ERP data is often described as a company's "crown jewels" because it contains a trove of valuable information. Customer data, inventory, budgets, payroll and sales orders are all types of data that ERP systems hold and transact.
Yet for all that value, ERP data security is an often unsung topic and ERP systems can be vulnerable to security threats. That's especially the case for organizations moving from on-premises systems to cloud-based systems.
In the first of a two-part series, Greg Wendt, executive director of security for Appsian in Dallas, discusses what organizations need to consider about ERP data security as the cloud becomes more prevalent.
Appsian provides ERP security services primarily for SAP and Oracle PeopleSoft systems, including access control, compliance and audit, and threat protection.
What are a few of the main ERP data security issues that organizations face today?
Greg Wendt: Historically, ERP implementations have been on-premises and they've been some of the later [systems] to shift into cloud-based environments, but this is changing. What we are seeing more of is that some organizations are [moving ERP systems to] either a cloud hyperscaler like an AWS, a vendor-specific cloud or a hosting provider. But across the board, we are seeing that the security departments inside these organizations are definitely concerned as to what's happening with this and who has access to the data once this occurs. Typically, when ERP shifts to the cloud, most of the development instances have a full copy of production, so they have the same sensitive data as production does. A lot of these organizations are attempting to change that, so they don't have that level of information in all of these different systems.
What are some of the concerns that people have about moving to the cloud?
Wendt: Let's say you go into a hosted environment where the vendor not only runs the hardware and the software for you, but also administers the application. The vendor is actually logging into your application, and it has powerful accounts that can get into your application set. So you have to ask: What is the vendor accessing? What is it seeing?
Some organizations are very apprehensive to move to the cloud because of those security concerns. They don't want all of that private, sensitive data in an area where they might not have full control over it. So we're seeing a shift to controls around the data, whether it's multi-factor authentication or data masking, especially for those accounts that are based on who may be accessing what type of data or if it's private, personal information type of data. What we've seen is a layering in of a lot of those controls especially throughout the development stack, not just the production implementation, because of that full realm of private data sitting throughout the development stack.
Are there other reasons why organizations might be reluctant to move ERP systems to the cloud?
Wendt: These are often mission-critical systems, so you have to talk about disaster recovery and what happens if your network gets cut or severed. At an organization that I worked with in the past, we had a lot of construction going on around it and we had our up-to-the-internet cut three different times within a year. They cut the fiber lines, which aren't exactly quick and easy to fix. So you could be down for 24 to 48 hours. If you're on-premises, you still have access to all of those systems. But if it's in the cloud, you don't because you can't get there.
Is there anything particular about ERP systems that makes them more vulnerable?
Wendt: ERPs have become more of a challenge because they're not necessarily as clear-cut to define and find out who has access to what information. A lot of ERPs are now built to where they're metadata-driven applications, so you have to understand that metadata to really understand what a user is accessing. For example, when you look at PeopleSoft, to understand what a field is at the database level, you have to look at how that is defined and how it's built within the PeopleTool layer of the ERP system. Because of the complexity of ERPs, whether it's PeopleSoft or SAP, it does make it more challenging to understand what people are doing.
What are some measures organizations can take to improve ERP data security?
Wendt: Definitely from an implementation of security level, it needs to be contextual-based security inside of the application. If you think of the ways you utilize your applications, maybe based upon how you're accessing that application, you have to have data that's either masked or you have to do stepped up multi-factor authentication. You can also control access to that particular transaction based upon where the user is coming from. These are very contextual, attribute-based controls that are layered into the application and that gives the control back to the organization. Because typically once you go to an internet-enabled application, many of these ERP applications are just user ID and password authenticated, so they're vulnerable once a hacker gets a hold of those credentials. This is why the phishing attacks are so successful, because they get access to that system and all the roles and transactions that that user has access to. That's where you want to enforce least-privileged access when they're coming in from an untrusted location. That's where you come into extra layers of protection and decide through those attributes what somebody should really be able to do, see or edit.
