Four ERP security issues faced by public sector companies
Dealing with ERP security in the public sector represents the ultimate in systems management challenges. Where privately-owned commercial operators can typically skate along under the radar with little or no outside supervision, public sector firms face hosts of external obstacles that can quickly trigger operational stress, often at the most inopportune times.
This uncomfortable truth has also been further pushed along by hosts of substantive breaches, largely driven by the advent of cloud-based topologies. While many of the most successful attacks occurred on the basis of single-point-of-failure hacks initially, these events encouraged black hat hacktivists to engage in expanded and highly-direct process threat vectors. This has forced enterprise operators to employ sometimes ponderous protective systems to secure their data systems.
Consequently, these characteristics have transformed what should be a transparent and highly-flexible environment into a largely difficult one, triggering even more concerns about the future. While there are too many public sector threat vectors to name in this short treatise, here are four areas to look for going forward.
1. A universe of threat vectors
As previously suggested public sector ERP threats are multiplying exponentially. For ERP folks who face these threats on a daily basis, it should be remembered that just because your system is capable of identifying and defend one attack at one time, you’re still vulnerable to the potential of multiple, disparate vectors coming from different places simultaneously.
This means that to maintain a chance of catching a problem before it becomes real trouble, you must be on the ball all the time, every day. Consider; executing daily systems reviews, reviewing all threat reports, developing regular threat test programs, ensuring that you update current systems as they are called-for, and most importantly, maintaining comprehensive indexes of threat characteristics.
Chances are you’re not going to be able to catch everything every time, but this is one time when more not less is the better decision.
2. Issues of governance and compliance for public sector ERP
These bits of bureaucracy aren’t going anywhere soon, so you may as well get used to it, if you haven’t already gotten the idea. Granted, there have been some bad corporate actors in the past, and today, even worse black hats who would love to see your company go upside just for the fun of it. However, in the midst of trying to set things right, many politically motivated rules and policies have opened the door for even worse events going forward.
Consequently be prepared to maintain and understand the impacts of any new rule or policy that applies, otherwise you may not only find yourself dealing with a hack exposed by one or more malformed governmental policies, but you may also face a visit from the FBI, the SEC, and/or your Aunt Mabel’s lawyer.
3. Standardization challenges for public sector ERP
If done properly systems standardization can be a great thing and the tech trades are all about making this sense of ‘right’ a reality. However, when it comes to security, a belief in ‘one fits all’ rarely gets the job done effectively.
This is because each enterprise is different even though it may look otherwise from the outside. Consequently, you should cast a dubious eye on any attempt to standardize your security systems, unless there is a really good reason to do so. Again, your company is different, so act like it both outside, but most importantly inside your particular data environment.
4. The frangibility of ERP systems security
Everyone wants their systems to be secure, and if you read the trades, or watch tech TV more security is always better. While this assertion is generally accurate, there are also times when too many security layers can open Pandora’s Box.
The truth of the matter is that applying multiple systems that may or may not be compliant with each other can weaken your security and end up being just as bad as posting a message on a community forum announcing ‘please hack my ERP platform.’ So, in the same way that you should maintain a comprehensive index of threat vectors to keep yourself safe, you should also understand the impacts of any system you integrate.
Is BYOD a bad idea for ERP security?
A comprehensive look at the ERP security risks presented by BYOD policies
Four questions to ask before buying a public sector ERP
The things you should set straight with public sector ERP vendors before purchasing their software
Three ERP security concerns for medical manufacturers
Security questions to ask potential medical manufacturing ERP vendors before a software purchase