Cloud ERP Security- Your company’s Enterprise Resource Planning (ERP) system is probably not as secure as you think it is, or as it could be, thanks to a common misunderstanding about what really is required to protect these types of systems. Many companies falsely assume that keeping their ERP software on their own on-premises servers is less expensive and more secure than cloud-based ERP. However, the opposite is true — and this choice can prove to be a costly mistake.
Your ERP contains the company’s most vital and confidential information — the “crown jewels” of the business. Theft or destruction of this data can halt a company’s operations creating short- and even long-term effects. More than ever, ERP systems are increasingly coming under direct cyberattack. A July 2018 alert from the U.S. Computer Emergency Readiness Team (US-CERT) warned of an increase in the exploitation of ERP system vulnerabilities.
“Research conducted by Cybersecurity Ventures has led to its estimation that ransomware damages will cost the world more than $8 billion in 2018.” They reported “Ransomware will attack a business every 14 seconds by the end of 2019”. And “Global damage costs in connection with ransomware attacks are predicted to reach $11.5 billion annually by 2019.”
The National Cybersecurity and Communications Integration Center (NCCIC) is the Nation’s flagship cyber defense, incident response, and operational integration center. The top 3 suggestions NCCIC recommendsfor protecting against the threat of ransomware are:
- “Update software and operating systems with the latest patches. Outdated applications and operating systems are the target of most attacks.”
- “Never click on links or open attachments in unsolicited emails.”
- “Backup data on a regular basis. Keep it on a separate device and store it offline.”
Recommendation number two requires regular user training, but one and three is the responsibility of the IT department in your business.
Impact to your small and medium businesses
“Business management often believes that on-premise hosting of ERP is more secure because it’s behind their four walls or that it’s mostly free if they’re using their existing servers and personnel,” said Ray Rebello, director of product marketing for Acumatica. “But it’s not. They are required to spend a lot of their IT staff time and money keeping the security software and ERP applications up to date. And unless they’re already a large company with an IT staff, they struggle to manage the constantly evolving security requirement on top of their core job duties.”
Furthermore, ERP software can be particularly challenging to secure because it typically features a complex system architecture, with many interfaces and integrations, and because users increasingly must access it via the internet and a wide range of mobile devices.