As SAP and some other vendors are forcing users of ERP software systems into the vendor’s proprietary cloud, a significant percentage of the world’s Chief Information Officers are concerned about the security of the data being stored there
That’s one of the main takeaways from a survey conducted by KMPG and Oracle that was released in mid-May during the height of the pandemic in the United States. As a result, many executives may have missed it as they focused on the security and safety of their families.
Of course, it’s not only ERP security that concerns technology heads but for all of their information that is in the cloud. It’s just that, for many private sector businesses and public sector organizations, ERP contains a huge amount of information that is concentrated in one place covering many functions in the company. The global study also found that CIO’s are concerned about how their organizations are taking a mixed, often confusing approach to data security.
(We highlighted some of the growing security and other issues surrounding migrating ERP to the cloud as far back as September, 2019.)
Multiple Security Systems
The hodge-podge approach to security in ERP software systems is just one of the things that is keeping technology chiefs awake at night.
- Some 78-percent of respondents said they used more than 50 discrete cybersecurity products to protect their data and nearly four-in-10 use a whoipping 100 or more, leaving them concerned about how they do – or do not – work together.
- Organizations that uncovered misconfigured cloud services experienced 10 or more data loss incidents in the previous 12 months.
- A mere 8-percent of those surveyed fully understand the shared security responsibility for data stored in the cloud, unsure about what is their obligation to protect and what the cloud provider oversees.
Many organizations responded to the stay-at-home orders that found everybody working remotely by accelerating moving both workloads and data to the cloud. But in doing so, it revealed to CIO’s current vulnerabilities and created new ones in the protocols governing their systems.
Yet despite this, 92-percent do not believe their organization is well prepared to secure data in public cloud services. But 80-percent take some comfort in reporting that news of data breaches at other businesses increases their organization’s focus on securing the data in ERP software systems and other technology. Nearly nine-out-of-10 believe that artificial intelligence and machine learning will help improve cloud data security.
Tightening ERP and Cloud Data Security
Many heads of technology worry that the corner office turns its attention to data security only after there is a problem. It seems to take a rush of breaches and data leaks, usually reported in the news media, to attract the attention of the C-suite even though it is a management issue that needs to be discussed and reviewed on an ongoing basis at the board level.
As a result, some 69-percent of CIO’s responding to the survey complain that their CEO and Chief Information Security Officer – if the organization has one – get involved in public cloud projects only after a cybersecurity incident.
Many of the issues and concerns uncovered in the study can be addressed in the contract for cloud services, whether it involves migrating ERP or some other data-rich piece of technology. We have spent our career focusing on all aspects of ERP software system contracts and protecting the security of the treasure trove of data they hold.
As one example, a well-crafted cloud contract will specify the responsibilities of the user and the cloud provider. Not only does this eliminate the confusion many CIO’s expressed in the survey, if there is a data incident each side will know who to hold accountable for the problem.
If you want to discuss your situation, whether you are an executive of a private business or a senior technology manager in a public sector organization, feel free to contact us. We will be happy to share what we know along with what you need to include in negotiating a cloud contract.