03:01 PM
Connect Directly

The Frontline Value of ERP security

The critical nature of the business process systems means that when it comes to safeguarding, ERP often merits a bit more care.

A specialist system that secures enterprise resource planning (ERP) systems from cyber attack doesn’t just aim to provide bulletproof protection and peace of mind for business owners. It also makes life much simpler and reassuring for IT professionals.

Large organizations heavily rely on ERP systems and its applications to automate and improve functions across the organization, from human resources to product development and sales.

Implementing security measures to detect and mitigate vulnerabilities in ERP systems that would otherwise expose sensitive business information to malicious intruders eventually should be a no-brainer in the boardroom. That’s because these precautions enable IT departments to automatically enforce external and internal compliance requirements, protect against the very latest insider threats and external hacks, drastically reduce audit costs, and enhance the security awareness and skills of all IT staff.

Left unchecked, the same ERP applications that reduced data complexity for business owners might easily present a comprehensive picture of business performance to malicious external or internal threats.

Without specialized ERP security in place, IT teams face a constant battle to proactively maintain defenses in the face of evolving threats. Implications for business productivity and reputation include data compromise, financial losses, and regulatory censure. Despite leading ERP developers like SAP and Oracle working hard to build security functions into their app suites, no system truly arrives "secure out-of-the-box." On the frontline then, it is the IT departments that must learn vendor security best-practices, partner with certified systems integrators, and then help to convince and train end-users to buy in to fresh security practices. ERP deployment is very complex and highly individual to each business -- which is why it is time for security managers to accept some specialist help.
The raw truth is that it can sometimes be hard to see the detailed fissures of the coalface from way up in the boardroom. Few business owners are aware of the security issues surrounding ERP until they have been presented with the data risks by an IT professional and heard how they rapidly translate into business risk. The nuts and bolts of data security in isolation are unlikely to convince business owners of investment, but they will soon come to understand and face the reality that their financial systems, supply chain visibility, HR resources, and entire business reputation could already be under barrage.
Holistic ERP protection demands a fundamental understanding of changing business practices amid an evolving landscape of potential threats -- and it also requires both technical and business professionals understand what is really at stake. Savvy security managers must push remorselessly for professional consulting services, new training and specialist ERP security software to proactively deal with this unacceptable business exposure. As is often the way, although IT investment must be sanctioned from the top, the action generally needs to be kick-started by the IT pros in the basement. Only once the IT department makes the whole business risk-aware will innovative security measures designed specifically to protect ERP systems be acquired and deployed.
Sadly it is also a fact that when an IT professional does detect fresh security vulnerabilities in their ERP, it is highly likely that they’re not the only person to do so, and those other parties are far more likely to have malicious intent in mind. That is why it is absolutely vital to heed security warnings from the frontline -- and protect ERP, ASAP.

Juan Perez-Etchegoyen is the CTO of Onapsis, leading the Research & Development teams that keep the company on the cutting-edge of the ERP security industry. Juan is responsible for the design, research, and development of the innovative Onapsis software solutions Onapsis X1 ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
7/22/2014 | 12:22:45 PM
ERP Security
Most businesses do not consider security seriously until something goes wrong. Often even the most basic procedures are not followed allowing unauthorised access e.g. disabling user accounts when staff leave. I sincerely believe that many companies do not even realise that their security has been compromised.


IMS can provide a full security audit of the AS400 covering:


·         Review of IBM user authority

·         Review of old unused accounts – disable/delete if not required

·         Review of disabled accounts

·         Review of System 21 authority

·         PTF levels

·         Disc utilisation

·         Check Back Ups are covering all bespoke work and data


We then provide a written report of what we find along with our recommendations. If required, we can also assist in the implementation of any agreed improvements.

By doing this at least a client has some peace of mind that they have done everything possible to reduce the risk of a security breach and they have a report to show what has been done. Most of what we find wrong is only common sense but security is never at the top of a 'to do' list in IT.
More Commentary
Gartner: 75% of Mobile Apps Will Fail Security Tests Through 2015
The rise of BYOD means enterprises must implement security testing and containment solutions, according to new Gartner research.
Chip & Pain, EMV Will Not Solve Payment Card Fraud
Switching to EMV cards will lower retail fraud, but it's not enough. Here's the good, the bad, and the ugly.
With UCITS V, $9T Isnít as Easy as It Used to Be
With UCITS V's restrictive remuneration rules and hidden costs, going global may get a little less attractive.
Banks to Increase IT Spend on Big Data Challenges, Finds Aite Report
Big data has presented the greatest challenges and dissatisfaction for banks, yet it is the most likely to see upward spending in the next two years.
Scotland Independence Vote: Haggis & Fragmentation
Scottish independence has far-reaching consequences for the global financial markets.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - July 2014
In addition to regular audits, the SEC will start to scrutinize the cyber-security preparedness of market participants.