Despite all the innovative efforts and developments in cloud, the target user group often lacks the necessary information to decide on a solution (e.g. a ERP system) from the cloud. Often these are issues that revolve, for example, around the extent to which customised configurations of the applications are possible. Mostly, however, it is about the security of the company's data. The image of data being processed somewhere far out in a cloud makes most people cringe. How can data security be guaranteed for ERP from the cloud?
What matters in a legally compliant cloud service
The almost most important criterion for a cloud solution with regard to the data protection is compliance with EU directives. All data that provide personal or factual information about a person or can be assigned to a person with the corresponding effort are protected. Furthermore, the disclosure of such data by a company to third parties is subject to permission. Since this permission is usually not given, the disclosure can be justified, for example, if it concerns Order data processing acts.
In the case of cloud use, too, this is usually commissioned data processing. Here, however, the cloud provider becomes part of the company, which is why no transfer of data takes place from a legal perspective. Thus, the user of the cloud remains responsible for the handling of the data. However, the cloud user often does not even know where exactly his data is stored. This lack of knowledge can be remedied by appropriate monitoring or reporting tools.
However, it is best to regulate the responsibility for the data contractually. In particular, the legal contents should be regulated. It is also important that cloud providers only do business in the European Economic Area, i.e. that no data is transferred across borders. There are exceptions for transfers with an adequate level of data protection. For this, however, a provider must be part of the Safe Harbour agreement. In this way, a transfer of data abroad can be made possible.
The safeguard : Service Level Agreements for ERP from the Cloud
Another way to protect yourself as a Clous user are the Service Level Agreements (SLAs). These can be included in the user contract or added as an annex.
Included in the SLAs is the exact duration of the contract, including the notice periods and the type and scope of the services to be provided. In addition, the "service levels" are defined. These are, for example, the response time, adherence to deadlines and availability. Furthermore, the measurement criteria, procedures and intervals for the service levels are defined.
Last but not least, the consequences for SLA "breach of contract" are also listed.
In addition to security, it is an advantage for small and medium-sized companies to use cloud solutions. While large companies usually have their own data centre to protect them in the event of security threats, smaller companies are not equipped accordingly - if only because of their financial resources. However, the IT infrastructure of a good cloud provider should always be up to date - simply because of the high demand for security.