How safe are cloud-based ERP solutions?

Flexibility, innovation and cost reduction are the cornerstones of a successful business. So many companies – but not all – migrate their ERP to the cloud. However, for some organizations, cloud security remains a foggy business. Is this justified, and what should be considered for a safe migration?

Almost everyone these days uses some form of private cloud service, and they’re becoming increasingly popular in the business world as well. According to research and advisory firm Gartner, at least 75 percent^[1] of all organizations will use some form of cloud service in 2017. Start-up costs are often minimized by outsourcing infrastructure and management.  Because you only pay for what you use in the cloud, no hardware needs to be purchased for occasional peak loads. Computing power, network connections, virtual servers and storage can be instantly added with a few mouse clicks. It’s also much faster to roll out new services in the cloud than in an on-premise environment. Despite these advantages, not all companies have yet switched to the cloud.

Remaining in control

Some companies do not want to store any of their data off-premise on principle. Fear of losing control – whether justified or not – plays a big role in this regard. Many people worry about where their data and apps are stored in the cloud, and whether unauthorized parties can access it. This is one reason some companies keep all their data on-premise. In these companies, you can only log in from an office connected to their own network. Other companies choose a private cloud solution. The virtual infrastructure is hosted on-site or at a cloud provider. The environment is fully protected. Others opt for public cloud solutions. In these products, the servers, network, and storage are virtualized and shared with other users at a cloud provider.

Outsourcing your security is easier than you think

Managing security is specialist work. Only the largest companies can afford to do this themselves, since they have the resources to employ an entire department of security specialists. Most companies outsource their IT security requirements. The company handling their IT security must have extensive knowledge of infrastructure, routing, network topologies, VPNs, and more. Moving applications and data to a cloud provider is often easier than expected.

Checklist to select the most secure cloud provider

If an organization wishes to migrate to the cloud it is essential to select a cloud provider that matches its scale and strategy. The following checklist can help to make the right choice:

• How flexible is the contract in the event of growth, shrinkage, or termination? Is there an exit strategy?
• Is the data physically stored in a country that is compliant with the legal frameworks of the company?
• Do services need to be rolled out globally? If so, a global provider might sometimes be a better choice.
• Does the cloud provider have the security certificates that match the security requirements of the business?
• What is the uptime of the service? An uptime of 100% is usually never guaranteed. Remember that an uptime of 99.95% means that an application will be unavailable for nearly 4.5 hours per year.
• How long will it take to contact a help desk and what questions can they help with? Some providers will require customers to install and configure their own virtual servers, connections, and firewalls, while other providers will help with this. There are also more and more brokers offering cloud IT services these days. This may be necessary because cloud computing requires different skills than traditional IT management.
• Can the cloud provider handle all the tools that are being migrated? Not all applications are suitable for the cloud.
• Templates are reusable and deliver predictable results. For example, Oracle Optimized Solutions has several templates that will make migration go smoothly and safely.
• If the option exists, it may be safer to use a private physical connection instead of a connection via an online VPN. Performance using a private connection is also more stable.
• Even if a company chooses outsourced virtual infrastructure (IaaS), or Platform as a Service (PaaS), it will still need a security specialist who knows how to use the system properly.
• Penetration testing is still needed with cloud computing.
• A software firewall is an extra layer of security. It allows control of what levels of the system users can access.
• Are backup systems in place and how fast can everything be online again?
• The security of mobile phones, tablets and laptops also needs to be properly managed, so that uninvited guests will be unable to access the ERP system if something is lost or stolen.

Management still needed, even with everything in the cloud

The cloud can indeed be safer than a private on-premise data center. However, even if the infrastructure and platform are outsourced, a security specialist who knows how to use the system properly is still needed. By making an inventory of your own security requirements and comparing these with the options offered by the cloud provider, you can confidently take advantage of the capabilities of cloud-based ERP. Several vendors offer the combination of using their ERP software on private cloud infrastructure, which will result in many security requirements already being met.

Oracle JD Edwards ERP in the Oracle Cloud: a safe alternative

Oracle’s JD Edwards system allows you to choose your own provider because it works with any public or private cloud. If you opt for JD Edwards in one of Oracle’s public clouds (via IaaS or PaaS), you will have the benefit of the expert security features of Oracle and JD Edwards. This solution combines the benefits of an on-premise ERP with those of the public cloud. This will allow you to choose when to perform upgrades, to make adjustments yourself and to remain in control of your data. All this in a fully secure environment benefiting from Oracle-grade security, always up-to-date infrastructure, databases, middleware, and much more. To read more about experiences with Oracle’s public cloud, visit: Deployment to Oracle’s Public Cloud.

^[1]http://www.gartner.com/newsroom/id/3233217