Security

03:01 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

The Frontline Value of ERP security

The critical nature of the business process systems means that when it comes to safeguarding, ERP often merits a bit more care.

A specialist system that secures enterprise resource planning (ERP) systems from cyber attack doesn’t just aim to provide bulletproof protection and peace of mind for business owners. It also makes life much simpler and reassuring for IT professionals.

Large organizations heavily rely on ERP systems and its applications to automate and improve functions across the organization, from human resources to product development and sales.

Implementing security measures to detect and mitigate vulnerabilities in ERP systems that would otherwise expose sensitive business information to malicious intruders eventually should be a no-brainer in the boardroom. That’s because these precautions enable IT departments to automatically enforce external and internal compliance requirements, protect against the very latest insider threats and external hacks, drastically reduce audit costs, and enhance the security awareness and skills of all IT staff.

Left unchecked, the same ERP applications that reduced data complexity for business owners might easily present a comprehensive picture of business performance to malicious external or internal threats.

Without specialized ERP security in place, IT teams face a constant battle to proactively maintain defenses in the face of evolving threats. Implications for business productivity and reputation include data compromise, financial losses, and regulatory censure. Despite leading ERP developers like SAP and Oracle working hard to build security functions into their app suites, no system truly arrives "secure out-of-the-box." On the frontline then, it is the IT departments that must learn vendor security best-practices, partner with certified systems integrators, and then help to convince and train end-users to buy in to fresh security practices. ERP deployment is very complex and highly individual to each business -- which is why it is time for security managers to accept some specialist help.
 
The raw truth is that it can sometimes be hard to see the detailed fissures of the coalface from way up in the boardroom. Few business owners are aware of the security issues surrounding ERP until they have been presented with the data risks by an IT professional and heard how they rapidly translate into business risk. The nuts and bolts of data security in isolation are unlikely to convince business owners of investment, but they will soon come to understand and face the reality that their financial systems, supply chain visibility, HR resources, and entire business reputation could already be under barrage.
 
Holistic ERP protection demands a fundamental understanding of changing business practices amid an evolving landscape of potential threats -- and it also requires both technical and business professionals understand what is really at stake. Savvy security managers must push remorselessly for professional consulting services, new training and specialist ERP security software to proactively deal with this unacceptable business exposure. As is often the way, although IT investment must be sanctioned from the top, the action generally needs to be kick-started by the IT pros in the basement. Only once the IT department makes the whole business risk-aware will innovative security measures designed specifically to protect ERP systems be acquired and deployed.
 
Sadly it is also a fact that when an IT professional does detect fresh security vulnerabilities in their ERP, it is highly likely that they’re not the only person to do so, and those other parties are far more likely to have malicious intent in mind. That is why it is absolutely vital to heed security warnings from the frontline -- and protect ERP, ASAP.

Juan Perez-Etchegoyen is the CTO of Onapsis, leading the Research & Development teams that keep the company on the cutting-edge of the ERP security industry. Juan is responsible for the design, research, and development of the innovative Onapsis software solutions Onapsis X1 ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
IMSolutions
50%
50%
IMSolutions,
User Rank: Apprentice
7/22/2014 | 12:22:45 PM
ERP Security
Most businesses do not consider security seriously until something goes wrong. Often even the most basic procedures are not followed allowing unauthorised access e.g. disabling user accounts when staff leave. I sincerely believe that many companies do not even realise that their security has been compromised.

 

IMS can provide a full security audit of the AS400 covering:

 

·         Review of IBM user authority

·         Review of old unused accounts – disable/delete if not required

·         Review of disabled accounts

·         Review of System 21 authority

·         PTF levels

·         Disc utilisation

·         Check Back Ups are covering all bespoke work and data

 

We then provide a written report of what we find along with our recommendations. If required, we can also assist in the implementation of any agreed improvements.

By doing this at least a client has some peace of mind that they have done everything possible to reduce the risk of a security breach and they have a report to show what has been done. Most of what we find wrong is only common sense but security is never at the top of a 'to do' list in IT.
More Commentary
One Size Fits Nobody in End User Services
How building profiles from employees' roles and behaviors can help optimize your end user services.
'Enlightened' Non-IT Execs More Likely To Run Secure Organization
Do senior executives understand their role in data security? On the whole, unsurprisingly, no.
No Screwups, Please, We’re Banks
Changing a bank's culture is not going to happen overnight, but having the right tools and levers in house will surely make a big difference over time.
You’re Doing BYOD Wrong: These Numbers Prove It
Almost 40% of users who connect personal mobile devices to corporate networks have no lock-screen mechanism set in place.
Citibank Brazil Deploys Award-Winning BPM Solution: Now What?
Citibank Brazil automated commercial customer onboarding and reduced cycle time by 70%. But how can a global organization harness the successes of its islands of solutions?
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video