript (“Content”) is for information purposes only and does not constitute advice of any type or a trade recommendation and should not form the basis of any investment decision.This transcript has been edited by Third Bridge for ease of reading. Third Bridge Group Limited and its affiliates (together “Third Bridge”) make no representation and accept no liability for the Contentor for any errors, omissions or inaccuracies in respect of it. The views of the specialist expressed in the Content are those of the specialist and they are not endorsed by, nor do they represent the opinion of, Third Bridge. Third Bridge reserves all copyright, intellectual and other property rights in the Content. Any modification, reformatting, copying, displaying, distributing, transmitting, publishing, licensing, creating derivative works from, transferring or selling any Content is strictly prohibited