The Security Challenges of Moving ERP to the Cloud

Enterprise resource planning software is a business-critical application for many organizations, and when moving to the cloud from on-premises deployments, there are some key security concerns that need to be considered, according to a study from the Cloud Security Alliance. The CSA study, titled Enterprise Resource Planning (ERP) Applications and Cloud Adoption, was sponsored by Onapsis and released on Jan. 11. The study found that 69 percent of organizations are moving data for popular ERP platforms including SAP and Oracle to the cloud. While many organizations are moving ERP to the cloud, the study also found a number of misconceptions about security. "Given the complexity of ERP applications, we still see organizations focusing their ERP security strategy in foundational security such as IAM [Identity and Access Management], GRC [Governance Risk and Compliance] and SoD [Segregation of Duties]," JP Perez-Etchegoyen, Onapsis CTO and CSA ERP Security Working Group chair, told eWEEK. "But security must be addressed holistically, and it should consider other aspects such as ERP customizations, ERP configurations, ERP monitoring, ERP integrations, ERP vulnerabilities and other ERP risks."