the Log4Shell crisis has raised awareness: Companies need to pay more and more attention to ERP security. ERP software is now just one part of a highly networked information system that is increasingly being moved to the cloud. At the same time, attacks of all kinds on these structures are on the rise.
Increasing security requirements for ERP systems
When it comes to the topic of security, experts point out that the safeguarding of ERP systems is not automatically synonymous with general IT security. Often, specific vulnerabilities of ERP systems need to be considered.
At the same time, these experts assume that attacks on ERP installations will increase sharply, which is not least due to the increasing shift of business software into the cloud to do.
The Covid-19 pandemic can also be seen as an accelerator. The widespread relocation of many workplaces to the home office has forced many companies to establish new structures that are often vulnerable to cybercrime.
Increasing learning curve of the attackers
Not long ago, attackers focused on vulnerabilities in IT infrastructure. Cyberattacks became increasingly automated, and the corresponding expertise was made available in the form of tools and information for the „market.“.
The possibilities of utilising the gateways of ERP and other business software are now becoming increasingly known and widespread. The increasing networking and integration widely distributed systems of different participants seems to be ideally suited for this. The increasing dialogue capability of the systems is both a blessing and a curse. Often more of a curse than a blessing from a security perspective.
Security know-how of the administrators
ERP security is a special service for medium-sized companies. staff dependent problem. The people responsible for IT security often do not have the necessary knowledge of ERP systems. In the past, it was enough to take care of the compartmentalisation of the infrastructure and prevent the emergence of shadow IT in the company. Today, the danger increasingly lies in the business software itself. In order to be able to act here, however, detailed knowledge of the functions of the ERP software landscape is required.
At the same time, ERP administrators are often not aware of IT security issues. Sometimes the relevant departments operate completely in parallel. Such structures invite attackers to seek out and exploit any gaps that arise.
Complex safety requirements
The mix of knowledge that needs to be utilised in an integrated security strategy is challenging. You need expertise in ERP databases and their application-specific features. Knowledge of the various options for integrating different applications through to web and cloud services is also required.
ERP-specific security measures often include the control of user access. This involves more than just user administration. The security requirements for ERP systems have become increasingly complex due to integration with other systems or applications.
The Cloud Security Paradox
However, integration is not the only reason for the complexity. The growth of e-commerce and the desire of providers to migrate ERP customers to the cloud are also drivers of multi-layered structures that are difficult to control.
However, one realisation has become increasingly widespread: Migrating an ERP system to the cloud does not necessarily make such a system less secure; on the contrary, it makes it more secure. Cloud providers are better able to deal with security requirements than their customers. This is particularly true when it comes to specialised cloud providers who not only provide a kind of extended hosting service, but also application expertise.
Simple Identity and Authentication Management
Security alarm for ERP systems
Log4Shell (Log4j gap) & SAP Business One
Two-factor authentication for MariProject
Data secure in the cloud
