Why your ERP is secure in the cloud
It's a point lamented time and again, but it never loses relevance: ERPs are not to be trifled with. Since it emerged three decades ago, the ERP has become the beating heart and burning brain of progressive companies. At first, only a few used it, but soon enough, an ERP became more crucial to enterprises than employees with MBAs. Today, the ERP not only comfortably and affordably extends into small businesses, but it's increasingly integrated with customer services, operational processing and almost all the other parts that make a business whole.
So, don't fix what ain't broke, says the maxim. But the ERP is broken. Business evolves and so should ERPs. Yet the technical complexity and delicate stability that ERPs require have made this nearly impossible... until the cloud arrived. If we accept cloud as a suite of technologies that encourage cheap computation, modular enhancement and stable development, it's the perfect place for an ERP. It's connected, flexible and able to tailor experiences for individuals and departments.
The security fear
But, a cloud ERP doesn't sit on the physical business premises or on hardware the business controls. It resides in off-site locations such as powerful hyper-scale cloud platforms. Isn't that incredibly insecure and very risky?
"That's a great fear we encounter, but the reality is opposite," says Bernard Ford, CEO of One Channel. "To start with, cloud platforms invest a lot more into security than most single companies could ever do. They have specialist teams and they aggregate security data from multiple customers. If anyone is in a position to spot a security risk and act, they are."
Fair enough. But it's also becoming commonly known that cloud providers don't necessarily cover all bases. For example, they are not responsible for a customer's own security practices. It doesn't matter if they have terrific security, but a laptop or phone at your office is compromised.
Not quite, replies Ford: "It's true that cloud security doesn't cover your own internal security. But nothing will do that; you can't outsource some aspects of security, such as how your staff behaves. But the security that cloud offers takes a lot of pressure off you, so you can focus more effectively on problem areas inside your organisation.
"I'd also add that there are more layers and safeguards that come with a cloud system. If someone tries to access your ERP in a strange way, a cloud system is more likely to spot it because it doesn't distinguish a machine as safe or not. Every attempt to access is treated with a level of suspicion. But, it's often the case that on-premise ERPs have very trusting relationships with certain devices, such as the CEO's laptop. If that device is compromised, you might not notice at all. Cloud is often better because it's more paranoid."
Follow the data
The real danger, though, is not the system itself, but rather data travelling back and forth. Here, on-site adherents say the network is isolated and the data only travels within the confines of the company. This is considered much safer.
But that thinking is outdated. The truth is that today's employees connect to business systems across external networks such as the Internet. Internal systems are not ring-fenced, but likely to be integrated with external ones such as supply chain databases. There is also the risk of an inside job, a device placed inside the business to sniff out traffic. Those are hard to spot if you assume the parameter is your strongest defence against cyber attacks.
"First of all, data is encrypted," Ford explains. "You'd be stupid not to encrypt data traffic, and proper cloud ERPs insist on encrypted traffic. Second, to build and maintain a very secure environment with a well-defined parameter is expensive and complex. Most businesses can't afford to do that properly, nor do they need to. Rather, embrace the connected nature of our world and use systems that have matured to work in that way. That's what cloud ERP offers. It's not as complex and it doesn't negate user security in order to do something."
So, you can invest in ironclad security, connected through carefully monitored VPNs. You'll also never turn a profit. Cloud meets so many of those demands head-on and with great success. Your ERP can be flexible and secure.
"Authentication systems such as voice recognition and OTPs are easier to deploy. You could integrate ERP access with biometrics on a smartphone. There are even new, exciting technologies like using blockchain for electronic notarisation. Is ERP less secure on cloud? No, it's much more secure and benefiting from every new weapon against bad actors. If you are concerned about ERP security, you should really look at what the cloud offers."