Setting a baseline for ERP Security
The term ERP security generally refers to two different things. The first is the security at the ERP user level inside the system itself. The second is the security of the ERP data as it relates to external threats (i.e., hackers) that want to access the system. I am going to focus on the second item in this blog.
When I first started thinking about ERP security years ago, I was a little naïve because at that point, most of our customers were small to medium-sized manufacturing companies running on-premise applications on their own networks. Our clients were not manufacturing some sort of top-secret product (at least, that I knew of). So, in my mind, why would someone want access to their ERP database?
But then one day, I received a call from a customer because hackers had accessed their ERP database, cut off their access to it, and demanded a ransom payable in Bitcoin to return their access! This was an important lesson: The data in the ERP wasn’t valuable to the hackers, but it was valuable to the business. What happened? The customer paid the ransom and got their database back. Other customers have had similar situations happen that did not end as cleanly.
I am not an expert in network security, but in my experience, the security of an on-premise ERP is only as strong as the security of the network it is residing in. This is why some companies have hacking events and some do not. Every company has strengths and weaknesses, and how they approach network security is no exception. This dynamic is part of what is driving some companies towards cloud ERP.
Cloud ERP security
In a cloud-based ERP, security becomes the responsibility of the software vendor and its platform. In the case of Infor Cloudsuite Industrial, this is Amazon Web Services.
Cloudsuite Industrial offers a standard or commercial cloud, and a “GovCloud,” which has more security features and is designed for companies who are doing business with government entities that require their suppliers to adhere to a higher set of security standards.
Generally speaking, Cloud ERP takes the security risk off the customer and places it on the vendor. This vendor theoretically has more scale and expertise than a smaller company attempting to keep its own network secure. The end customer pays a subscription for the use of the software and all the benefits it provides, along with the availability or “uptime” and a secure environment.
In the early days, there were cloud ERP security concerns from companies because they could not “reach out and touch” their data like in an on-premise environment. But we see less of that concern as time goes by, and an increase in the attractiveness of allowing the vendor to manage the ERP and security, so the end user can focus more on their business.
We offer options
ERP security best practices will be an important consideration when you’re evaluating systems. There is no right or wrong decision when it comes to choosing an on-premise or cloud solution; each one may have benefits that make it attractive.
Part of what we do at Visual South is spend time to understand your needs and help you figure out the best route to take. We represent both cloud and on-premise solutions, so our interest is helping you make a well-informed decision, not a decision that steers you in one direction or the other. If you are interested in learning more about your different ERP options, check out our blog here.
If you are looking for ERP and not sure where to start, how about talking to an expert who is not a sales person? Click here to learn more about Jack Shannon, and sign up for a free phone consultation to discuss your situation.