The rest is here:
Take care of ERP data security when moving to the cloud - TechTarget
- Research Report and Overview on Web Hosting Providers Market, 2020-2025 - Express Journal - April 5th, 2020
- Top 9 Reasons Your District Should be Moving to the Cloud - STN Media - School Transportation News - April 1st, 2020
- MSPs: Time to Reinvent - Channel Futures - April 1st, 2020
- Global Managed Hybrid Cloud Hosting Market 2020 Industry Statistics on Key Trends, Growth and Opportunities to 2025 - Monroe Scoop - April 1st, 2020
- Health Catalyst Launches Four Additional COVID-19 Solutions and a Modular Bundle - The Herald Journal - April 1st, 2020
- Tech pitches in to fight COVID-19 pandemic - Computerworld - April 1st, 2020
- Transitioning Your Enterprise Workload? Read This First - Forbes - March 23rd, 2020
- Hybrid cloud - The business infrastructure of tomorrow - Techerati - March 23rd, 2020
- On the horizon: 57 meetups, conferences & networking events across NC in April - WRAL Tech Wire - March 23rd, 2020
- The Four Main Reasons Your Cloud Spending Is Out of Control - Cloud Wars - March 21st, 2020
- Everyone needs the cloud now more than ever. So understand AWS, Azure and more for under $25. - The Next Web - March 21st, 2020
- Zoom warns investors they may become a victim of their own success as costs spiral - MSPoweruser - MSPoweruser - March 21st, 2020
- Leostream to the Remote Access Rescue - Associated Press - March 21st, 2020
- AMD and Intel have a formidable new foe but youll never guess who it is - TechRadar - March 21st, 2020
- Business Process-as-a-Service (BPaaS) Market To Reach USD 120.70 Billion By 2026 Growing at a CAGR of 12.6% - Weather News Point - March 21st, 2020
- Realising the impact of unsecured container deployments: A guide - Cloud Tech - March 20th, 2020
- Leostream to the Remote Access Rescue - Yahoo Finance - March 20th, 2020
- Friday night music jam hosted by Tony Oldand goes live online tonight for musicians and music fans looking to be cheered up - Beach Metro News - March 20th, 2020
- This Week in Jobs: Puppies and Rainbows Edition - Technical.ly Brooklyn - March 20th, 2020
- Firms go remote at breakneck speed in response to coronavirus - Accounting Today - March 20th, 2020
- Web Hosting Services Market 2019-2023 | Increase in the Number of E-commerce Vendors to Boost Growth | Technavio - Yahoo Finance - March 20th, 2020
- COIN.HOST: Security, Privacy and Excellence Applied To Web Hosting In The Crypto Market - UseTheBitcoin - March 20th, 2020
- YouTube fails to clarify whether reduced streaming quality will impact live events - Cloud Pro - March 20th, 2020
- Are two clouds better than one? - ITWeb - March 20th, 2020
- Will coronavirus change the way we view tech? - BusinessCloud - March 20th, 2020
- QualiSpace Launched Tally on the Cloud - IT News Online - March 13th, 2020
- BeBop, Sony Ci to Hold Post-Production in the Cloud Webinar March 18 - Media & Entertainment Services Alliance M&E Daily Newsletter - March 13th, 2020
- Disruptive tech trends: Fintech leads Twitter mentions in February 2020 - Verdict - March 13th, 2020
- Minimize business impact of coronavirus - IT World Canada - March 13th, 2020
- Software for scheduling appointment in beauty salons Software as a service vs WordPress Plugins vs Local Applications - Mighty Gadget - March 13th, 2020
- Cloud Hosting Service Market 2020 By Top Key Players/Manufacturers, Type and Application, Regions, Industry Analysis, Growth, Size, Trends and... - March 12th, 2020
- Amazon: Linux-based Bottlerocket is our new OS for hosting containers in the cloud - ZDNet - March 12th, 2020
- PTC Unlocks Huge Time Savings for Developers & Technical Designers with New Samples Console in FlexPLM Version 11.2 - Which PLM - March 12th, 2020
- Cybersecurity in a time of coronavirus - Accounting Today - March 12th, 2020
- VMware : UKCloud Health awarded place on new 3bn framework from NHS London Procurement Partnership - marketscreener.com - March 12th, 2020
- UKCloud Health awarded place on new 3bn framework from NHS London Procurement Partnership - RealWire - March 12th, 2020
- Cloud ITSM Market Current Trends and Future Aspect Analysis 2018 2028 - 3rd Watch News - March 12th, 2020
- How to pick the right third-party CI/CD tool for the cloud - TechTarget - March 12th, 2020
- Recovery and restoration of content from blogs and windows web hosting UK websites - Lifesly.com - March 12th, 2020
- IBS Software Takes Lufthansa Cargo Handling to the Cloud - PRNewswire - March 10th, 2020
- New realms of measurement, connected data silos, and more in 2020 (Reader Forum) - RCR Wireless News - March 10th, 2020
