When business-sensitive data is hacked or leaked the consequences can be disastrous for an organisation. ERP (enterprise resource planning) systems can be particularly attractive targets for hackers because to a cybercriminal they look like honey pots of valuable data.
Whether that data is customer credit card details, business financial data or intellectual property, if cybercriminals obtain it they can sell it on the underground economy. Other risks contain hacktivism where groups will post sensitive customer data publicly to highlight security flaws, which can significantly impact a company’s reputation, or cyber-espionage whereby competitors obtain access to valuable intellectual property.
We believe industrial companies and manufacturers could be playing catch-up when it comes to security. Banks, government agencies and B2C retailers have long been at higher risk of attacks due to the nature of the data they hold and the regulations surrounding this data, but they are not the only targets.
Research from internet security firm Symantec shows that attacks on smaller firms (those with less than 250 employees) now make up 43 per cent of all attacks observed, and the manufacturing industry tops the table as recipients of malicious spam. Apart from the impact on customer operations and business reputation, it’s a company’s own legal accountability to ensure that data is properly secured, encrypted and protected, with hefty legal fines (to say nothing of the loss of business) for non-compliance.
As hacking techniques continue to evolve in their sophistication, those responsible for protecting ERP systems have a plethora of issues to consider: are firewalls secure, are passwords complex enough, are systems regularly patched and updated and are staff adequately trained, so that cybercriminals can’t get in through the back door via a Trojan horse infected email? Many IT managers have been led to conclude maintaining on-premises ERP systems securely is a time-intensive and expensive challenge, and are looking into cloud-based alternatives in order to delegate application security responsibilities to a more qualified team.
In modern reality, security threats are mitigated when a company is hosting ERP in the cloud as opposed to on premises. Vendors entrusted with ERP business information maintain highly secure datacenters, protected 24 hours a day, 365 days a year. They invest in the latest intrusion detection systems, have fully trained expert staff, and take on the responsibility of keeping data secure, encrypted and protected.
However, there are several considerations organisations must be aware of when moving ERP systems to the cloud:
If organisations are confident that the above points have been heeded and all preparatory steps have been taken then relocation of ERP systems to the cloud is recommended.
However, companies need to feel assured that they are employing the right cloud vendor and its employees are fully trained before making this shift.