It’s hard to anticipate the success of an ERP implementation even when care is taken to properly plan your project and vet any solutions before you purchase them. One of the variables that make predicting the success of your implementation is security. When it comes to ERP solutions, there are a number of possible points where security could fail causing sensitive and confidential data to fall in to the wrong hands. And when it comes to security, there are some things that are out of your control however there are risks that you have power over and those need to be addressed.
Data handling
Your ERP solution generates quite a bit of data, and a great deal of it could be considered sensitive or confidential. Of course you need to store all of that data somewhere and it needs to travel between your computer/device and the server it is housed in. This provides someone intent on stealing information multiple points of attack. They can probe the server that stores your data for vulnerabilities (this includes the operating system, database software, server configuration, etc.), they can look to exploit weakness in the network that the data travels across, they may find a vulnerability in the application itself or they could try to compromise the end-user and the computer they are working on.
Part of your implementation planning must include strategies for safeguarding data from these multiple attack points. Making sure that the right technical controls are in place help prevent a number of attacks, but a well trained workforce will fill in any gaps.
Software updates
Meeting consumer demands often means software is rushed to market with flaws that are later patched, as they are exposed, by updates. These updates may fix anything from a usability bug to a serious security vulnerability. When it comes to your ERP solution, you need to manage two important aspects when it comes to software updates. First, you need to make sure that your licensing is active to receive any software updates. Many times a company can trace a data breach back to unpatched software because a license subscription ran out. Second, you need to make sure that someone manages the software and their job included testing and applying updates as they are released.
Bring your own device
Most companies have put a bring your own device (BYOD) policy into place out of necessity because they need to control how personal mobile devices like smart phones and tablets access company resources. Make sure you take this into consideration when planning your ERP project. If your solution allows for mobile access, which many do, you need to let your security team know that this is a possibility so that end-point security addresses your ERP solution and their policies can be updated as well.
The amount of data your ERP solution deals with makes it a target for serious threat actors. Whether they are after customer information, financial data or even intellectual property if you slip and leave your ERP solution unprotected you can be assured that the project will be considered a failure if it suffers a severe data breach.
The post Security and ERP Success appeared first on Merit Solutions.