Cloud Security Alliance: Cloud ERP making waves but caution persists around security

Once a major headache for organisations, enterprise resource planning (ERP) systems are now becoming easier to migrate to the cloud, according to a new study from the Cloud Security Alliance (CSA).

The findings, which appear in the research firm’s latest report, titled ‘The Impact of Cloud on ERP’, which surveyed almost 200 enterprise-level C-suite executives. Two thirds (64%) of organisations polled are either planning or in the middle of an ERP cloud migration initiative, while the vast majority (87%) of organisations who plan to use ERP are also looking to the cloud for other projects.

There is no doubt – if any existed previously – about how important ERP remains to large organisations. 87% of those polled said it was either ‘extremely’ or ‘very’ important to their business.

When it came to specific vendors, SAP was top of the shop, cited by 52% of respondents, ahead of Oracle (35%). This makes for interesting if not overly surprising reading. As regular readers of this publication will be aware, Oracle and SAP have committed huge resources to moving their legacy software contracts over to more quickly recurring cloudy ones.

This note shows the interest on both sides. Yet are SAP and Oracle convincing customers to use them to move over? Yes and no; while AWS (28%) and Azure (25%) remain the most popular cloud providers for data migration, SAP (13.5%) and Oracle (8%), the former in particular, have respectable figures compared with their overall cloud industry market share.

Organisations want to make the most of their ERP and they see being cloud-based as the key; yet concerns naturally remain. Companies are worried most about the moving of sensitive data (64%), as well as security (59%), compliance (54%) and disruption of business operations (46%). The benefits, however, outweigh the issues; security, cited by almost half of those polled as a boon, can be patched and updated easily by the provider, while scalability with new technologies (65%) and lower capex and opex (61%) were also seen as vital.

When it came to assessing security pre- and post-migration, however, the mood was one of caution and scepticism. One in three (34%) said there was a ‘slight’ risk increase, while 19% said the risk would be ‘significant’. 30% anticipated little change.

Writing for this publication in August, Louis Columbus noted how leading organisations were taking this a stage further, by baking machine learning and artificial intelligence into their ERP systems for greater insight. Taking manufacturing as its key example, through this integration machine-level data can be analysed, virtual agents can pick across each part of the process, and product quality can be improved.

“Legacy ERP systems were purpose-built to excel at production consistency first at the expense of flexibility and responsiveness to customers’ changing requirements,” Columbus wrote. “By taking a business case-based approach to integrating AI and machine learning into their platforms, cloud ERP providers can fill the gap legacy ERP systems can’t.”

“In any cloud migration, regardless of the provider, security must be implemented from the start and implemented in phases throughout the project,” said Juan Pablo Perez-Etchegoyen, chair of the CSA ERP Security Working Group. “Organisations are concerned about moving sensitive data across environments, then addressing the security and compliance implications that come of that migration.

“Our studies have found that implementing security in each phase of the migration could save customers over five times of their implementation costs.”

You can read the full report here (pdf, email required). in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.