Cloud-based ERP—Helping to Solve the ERP Security Puzzle

As companies invest in more technology, the risk of cybersecurity breaches increases. Businesses must not only protect more data, but also secure and protect it in more places to give workers the anytime, anywhere access they need to get their jobs done.

Balancing this need for business innovation with the need to safeguard company, employee, and customer data is difficult even for large corporations with dedicated security operations centers.  If you’re a small or medium business (SMB)—this challenge can be overwhelming.

While choosing cloud-based applications may help your business adopt innovation faster, you may worry about placing business-critical applications, such as enterprise resource planning (ERP), in the cloud. However, the reality is that leading cloud service providers can often deliver security capabilities and expertise far beyond those that most SMBs can achieve with their limited in-house resources.

SMB Preference for Cloud ERP is Rising

Whether SMBs are looking to deploy their first ERP solution or considering replacing their existing solution with a new one, SMB Group research shows that they are increasingly likely to consider cloud-based ERP solutions. While cloud adoption of ERPs has lagged other functional areas, it is starting to catch up. As businesses get more comfortable with the cloud model and its benefits in other areas—such as faster deployment times, shorter learning curves, and a “single source of truth” database—consideration of the cloud model is rising in the ERP space.

Savvy decision-makers are also realizing cloud-based ERP vendors can often equip their solutions with sophisticated security safeguards that they would be hard-pressed to match in an on-premises deployment. Because cloud ERP vendors develop, run, and manage applications for thousands or even tens of thousands of customers, they must build sophisticated security into their development and release processes, and constantly monitor, scan, and mitigate against common vulnerabilities and potential intrusions.

Shared Security Responsibility in Cloud-based ERP Solutions

But the scope of security coverage differs with different types of cloud and “as-a-service” providers, and models vary considerably. If there is more than one provider delivering different layers of the cloud solution, the customer must understand who is responsible for different aspects of security.

For instance, customers that “rent” cloud-based infrastructure from an IaaS provider will continue to shoulder the bulk of the security burden. The customer will need to implement an identity and access management system, install security patches as soon as they become available, and perform all other security functions associated directly with the application itself.

By comparison, well architected and managed SaaS providers often provide built-in solutions for everything from data encryption to user authentication and access, frequently upgrade their security infrastructure, regularly install patches, and perform other day-to-day security tasks.

But there are nuances here as well. Some SaaS providers use their own infrastructure to run their applications, while others deploy their solutions on third-party cloud infrastructure, such as that provided by Amazon Web Services (AWS) and others.

And, while cloud ERP providers can offload some of the security responsibilities, most customers will also need to implement additional security controls beyond what their providers offer.

SMB Group’s new report How Cloud-Based ERP Can Help Businesses Balance Innovation Goals and Security Requirements (sponsored by Infor), can help you understand the shared cloud-based security model, the security roles and responsibilities of cloud ERP providers and their infrastructure partners, and the additional measures that you’ll need to consider to keep your cloud ERP solution and data safe.

 

 

 

 

© SMB Group, 2019

Source: Laurie McCabe’s Blog

Leave a Reply

Your email address will not be published. Required fields are marked *