A major concern for clients, customers, and businesses with enterprise resource planning (ERP) has been the security of their data. Many people have doubts regarding data security in the cloud version as well. Generally speaking, during ERP implementation, clients tend focus more on prioritisation of activities, core ERP functionalities, deadlines and financial constraints. The security aspect somehow gets lost in the milieu of cacophony.
According to global IT research firm Gartner, “Enterprises should consider the overall set of security functions and controls that permeate the entire environment that will be running trusted transactions.”
Putting a finger at why, according to a survey conducted by Deskera, a global leader in cloud-based ERP, around 55% organisations do not configure ERP for maintaining audit logs since they worry about degradation in performance. In a tussle between performance and security, it is usually the former which walks away the winner.
Kinds Of Security Risks For Organisations Implementing ERP
Organisations face three kinds of risks as far as ERP is concerned:
Unauthorised access: ERP software generally comes with a set of standard roles which are allocated to users on the basis of their functional tasks in the organisation. Consequently, clients plug in user-based controls and limit a user’s software access on the basis of their customisation and authorisation level. For example, an accounts clerk would not possess access to the inventory management module in the ERP. However, there is a risk of users creating fraudulent transactions, making unapproved updates, or submitting entries with transaction errors that are preventable.
The second risk could be noncompliance with security or regulatory requirements.
The third security issue arises when all of a client’s needs is not met by the ERP as they didn’t accurately report their requirements to the ERP vendors, thus to make up for their absent functionalities they end up using other software which may have security issues of their own.
Loopholes During Implementation Responsible For Security Loopholes
It is only when serious security breaches occur after the ERP system has been set into motion that businesses and individuals start to take note of it. Omissions and commissions made during implementation are usually responsible for potential security risks.
The scenario may lead to companies having to make corrections after they have gone live, which is a tedious, expensive and disruptive process that could result in bottlenecks and loss of productivity. Moreover, a compromised ERP system as far as security is concerned can eventually lead to operational hurdles, data privacy issues, and fraud.
Uninterrupted Monitoring Is The Solution
ERP vendors, as well as clients, need to adopt a 360-degree approach as far as security and controls are concerned. They need to focus on specific client requirements and manage risks by devising strategies aimed at protecting integrity, confidentiality of information, and accessibility. The approach should be to focus on risk minimisation during the implementation period itself and avoid expensive rework. With an increasing number of users and progressively more complex and integrated information systems, new levels of transaction-level security would be required.
But above everything else, the concept of continuous transaction has to be weaved into the ERP software so that irregular or fraudulent transactions are identified and errors prevented.