Despite all the innovative endeavours and developments in the cloud, the target user group often lacks the necessary information to decide on a solution (e.g. a ERP system) from the cloud. These are often issues that revolve around the extent to which customised configurations of the applications are possible, for example. Mostly, however, it is about the security of company data. The image of data being processed somewhere far out in the cloud makes most people shy away. How can data security be guaranteed for ERP from the cloud?
What matters in a legally compliant cloud service
Almost the most important criterion for a cloud solution in terms of the data protection is compliance with EU directives. All data that provides personal or factual information about a person or can be assigned to a person with appropriate effort is protected. Furthermore, the disclosure of such data by a company to third parties is subject to authorisation. As this authorisation is usually not given, the disclosure can be justified, for example, if it concerns Order data processing acts.
Cloud use is also normally considered commissioned data processing. In this case, however, the cloud provider becomes part of the company, which is why no data is transferred from a legal perspective. This means that the cloud user remains responsible for how the data is handled. However, cloud users are often unaware of exactly where their data is stored. However, this ignorance can be remedied by using appropriate monitoring or reporting tools.
However, it is best to contractually regulate the responsibility for the data. In particular, the legal content should be regulated. It is also important that cloud providers only do business in the European Economic Area, i.e. that no data is transferred across borders. There are exceptions for transfers with an appropriate level of data protection. However, a provider must be part of the Safe Harbour Agreement. This makes it possible to transfer data abroad.
The safeguard: Service Level Agreements for ERP from the cloud
Service Level Agreements (SLAs) are another way for Clous users to protect themselves. These can be included in the licence agreement or added as an attachment.
Included in the SLAThis includes the precise contract duration, notice periods, and the type and scope of services to be provided. Furthermore, the „Service Levels“ are defined. This includes, for example, reaction times, adherence to deadlines, and availability. Additionally, the measurement criteria, methods, and intervals for the Service Levels are specified.
Finally, the consequences of SLA „contract breaches“ are also listed.
In addition to security, it is an advantage for small and medium-sized companies in particular to use cloud solutions when it comes to security. While large companies usually have their own data centre to protect them in the event of security threats, smaller companies are not equipped accordingly, if only due to their financial resources. However, the IT infrastructure of a good cloud provider should always be up to date - simply because of the high demand for security.
Is SAP Business One Cloud Software?
The other SAP cloud
SAP Business ByDesign vs SAP S/4HANA Cloud
SAP Business One Cloud Migration Costs
Data secure in the cloud
