Security Concerns Grow as Enterprises Migrate ERP to the Cloud
Enterprises increasingly are migrating mission-critical ERP applications to the cloud, a move that promises to bring its share of benefits and security concerns.
According to a survey just released by the Cloud Security Alliance (CSA), more than two-thirds (69 percent) of organizations are migrating data from a range of ERP applications – from the likes of SAP and Oracle – to the cloud, an indication of the digital-transformation forces driving many enterprises and their increasing comfort with the idea of running and storing crucial apps and data in the cloud.
However, the study, “Enterprise Resource Planning (ERP) Applications and Cloud Adoption,” also found that enterprise officials still have security concerns when migrating such workloads; in particular, the survey of 200 executives and IT pros from a range of industries – including technology, financial services, government and telecommunications – found that moving sensitive data (64.7 percent), security (59 percent) and compliance (54.3 percent) were the top concerns when moving ERP workloads to the cloud.
In addition, there continues to be a gap in the understanding around accountability when it comes to security in the cloud, according to the study, which was funded by Onapsis, a cybersecurity vendor with a focus on protecting business-critical applications, and a CSA board member. Though three in five (60 percent) survey respondents said they believe the cloud service provider is responsible for a breach, more than three in four (77 percent) also felt that the responsibility to secure the ERP applications fell on the organizations themselves.
The numbers show that enterprises need to assume greater ownership of their applications while migrating them to the cloud.
“It all comes up, especially when selecting a vendor and redlining the cloud contracts, and it depends strictly on the cloud service model,” Juan Pablo Perez-Etchegoyen, chairman of the CSA ERP security working group and Onapsis CTO, told Channel Futures. “If going to an IaaS cloud service model, the cloud vendor will provide orchestration and scalability capabilities, but at the application layer, organizations still need to handle security. When going to a SaaS cloud service model, organizations must have the right visibility and control as they do not manage any aspect of the infrastructure.”
Organizations understand that they must leverage the cloud “because of all of its benefits, but they are getting more comfortable around the security capabilities and who handles what. Eventually understanding where the line is will give the peace of mind that will allow for better data security,” Perez-Etchegoyen said.
Overall, the survey paints a picture of companies that increasingly are getting comfortable with moving and running their key enterprise applications in the cloud. Sixty-four percent of respondents are either planning or are in the middle of ERP cloud-migration projects, more than 69 percent said their companies are migrating business-critical applications, and 87 percent of those considering ERP solutions intend to adopt cloud offerings.
The report noted that analysts project the cloud ERP solutions market at $30 billion by 2021. In addition, enterprises on average use more than 1,400 cloud applications, including some business-critical applications that are being migrated, the report’s authors wrote.
“ERP applications are still primarily used on-premise[s],” they wrote. “However, the growth of cloud solutions is clear. A large majority of the organizations considering or deploying ERP applications within six months is substantially higher for cloud.”
For ERP, three in five (61 percent) organizations are using on-premises models, followed by cloud models software-as-a-service (SaaS) at 41 percent, infrastructure-as-a-service (IaaS) at 23 percent and platform-as-a-service (PaaS) at 17 percent. Many companies are taking a …