ERP Security: Putting a Lock On the Cloud

Detractors of ERP cloud computing have always pointed at ERP security as being questionable in that arrangement. The objective truth is that cloud ERP services are probably better at security than most on-site ERP installations for a number of reasons: (1) In general, they have more up-to-date hardware and software; (2) their facilities are manned 24/7, and are designed to control limited physical access (3) they spend more money on security, as a percent of revenue, than most on-site IT departments and (4) they hire security professionals, who work full time on security.

But if an ERP user is truly trying to understand the question of “is cloud ERP security sufficient for me?”, then he or she is likely dealing with too big of a question to start with. Breaking down security into its smaller components, and testing a proposed vendor’s strengths against those smaller components is the best approach to take in your cloud ERP strategy.

The Many Faces of Security

1.Data security. Is your data highly sensitive, or realistically, do you simply just treat it that way because it’s a good practice? If your data contains the credit card numbers of 300,000 customers, or even a list of the food deliveries to a major army base, then your cloud ERP vendor better show pretty high competence at data security.

2.Transmission security – If someone intercepted emails, or business transactions, would they obtain data that might embarrass company officials, or are they likely to obtain a histogram of women’s shoe size demand in Topeka, Kansas? If the former, you want to understand their encryption capabilities and its effect on processing speeds.

3.Application security – What would happen to your business in the event of an application disruption? Is your business effectively shut down in that event? Where is your cloud ERP provider located, and what are the threats – hurricane, earthquake, tornado, blizzard – to that location? Is your cloud prospect stronger or weaker than you would be in-house at making sure you could continue to run in the event of a natural disaster?

4.Physical security – How accessible is/would your in-house IT area be, and what controls would be placed on it for ERP security purposes? Most cloud providers are actually better with physical security, because they don’t have a large complement of salespeople, accountants, and executives hanging around the facility, and fiercely control physical access to various parts of the office space.

5.Access security – You probably know more about access security – who can get through the firewall, and what they can do when they get there – than a cloud ERP vendor will ever know. How you construct your ERP security roles is almost always handled more effectively internally.

The point is, don’t paint the term “security” with only one brush. Some of these issues will be more important to you than other issues, and some cloud vendors will be stronger with one type of ERP security than another. Ask questions, require written documentation, and choose wisely when deciding if cloud ERP is for you.

author image
Richard Barker

About the author…

author image
Richard Barker

Featured white papers

Related articles