Applications, systems, and data have become easier to relocate into the cloud. Rising cloud deployment rates are bringing with them a plethora of benefits – from decreased administrative challenges and reduced capital expenditure, to a shift in security burdens. However, CIOs still need to be concerned about cloud security so much so that it is essential that procedures are in place to avoid version lag and threats from new updates.
Cloud ERP opportunities and obstacles
If cloud deployments are correctly configured and an ‘evergreen’ approach to updates is adopted, not only do organizations gain cost and efficiency benefits, but they can also provide tightened security patches, and regular bug fixes, as standard parts of their ability to deliver continuous improvements.
The Software-as-a-Service (SaaS) cloud model is a highly respected replacement for businesses still using the ‘traditional’ on-premise system – as it helps reduce the update and security burden on heavily pressured in-house IT departments. Cloud ERP solutions now come with an army of dedicated staff working 24x7 to ensure the SaaS solution remains secure.
Chris Clifford is Principal Security Architect at Columbus UK.
An ‘evergreen’ approach will help bypass version lag
The Microsoft ‘evergreen’ approach to keeping ERP systems updated, whereby patches are automatically applied on a regular scheduled basis, is a major shift from previous approaches to updates held by IT departments. Once deployed and customized to be fully functional, many businesses avoid ‘rocking the boat’ with updates or patches – often leading to a significantly outdated version.
With an ‘evergreen’ approach, businesses will no longer need to be concerned about using versions of software with limited functionalities or security vulnerabilities. Cloud ERP will constantly run in the background, updating to the latest supported and security-patched version to keep on top of all updates.
Decision time: old software or operational disruption?
Cloud ERP systems can be a double-edged sword in some terms. One side secures systems from a cybersecurity perspective and on the other side updates can’t be tested by ERP providers in every business environment, so there’s the low-lying risk of operational disruption when new updates are released or applied. With IT resources already stretched, many businesses do not have the time to read the update notes, making it difficult to decide if the update is worth the downtime and disruption on the user end.
To ensure there's no unexpected threats to day-to-day operations and business continuity, getting support from a managed service provider alongside testing patch updates on critical processes prior to deployment will be vital – a task that is increasingly being automated to ease the manual burden.
Managed service providers can also help to eliminate the back-and-forth between separate providers, a proactive approach that will result in less operational downtime. It also allows companies to maximize the ROI of their ERP system without the need for heavy involvement from internal IT teams.
Human error happens but training and application security can reduce them
Crucial business systems are often compromised due to end-user mishaps, for example the 2021 ransomware attack on the Irish public health system was caused by an end user clicking on an infected email. Cloud became even more highly sought after, as Covid forced more staff to work remotely, due to cost saving and accessibility benefits. However, this led to an increase in cyber-vulnerabilities with corporate devices being connected to personal networks with poor security. As a result, end-user training on cybersecurity was high on the agenda for many businesses – as well as application security.
A granular approach to security means that when one account is compromised it will not affect the users access to systems and data, when configured correctly this will span across the whole organization. Cloud deployment means that if one user account goes down the whole organization, won’t go down to. Unlike for businesses using an on-premise ERP system where if one users account is attacked other critical operational applications such as factory floor or financial systems are also impacted.
Cloud ERP is not a fix all solution
An ‘evergreen’ cloud IT strategy overseen by an MSP will ensure businesses avoid pockets of disruption, reduce IT burden, offload the upkeep of cloud systems, and protect against cybersecurity threats. Organizations can now exploit the benefits of cloud to achieve new efficiencies and futureproof operations – while resolving security challenges swiftly and effectively.
