03:01 PM
Connect Directly

The Frontline Value of ERP security

The critical nature of the business process systems means that when it comes to safeguarding, ERP often merits a bit more care.

A specialist system that secures enterprise resource planning (ERP) systems from cyber attack doesn’t just aim to provide bulletproof protection and peace of mind for business owners. It also makes life much simpler and reassuring for IT professionals.

Large organizations heavily rely on ERP systems and its applications to automate and improve functions across the organization, from human resources to product development and sales.

Implementing security measures to detect and mitigate vulnerabilities in ERP systems that would otherwise expose sensitive business information to malicious intruders eventually should be a no-brainer in the boardroom. That’s because these precautions enable IT departments to automatically enforce external and internal compliance requirements, protect against the very latest insider threats and external hacks, drastically reduce audit costs, and enhance the security awareness and skills of all IT staff.

Left unchecked, the same ERP applications that reduced data complexity for business owners might easily present a comprehensive picture of business performance to malicious external or internal threats.

Without specialized ERP security in place, IT teams face a constant battle to proactively maintain defenses in the face of evolving threats. Implications for business productivity and reputation include data compromise, financial losses, and regulatory censure. Despite leading ERP developers like SAP and Oracle working hard to build security functions into their app suites, no system truly arrives "secure out-of-the-box." On the frontline then, it is the IT departments that must learn vendor security best-practices, partner with certified systems integrators, and then help to convince and train end-users to buy in to fresh security practices. ERP deployment is very complex and highly individual to each business -- which is why it is time for security managers to accept some specialist help.
The raw truth is that it can sometimes be hard to see the detailed fissures of the coalface from way up in the boardroom. Few business owners are aware of the security issues surrounding ERP until they have been presented with the data risks by an IT professional and heard how they rapidly translate into business risk. The nuts and bolts of data security in isolation are unlikely to convince business owners of investment, but they will soon come to understand and face the reality that their financial systems, supply chain visibility, HR resources, and entire business reputation could already be under barrage.
Holistic ERP protection demands a fundamental understanding of changing business practices amid an evolving landscape of potential threats -- and it also requires both technical and business professionals understand what is really at stake. Savvy security managers must push remorselessly for professional consulting services, new training and specialist ERP security software to proactively deal with this unacceptable business exposure. As is often the way, although IT investment must be sanctioned from the top, the action generally needs to be kick-started by the IT pros in the basement. Only once the IT department makes the whole business risk-aware will innovative security measures designed specifically to protect ERP systems be acquired and deployed.
Sadly it is also a fact that when an IT professional does detect fresh security vulnerabilities in their ERP, it is highly likely that they’re not the only person to do so, and those other parties are far more likely to have malicious intent in mind. That is why it is absolutely vital to heed security warnings from the frontline -- and protect ERP, ASAP.

Juan Perez-Etchegoyen is the CTO of Onapsis, leading the Research & Development teams that keep the company on the cutting-edge of the ERP security industry. Juan is responsible for the design, research, and development of the innovative Onapsis software solutions Onapsis X1 ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
7/22/2014 | 12:22:45 PM
ERP Security
Most businesses do not consider security seriously until something goes wrong. Often even the most basic procedures are not followed allowing unauthorised access e.g. disabling user accounts when staff leave. I sincerely believe that many companies do not even realise that their security has been compromised.


IMS can provide a full security audit of the AS400 covering:


·         Review of IBM user authority

·         Review of old unused accounts – disable/delete if not required

·         Review of disabled accounts

·         Review of System 21 authority

·         PTF levels

·         Disc utilisation

·         Check Back Ups are covering all bespoke work and data


We then provide a written report of what we find along with our recommendations. If required, we can also assist in the implementation of any agreed improvements.

By doing this at least a client has some peace of mind that they have done everything possible to reduce the risk of a security breach and they have a report to show what has been done. Most of what we find wrong is only common sense but security is never at the top of a 'to do' list in IT.
More Commentary
5 Tips to Save the Wall Street Datacenter
Though cloud computing and SaaS are all the rage, there is still a need for proprietary Wall Street datacenters, as long as they are run efficiently.
Preventive Measures for Post-Interview Anxiety
Most professionals leave interviews thinking that it went well, and then they wait... and wait. The Caring Recruiter has a cure for the typical post-interview trauma.
Leaving Out the Welcome Mat for Financial Services Hackers
Everyone knows the financial services industry is a prime target for hackers. Despite the dangers, many applications have software vulnerabilities that expose real risks.
4 Surprising Ways Firms Think About Data Security Costs
Almost 28% of firms are willing to bear the cost of some financial losses due to cybercrime, because it's less than the cost of upgrading IT systems.
CIO + CFO Doesn’t Equal Mars Vs. Venus
From my decades of experience, CIOs and CFOs have more in common than you may think.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - July 2014
In addition to regular audits, the SEC will start to scrutinize the cyber-security preparedness of market participants.