ERP Cloud Security Risk Is Real.jpg

Cloud-based ERP solutions are not immune to fraud, cyber-breaches, or weak controls which are all serious threats to modern organizations. One core issue facing CFOs is understanding their role in Cloud ERP security i.e., ensuring that their organization minimizes the vulnerabilities of cloud-based platforms (which contain their most sensitive data), while still taking full advantage of the flexibility and visibility of the cloud.

  • 71% of executives are concerned about moving finance and human resource applications to a cloud ERP platform.
  • 17% of organizations have had a cyber-breach associated with their ERP solution.
  • 75% of executives plan to allocate 3% to 10% of the total cost of a future cloud ERP implementation to security.

Compliance is another issue on the radar when it comes to cloud ERP adoption. Auditors are enacting their financial auditing approach and frameworks to support the unique risk profile of cloud hosting, and organizations need to ensure that the compliance aspect of cloud-based ERP solutions is being handled appropriately.

Lastly, in some instances moving to the cloud can also heighten user frustration. Users are accustomed to using mobile and cloud-based technologies at home and may have a negative reaction to overly restrictive cloud security solutions, so finding the appropriate risk and enablement balance is key to the success of a cloud ERP solution.

How does the risk surrounding cloud ERP differ from off-premise solutions?

The movement of financial and HR data to the cloud creates new risks related to anywhere, anytime, any device access. Business and IT leaders need to fully understand the cloud shared-responsibility model requirements related to security and compliance, and allocate appropriate budgets for cloud security and controls. To meet client needs, major ERP vendors have very potent security, audit, and conformity frameworks in place, but each organization has to build a controls-in-depth solution to align the end-to-end application and cyber-security and compliance components.