Cloud ERP Mistakes: Security Assumptions
One of the most universally appreciated values of cloud ERP is its ability to translate directly from an operational requirement to an active system in about half the time associated with a typical on-premise system. On the face of it, this characteristic alone appears to provide everything an ERP-dependent enterprise might need, ranging from speed of launch to back-end stability. While this savvy approach to resources management may appear to be a panacea, there are a number of concerns deep-rooted in cloud topology, and at the locus of this cluster of weaknesses lies cloud ERP security.
'While That May Be True, It Is Also Irrelevant'
Now, I know what you’re about to say; in terms of today’s cloud ERP, platform security elements are light years more sophisticated when compared with 5 years ago. However, to leverage North Vietnamese General Ho Binh Gap after his Army finally took Saigon in 1975 after 20 years worth of trying, ‘while that may be true, it is also irrelevant’; effective cloud-based security is not derived by the ERP platform alone. Cloud ERP security depends on the complete constellation of affiliate systems and people who ultimately create an effective and stable end-to-end system management chain.
there are a number of concerns deep-rooted in cloud topology, and at the locus of this cluster of weaknesses lies cloud ERP security
As banal as it may appear to be, humor me and ask yourself this question; what connects a cloud ERP platform to an enterprise workforce? That’s simple; connectivity you say. And where does connectivity come from? Multiple international and domestic CLEC’s, WAN nodes, servers, gateways, routers, and god-only-knows how many other active and passive communications widgets.
All these elements are managed by hosts of individuals simultaneously, thereby allowing a user to receive usually accurate and constant processing that drives raw materials in one side of a factory and produces finished goods that roll out the back end of the building. This of course is followed by the happy business coincidence of revenue appearing within an enterprise’s bank account.
Planning for Disaster Recovery
However, what if ‘any’, and I mean this literally, ‘any’ of those elements are seriously compromised; do you think that your ERP system will survive the potential cataclysmic upset? The sad truth of cloud ERP security dependency is that to make a single accurate data-packet go from ‘here to there’ securely, each virtual link in the end-to-end processing chain must be squeaky clean all the time, every day. In the middle of all of that unattended activity, people are constantly trimming, maintaining, upgrading, and patching an entire network fabric in real-time.
So, the next time you see your enterprise security compliance officer, ask him about his level of confidence when it comes to the invisible ‘squishy stuff’ in the middle of your ERP cookie. I expect you’ll have a bit of a fright since a completely accurate understanding of cloud ERP security will likely require much more effort than originally thought.
Featured white papers
ERP and serverless architecture: getting ahead of the curve
What serverless architecture is, and how ERP could adapt to it
Onapsis and CSA establish ERP Security Working Group
The initiative aims to provide large organizations with guidelines on cloud ERP security
Has your ERP vendor gone out of business? Here's what to do
Actions you should take if your ERP vendor ceases trading or goes out of business