Addressing The Real Security Concerns With Cloud ERP
For most businesses, the decision to migrate from an on-premise ERP system to a cloud-based ERP is a financial one. There are several benefits with migrating your enterprise resource management to the cloud. For one, you do not have to invest in all the capital required upfront to purchase and install the ERP on your computer systems. Instead, you only pay for what you use every month. Secondly, you no longer require in-house IT resources to monitor and ensure the smooth functioning of the software. Consequently, the budget approval for such migration comes almost instantly from the company’s finance team.
However, the resistance to cloud-migration is often from the IT department. The reason is primarily security concerns. The SLA of most cloud ERP providers include a disclaimer waiving responsibility in case there is a security breach. Given such a scenario, how confident can one be while giving the keys to the company’s bread-and-butter to a third party? It is hence not surprising to find traditional ERP systems still holding significant market share despite cloud systems being in the market for years. According to a recent report from Gartner, the market share of cloud ERP in 2012 was at 12 percent; and this is estimated to grow to 17 percent by 2017.
Cloud Security Concern #1: Splitting Your Data From The Premises
So what exactly is driving these security concerns? From my experience, one of the biggest worry is the physical absence of all the data within the company premises. In traditional ERP, the company holds all the data in the datacenters within the company. The access and permissions are managed by IT personnel within the company. All this changes when the data moves to the cloud. The physical storage of data is on a server probably outside your own country. You do not have a means to validate the claims made by the SaaS ERP provider about data security.
One recommendation we make to companies expressing this concern is to check for compliance to industry standards. For cloud ERP, the certifications that you may check for are PCI DSS and SAS 70. These are proprietary standards issued normally to companies that process highly secure card payment and other financial transactions. Compliance to these standards is an indication of the level of data security that is provided by these companies. In addition to this, also check for the provider’s in-house mechanism to deal with disaster, infrastructure recovery and data backup.
Cloud Security Concern #2: Insecure Data Transfers
Another major concern expressed by clients is the security provided to data being transmitted. There is always a greater possibility of data being intercepted while being transmitted from the company’s ISP to the cloud server compared to interception of data processed inhouse. The solution to this is something we have all encountered while making credit card payments over the internet – the use of the HTTPS protocol that prevents any third party from intercepting or decoding the data. While this is pretty straightforward, make sure your SaaS provider gives you this security layer.
According to Ilija Budimir from ERP Guru, a company that consults clients on the implementation of NetSuite in Canada, there are also third party bundles that can be used with cloud ERP solutions to enhance the security of data. Adobe EchoSign is an example of one such bundle for NetSuite. This is a free to install bundle that delivers an automated digital signature system that ensures confidentiality of contracts and other documents processed over NetSuite.
Cloud Security Concern #3: Accessibility and Permissions
The third concern expressed by companies deliberating a move to cloud ERP is security related to accessibility of data. Fortunately, most of the big Saas ERP providers today offer firewall protection to their clients. This prevents the ERP system from being accessible to people outside the permiter of the company premises. Additionally, this also ensures the company does not suffer from DDoS attacks initiated by miscreants on the cloud servers.
Data security is a huge factor and no company should take this lightly. While there are financial incentives to migrating to the cloud, this alone should not be a factor while taking the decision. As with traditional ERP, ensure there is a complete review of the security measures offered by the provider along with the other review of feature customizations offered by various providers before signing up with one.
Want more information on cloud ERP software? Find more information about enterprise resource planning software by exploring blog posts, white papers and more at our ERP research center. For comparisons of the best ERP solutions on the market, download Business-Software.com’s Top 20 ERP Software report.
Author : Anand Srinivasan