Most companies have come to rely on the information found in their ERP systems to help automate and improve on business processes and functions across their organization. Yet it is this stockpile of information that presents one of the biggest threats to a successful ERP implementation because if you fail to secure this data your company could find itself facing legal fees, regulatory fines and irreparable damage to your reputation.
Of course, if you take the steps to properly secure all of the layers of your ERP solution you greatly reduce this risk. But just what makes up all of those layers?
Failure to secure
Many assume the responsibility of security falls on the vendor’s shoulders. There is a misconception that if they produce software where vulnerabilities exist, then it is not the buyer’s fault. This mentality, however, was disputed even back in the Roman Empire when the contract law of caveat emptor (let the buyer beware) spoke to the fact that the buyer typically has less information than the rosy picture the vendor is painting for them. Such is the case with software. Many vendors do not highlight the vulnerabilities that exist within their applications when they are in the process of making a sale.
The multiple layers that make up an ERP solution also puts the burden of security on the implementation team because the threat landscape does not consist of the software alone. Since your vendor has absolutely no control over anything other than the application they hand to you, you had better believe that if your data is compromised that people will look to see what steps were made to ensure that the implementation of your software included a security review.
The ERP solution as a whole
No software is secure out of the box; in fact in most cases you are installing a product that is already in need of patches and updates. When you first begin planning your ERP implementation you look at several components that will touch this project. Included in this is the network infrastructure, server hardware, operating systems, the software itself and the end-user. Each one of these factors also have unique security risks associated with them. According to the Open Web Application Security Project (OWASP) there are five different layers that make up the overall security of enterprise applications:
- Network architecture security
- OS security
- Database security
- Application security
- Front-end security
The vulnerabilities associated with each of these five components are outlined on the OWASP site as well to serve as a checklist for those tasked with securing these applications and data.
To keep the data under your control safe from attackers you need to involve people who are aware of the threats that ERP solutions face and the vulnerabilities known to exist within the software you are using. It is also important to make sure that any parts of your infrastructure that work with your ERP system are checked with regular penetration testing to see if there are any vulnerabilities that attackers may be able to exploit.
The post Risks Associated with ERP Implementations – Security appeared first on Merit Solutions.