While properly handled make unclear storage for ERP is at least as secure as on-premises ERP, the key phrase is properly handled.
If you choose to use cloud-based ERP you are trusting your valuable data to someone else's security. While the SaaS vendor takes responsibility for security, it is still your data and you need to make sure that it is properly secured. It's important that you do your due diligence when trusting your ERP system to someone else.
A lot of people have the idea that if the information is stored in the cloud it is automatically safe as well as secure. This is a dangerous fallacy. While your data can be extensively protected in the cloud this isn't automatic. It depends entirely on the policies and measures applied to the data in the cloud.
The hard fact is that some cloud vendors are lax about data security. It's important that you check this and other issues out before committing to a cloud vendor.
Here are some things to check on with your cloud vendor.
Is your data encrypted? This is a key part of information security. Your data should be encrypted not only when it is moving over the web, but also when it is stored.
The encryption should subsist up to date and there should be additional safeguards to make sure your data isn't compromised.
What's the backup plan for the data? Ideally, it will be backed up several times a day with copies stored off-site. There should also be additional safeguards to make sure your data isn't lost in the event of an incident.
Who has access to your data? Theoretically, no one but your people and a select few of the vendor's employees should be able to access your data.
Is your cloud storage area shared or private? Obviously, private is better.
The vendor's employees should be properly trained in handling ERP data, including training in understanding and privacy. The training should be ongoing.
Who holds the exclusive rights on your material? Make sure you understand this before you sign a contract. You want to be the sole holder of the copyrights on your information.
What are the physical security arrangements? Ideally, the vendor's data center should be physically secure with features such as limited access and multiple layers of the physical sanctuary, such as locked doors, as well as access controls which strictly limit who can access the site.
A data center should be much more physically secure than an ordinary office or server room. Again, check to make sure.
Are the vendor's people bonded? This isn't always done, but it is a useful feature.
What are the firewall arrangements? In addition to site-level firewalls, you can also have firewalls on your storeroom space and applications.
How are updates to the system handled? There should be security measures in place to prevent inserting malicious code during an upgrade.
Are you notified when security policies change? You should be kept up to date on modifications to the safekeeping policies.
Checking on vendor security doesn't have to be difficult and it only needs to be done uncommonly. But before you commit to a cloud vendor it is important that you find out the answers to these questions.