Security is a major challenge facing companies using ERP platforms. While ERP delivers many valuable insights and efficiencies, it also creates new vulnerabilities for firms from bad actors.

There is plenty of talk about digital transformation on the ERP conference circuit, but less discussion about the security issues. One of the main problems? Companies are relying on traditional IT security methods to protect their ERP systems - a straight line to unforeseen problems.

Vulnerabilities include insider threats and pivot attacks. Beyond these, though, the migration of ERP applications to the cloud is also creating issues as the entire migration process can present new opportunities for determined hackers. Cloud migration can cause companies to let their guard down temporarily and allow intruders to establish back door access, for example.

“Organizations are starting to explore the question of whether a cloud environment might alleviate traditional challenges that business-critical applications normally face,” observes John Yeoh, Director of Research, Americas, for the Cloud Security Alliance (CSA). “As moving to the cloud creates its own security and privacy challenges, we wanted to provide some benchmarks regarding the myriad issues surrounding cloud migration and security.”

The CSA found that 69% of organizations are migrating data for popular ERP cloud applications to the cloud, with 90% stating that they consider these applications to be business critical. Yet more than half the survey respondents also said that they expected security incidents related to the cloud to increase this year.

Ultimately, as new ERP projects are being adopted a higher degree of security hygiene is required. According to the CSA, companies are adding measures to protect their ERP applications in the cloud, including identity and access controls, firewalls and vulnerability assessments.

“In any cloud migration, regardless of the provider, security must be implemented from the start and be implemented in phases throughout the project,” says Juan Pablo Perez-Etchegoyan, CTO at cloud security specialist Onapsis, and chairman of the CSA ERP Security Working Group. “Organizations are concerned about moving sensitive data across environments, then addressing the security and compliance implications that come of that migration. Our studies have found that implementing security in each phase of the migration could save customers over five times their implementation costs.”

Some 59% of respondents in the CSA survey said that security was considered a major advantage of the migration to a cloud-based ERP model in the first place.

Key Takeaways:

  • Many companies see a migration to a cloud-based ERP model as a means of enhancing their existing security.
  • Use of the cloud for ERP is creating new security threats, however, including those that can occur in the process of migrating to the cloud.
  • Most companies making use of the cloud now expect to see an increase in the frequency of attacks on the cloud in the course of this year.
  • Security issues should be at the top of the agenda and form a core part of any data migration plan for the cloud. Addressing these once the process has begun means that vulnerabilities have already been created.