How Safe is your ERP System?

Enterprise Resource Planning (ERP) software is a powerful tool for organizations large and small, unifying business functions and departments. ERP can streamline your business processes and improve performance, speed and results.

By its nature, ERP should be more secure than a range of standalone systems. The single input that ERP allows and the merging of the various departmental systems allowfor greater control and easier data management. It allows for improved accuracy and consistency of data and better security.

Modern cloud hosting is even more secure as it has an additional layer of security. Furthermore, cloud-basedsystems have security experts that design and manage outstanding security tools.

That’s the good news. The badnews is…

Without proper security measures, ERP can do more harm than good.

The more sophisticated and powerful the integration, the greater the security risk. Since ERP systems integrate with all internal departments over multiple devices, partners, vendors andcustomers, the potential threat increases.

Cyber attacksare a reality and the threat is growing. ERP systems are far from immune and make particularly good targets. Given that they interconnect with all areas within the business, this is a significant threat. Most systems will also connect with mobile users, customers, suppliers, partners, internal systems and even the machines in your office and factory.

The cloud offers some protection but is also a double-edgedsword. While the risks can be mitigated, it takes control out of yourhands. The first step is to ensure you use the right vendor for your cloud ERP.

Here are a few other things you should be doing to protect your ERP data:

• Passwords
• Logs
• Firewall
• Encryption
• Internal security
• Limited external storage
• Define and monitor traffic
• Monitor social network use
• Control permissions

This last point is particularly important. Although most threats are expected from external sources, one cannot ignore internal risks. Restrict access to only what is relevant to each person’s role and responsibility. This will reduce the potential risk and improve security.

Control and manage who has access to what and review and monitor this on an ongoing basis. A good rule to follow is the less access and privilege the better. One can always increase it as necessary. Increased access can be permanent or temporary, depending on the situation. This role-based security schema can ensure that vital data and information is not vulnerable.

It’s also a good idea to implement separation of duties where one party has to approve what the other party creates.

Is the cloud safe?

There is little doubt that the cloud is the way to go. Many people still have the perception that the cloud is not secure. Provided you have the right vendor and the right checks and balances in place, cloud-based ERP is perfectly safe. Good cloud security is as good, if not better, than anything you could implement with an on-premise system.

Additional ERP security

The consequences of cyber attacksare serious and could lead to crippling downtime, data loss andmalware issues. It’s important to employ additional protection to safeguard yoursystem, data and system users.

A good tool from Microsoft is their EMET or Enhanced Migration Experience Toolkit. It differs from earlier Microsoft tools such as ASLR, DEP andSafeSEH in that it can be used as and when necessary on the system through a separate installation.

While EMET will work on most ERP systems it is advisable to check compatibility first.

Anti-virus, anti-malware and intrusion detection tools are important but should be supplemented by additional protection such as EMET for more robust protection.

ERP security cannot be left to chance and it is not enough to rely solely on your vendor to ensure security is rock solid. While vendors provide expertise and valuable tools, each organization has to take responsibility for their own ERP security.

Check that security support is in place and ensure all patches sent by vendors and security suppliers are applied immediately. Often times, support protocols and the patches will become out of date and third-partytools will be necessary.

Final thoughts

It is essential that CIOs and CTOs are familiar with the severity of potential threats and the measures that need to be in place to prevent cyber-attacks. As ERP becomes more integral in the modern business environment, any compromise of the system could have dire consequences.

Fortunately,there are a number of effective tools available and measures that can protect ERP systems. It is vital that these are implemented and correctly managed to ensure maximum protection. Best practices for ERP security should be followed at all times.