- Introduction to the Firebase Database - Database Journal - March 10th, 2020
- Source Code Escrow Agreements Are Reaching For The Cloud - JD Supra - March 10th, 2020
- Google expanding cloud hosting presence in Canada with Toronto location - MobileSyrup - March 7th, 2020
- Mission-critical services migrating to the cloud in 2020 - TechRepublic - March 7th, 2020
- From Paper to Digital the Benefits of Cloud and SaaS Platforms for Lab Productivity - Technology Networks - March 7th, 2020
- Version Control Hosting Software Market Rising Trends and Technology Outlook 2019 to 2025 - News Times - March 7th, 2020
- Standing wave cloud at sunrise, over Zimbabwe - EarthSky - March 7th, 2020
- Standard Bank partners with Microsoft and SAP to accelerate its digital journey - BusinessTech - March 7th, 2020
- Meet the New Navisite: A Modern Managed Cloud Service Provider Accelerating IT Transformation for Thousands of Global Brands - AiThority - March 4th, 2020
- Navisite Transforms to Modern Managed Cloud Service Provider - Database Trends and Applications - March 4th, 2020
- SophosLabs Reports on Cloud Snooper, an Advanced Targeted Attack that Allows Malware to Communicate Across Firewalls - CXOToday.com - March 4th, 2020
- Managed Hybrid Cloud Hosting Market- Global Business Growing Strategies, Technological Innovation And Emerging Trends Of Outlook To 2026 - Feed Road - March 4th, 2020
- Microsoft Goes All-In On RPA (Robotic Process Automation) - Forbes - March 4th, 2020
- Personal/Private Cloud Market by Revenue (Direct and Indirect), Hosting (User and Provider) and Deployment (Individuals, Small businesses and Medium... - March 4th, 2020
- ACS transforms disaster recovery with VMware and Routed - TechCentral - March 4th, 2020
- Amazon Lightsail offers cheap WordPress hosting in the cloud - Coywolf News - February 28th, 2020
- Northumberlands move to Oracle cloud apps hands control over from IT to end users - Diginomica - February 28th, 2020
- Ankr Partners With LTO Network; Announces Node Hosting and Campaign - CryptoNewsZ - February 28th, 2020
- FastComet is Now Powered by AMD EPYC to Dramatically Improve Reliability, Speed, and Security of Its High-Performance Servers - HostReview.com - February 28th, 2020
- Two Rare Cloud Features Appear Over New Hampshire's Mount Washington - Smithsonian.com - February 28th, 2020
- Source Code Escrow Agreements Are Reaching For The Cloud - Law360 - February 28th, 2020
- Millennials to Drive Bitcoin Higher: 4 Stocks to Watch - Nasdaq - February 28th, 2020
- Why CFOs are turning to hosting as they move to in-house accounts - Financial Director - February 28th, 2020
- Harnessing the benefits of HSCN requires more than just 'connectivity' - Open Access Government - February 28th, 2020
- Two new higher education institutions select OnBase hosted in the Hyland Cloud - PRNewswire - February 27th, 2020
- Cloud Hosting Service Market Types and Applications Outlook, Industry Drivers, Ongoing Trends, Future Demand, Challenges, Top Companies & Forecast... - February 27th, 2020
- Alibaba to give out free cloud to help businesses affected by Coronavirus - Data Economy - February 27th, 2020
- Arizona Health Information Exchange Launches NextGen Healthcare Health Data Hub to Improve the Physician Experience and Enhance Patient Care - Yahoo... - February 27th, 2020
- Financial organisations leading the way for hybrid cloud, Nutanix finds - DataCentreNews Europe - February 27th, 2020
- LINX Cardiff Becomes LINX Wales as Regional Internet Exchange Welcome NGD to the Network - RealWire - February 27th, 2020
- ServerCentral Turing Group and Digital Realty Expand Partnership for Hybrid Cloud Solutions - HostReview.com - February 27th, 2020
- How CPAs Can Have a Stronger IT Infrastructure - Accountingweb.com - February 22nd, 2020
- Cohere Cyber Secure announces Fully Integrated "Cyber-Managed Security as a Service" Targeting High-Demand Enterprises in Healthcare and... - February 22nd, 2020
- Software Asset Management Market 2020 Analysis, End Users, Business Growth, Top Key Players and Forecast to 2025 - News Times - February 22nd, 2020
- Cloud Hosting Service Market Insights with Statistics and Growth Prediction 2020 to 2026 - Instant Tech News - February 21st, 2020
- Will VMware's New Fees Trigger Rush to the Cloud? - Toolbox - February 21st, 2020
- Infoblox Core DDI and Cloud Platform appliance products are now certified as Nutanix Ready - Help Net Security - February 21st, 2020
- HMRC chief gives thumbs up to five-year cloud migration programme - PublicTechnology - February 21st, 2020
- How can government manage the growing digital market choice? - The Mandarin - February 21st, 2020