Cloud ERP security: a shared responsibility

Until recently, core business systems have mostly resided in-house or on-premises. The availability of cloud services changed all of that. Despite some concerns about this new infrastructure model, businesses have taken to it well. Gartner reports in its survey analysis titled Adoption of Cloud ERP, 2013 Through 2023 that 47 percent of respondents have plans to move a majority of their core systems to the cloud within the next five years. This isn’t a surprise, considering the fierce competition businesses are now facing. ERP moves faster on the cloud than it does within an enterprise’s own hosted platform. It’s simple physics.

The cloud breaches many traditional security barriers due to the distributed nature of its infrastructure.

Despite this, we might be jumping too quickly to the conclusion that we must adopt cloud ERP as soon as possible. Security has always been an integral part of connected technologies. Business infrastructures need safety measures in place to prevent intrusion. The cloud breaches many traditional security barriers due to the distributed nature of its infrastructure. Your database, user interface and other access points might be running from different physical devices altogether. Running your enterprise applications on a distributed platform offers the advantage of high availability, business continuity and disaster recovery with load balancing and failover capabilities. For some, however, the prospect of not having total control over ERP infrastructure (something which on-premises solutions can offer) can be daunting.

The mobility challenge

Mobility is both a boon and a burden for those who choose to center their business models around it. Consider that businesses see improved mobility as a productivity enabler. IT departments will have to deal with the problem of ERP security now or face falling behind their competition.

To address this issue, many companies have chosen to go through with a hybrid approach to ERP implementations, relinquishing as little control to the cloud provider as possible. Hybrid clouds typically allow businesses to run the most security-intensive parts of the ERP software within their premises, ensuring that they control regulatory compliance. This approach can be cumbersome, but this is the price some may choose to pay for a compromise between convenience and security. Still, that does not make hybrid cloud systems immune to security flaws.

Recommended reading: ERP software in the cloud - everything you need to know about ERP cloud computing

ERP, CRM and collaboration platforms are becoming more cloud-centric through applications like Panaya, Office 365, Google Apps, SAP, and Salesforce. In the course of using these platforms, employees may share sensitive information with one another, which places another burden on the overall security of the company. This can be managed through policies that emphasize and clearly demonstrate best practices. By evaluating an employee’s adherence to policies regularly, the employer can prevent the majority of accidental leaks that often occur as a result of negligence. This helps prevent the hacking incidents that The Heritage Foundation has said cost upwards of ten million dollars per company in some industry sectors.

Preventing data breaches: a shared responsibility

The onus of properly preventing ERP data breaches, however, does not lie completely with only the IT manager or the employee. There is only so much that one person can do to make sure that sensitive data isn’t accessible to hackers or other unauthorized person. Once a malicious individual steps over that line, we begin to dive into a business’ accountability toward customers with regard to securing their own infrastructures. Policies are worthless without a proper backbone to support them.

Some applications in the cloud can be used to help businesses rein in the chaos that decentralized platforms present. These are necessary to improve cloud ERP security by giving data an added layer of protection through granular control over what can be accessed, who can access it, and what can be done with the data. Aside from access control, it is also necessary to constantly monitor cloud access for anomalies that present signs of tampering or hacking.


The cloud is essentially a messy collection of applications from different providers, each with their own way of dealing with security. There are things that can go wrong at their level, on the business’ end, or as a result of the end user’s negligence.

The human component, in the end, is what makes the cloud so dangerous. ERP platforms that protect this distributed infrastructure from attacks now become essential parts of every business’ toolkit. Without them, it’s almost inevitable that someone will get their hands on sensitive data that is shared across collaboration suites and through the ERP system. At that point, the best one could hope for is a hefty fine; at worst, the data leak could cripple the entire company and erase it from existence in a very short period of time. Having the right solutions in place to prevent these kinds of doomsday scenarios not only would help prevent these consequences, but would also help businesses run more efficiently.

author image
Daan Pepijn

About the author…

Daan is a Cloud Computing, Web Security Expert and Blogger for Hire. His current interests include enterprise automation, cloud-based security and solutions.

author image
Daan Pepijn

Featured white papers

Related articles