Security

03:01 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

The Frontline Value of ERP security

The critical nature of the business process systems means that when it comes to safeguarding, ERP often merits a bit more care.

A specialist system that secures enterprise resource planning (ERP) systems from cyber attack doesn’t just aim to provide bulletproof protection and peace of mind for business owners. It also makes life much simpler and reassuring for IT professionals.

Large organizations heavily rely on ERP systems and its applications to automate and improve functions across the organization, from human resources to product development and sales.

Implementing security measures to detect and mitigate vulnerabilities in ERP systems that would otherwise expose sensitive business information to malicious intruders eventually should be a no-brainer in the boardroom. That’s because these precautions enable IT departments to automatically enforce external and internal compliance requirements, protect against the very latest insider threats and external hacks, drastically reduce audit costs, and enhance the security awareness and skills of all IT staff.

Left unchecked, the same ERP applications that reduced data complexity for business owners might easily present a comprehensive picture of business performance to malicious external or internal threats.

Without specialized ERP security in place, IT teams face a constant battle to proactively maintain defenses in the face of evolving threats. Implications for business productivity and reputation include data compromise, financial losses, and regulatory censure. Despite leading ERP developers like SAP and Oracle working hard to build security functions into their app suites, no system truly arrives "secure out-of-the-box." On the frontline then, it is the IT departments that must learn vendor security best-practices, partner with certified systems integrators, and then help to convince and train end-users to buy in to fresh security practices. ERP deployment is very complex and highly individual to each business -- which is why it is time for security managers to accept some specialist help.
 
The raw truth is that it can sometimes be hard to see the detailed fissures of the coalface from way up in the boardroom. Few business owners are aware of the security issues surrounding ERP until they have been presented with the data risks by an IT professional and heard how they rapidly translate into business risk. The nuts and bolts of data security in isolation are unlikely to convince business owners of investment, but they will soon come to understand and face the reality that their financial systems, supply chain visibility, HR resources, and entire business reputation could already be under barrage.
 
Holistic ERP protection demands a fundamental understanding of changing business practices amid an evolving landscape of potential threats -- and it also requires both technical and business professionals understand what is really at stake. Savvy security managers must push remorselessly for professional consulting services, new training and specialist ERP security software to proactively deal with this unacceptable business exposure. As is often the way, although IT investment must be sanctioned from the top, the action generally needs to be kick-started by the IT pros in the basement. Only once the IT department makes the whole business risk-aware will innovative security measures designed specifically to protect ERP systems be acquired and deployed.
 
Sadly it is also a fact that when an IT professional does detect fresh security vulnerabilities in their ERP, it is highly likely that they’re not the only person to do so, and those other parties are far more likely to have malicious intent in mind. That is why it is absolutely vital to heed security warnings from the frontline -- and protect ERP, ASAP.

Juan Perez-Etchegoyen is the CTO of Onapsis, leading the Research & Development teams that keep the company on the cutting-edge of the ERP security industry. Juan is responsible for the design, research, and development of the innovative Onapsis software solutions Onapsis X1 ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
IMSolutions
50%
50%
IMSolutions,
User Rank: Apprentice
7/22/2014 | 12:22:45 PM
ERP Security
Most businesses do not consider security seriously until something goes wrong. Often even the most basic procedures are not followed allowing unauthorised access e.g. disabling user accounts when staff leave. I sincerely believe that many companies do not even realise that their security has been compromised.

 

IMS can provide a full security audit of the AS400 covering:

 

·         Review of IBM user authority

·         Review of old unused accounts – disable/delete if not required

·         Review of disabled accounts

·         Review of System 21 authority

·         PTF levels

·         Disc utilisation

·         Check Back Ups are covering all bespoke work and data

 

We then provide a written report of what we find along with our recommendations. If required, we can also assist in the implementation of any agreed improvements.

By doing this at least a client has some peace of mind that they have done everything possible to reduce the risk of a security breach and they have a report to show what has been done. Most of what we find wrong is only common sense but security is never at the top of a 'to do' list in IT.
More Commentary
Why Settle for Less in the Front Office?
Recent research shows that sell-side firms are less than satisfied with their order management system (OMS) technology. Many front offices, however, continue to make do with their current solutions. Are they selling themselves short?
BYOD Policy: Don't Reinvent the Wheel
Financial firms still feel overwhelmed by BYOD risks and challenges. But these can be addressed by a good policy, and the guidelines are already out there.
The BYOD Challenge
Having a policy in place to manage mobile devices used by employees for work purposes is necessary in this current day.
Getting Onboarding Right in the Age of the Customer
Disparate “Frankenstein” systems slow down the onboarding process and impede customer service, says Pegasystems.
Performance Monitoring Key to Smooth Infrastructure Modernization
As banks consider how to shift infrastructure and storage solutions, they can’t afford to lose visibility into performance.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - July 2014
In addition to regular audits, the SEC will start to scrutinize the cyber-security preparedness of market participants.
Video