Security Concerns Grow as Enterprises Migrate ERP to the Cloud

The comfort level with cloud migration is growing, but so are misconceptions about security.

Jeffrey Burt

January 14, 2019

5 Min Read
ERP, enterprise resource planning

Enterprises increasingly are migrating mission-critical ERP applications to the cloud, a move that promises to bring its share of benefits and security concerns.

According to a survey just released by the Cloud Security Alliance (CSA), more than two-thirds (69 percent) of organizations are migrating data from a range of ERP applications – from the likes of SAP and Oracle – to the cloud, an indication of the digital-transformation forces driving many enterprises and their increasing comfort with the idea of running and storing crucial apps and data in the cloud.

However, the study, “Enterprise Resource Planning (ERP) Applications and Cloud Adoption,” also found that enterprise officials still have security concerns when migrating such workloads; in particular, the survey of 200 executives and IT pros from a range of industries – including technology, financial services, government and telecommunications – found that moving sensitive data (64.7 percent), security (59 percent) and compliance (54.3 percent) were the top concerns when moving ERP workloads to the cloud.

In addition, there continues to be a gap in the understanding around accountability when it comes to security in the cloud, according to the study, which was funded by Onapsis, a cybersecurity vendor with a focus on protecting business-critical applications, and a CSA board member. Though three in five (60 percent) survey respondents said they believe the cloud service provider is responsible for a breach, more than three in four (77 percent) also felt that the responsibility to secure the ERP applications fell on the organizations themselves.

The numbers show that enterprises need to assume greater ownership of their applications while migrating them to the cloud.


Onapsis’ Juan Pablo Perez-Etchegoyen

“It all comes up, especially when selecting a vendor and redlining the cloud contracts, and it depends strictly on the cloud service model,” Juan Pablo Perez-Etchegoyen, chairman of the CSA ERP security working group and Onapsis CTO, told Channel Futures. “If going to an IaaS cloud service model, the cloud vendor will provide orchestration and scalability capabilities, but at the application layer, organizations still need to handle security. When going to a SaaS cloud service model, organizations must have the right visibility and control as they do not manage any aspect of the infrastructure.”

Organizations understand that they must leverage the cloud “because of all of its benefits, but they are getting more comfortable around the security capabilities and who handles what. Eventually understanding where the line is will give the peace of mind that will allow for better data security,” Perez-Etchegoyen said.

Overall, the survey paints a picture of companies that increasingly are getting comfortable with moving and running their key enterprise applications in the cloud. Sixty-four percent of respondents are either planning or are in the middle of ERP cloud-migration projects, more than 69 percent said their companies are migrating business-critical applications, and 87 percent of those considering ERP solutions intend to adopt cloud offerings.

The report noted that analysts project the cloud ERP solutions market at $30 billion by 2021. In addition, enterprises on average use more than 1,400 cloud applications, including some business-critical applications that are being migrated, the report’s authors wrote.

“ERP applications are still primarily used on-premise[s],” they wrote. “However, the growth of cloud solutions is clear. A large majority of the organizations considering or deploying ERP applications within six months is substantially higher for cloud.”

For ERP, three in five (61 percent) organizations are using on-premises models, followed by cloud models software-as-a-service (SaaS) at 41 percent, infrastructure-as-a-service (IaaS) at 23 percent and platform-as-a-service (PaaS) at 17 percent. Many companies are taking a …

… hybrid approach, deploying more than one model.

In the survey, businesses cited scalability with new technologies, lower cost of ownership, and security patching and updating by the cloud provider as the key benefits for moving their ERP operations into the cloud. Faster time to value and increased innovation also are advantages.

The top security products protecting cloud ERP applications are identity and access management (IAM), firewalls and vulnerability assessment. A key component of the IAM services for ERP systems are single-sign-on (SSO) solutions, with four in five (79 percent) organizations using SSO for authentication, both in the cloud and on premises.

As far as the cloud providers they’re choosing, more than one in four (25 percent) opted for Microsoft Azure, about 18 percent Amazon Web Services and 13.5 percent SAP Cloud, with Google Cloud and Oracle Cloud also in the mix.

Migrating ERP and other business-critical applications to the cloud will bring multiple benefits to enterprises, but the move from on-premises environments is complex, according to the report. Everything from data classification and migration plans to compliance needs have to be managed correctly to address security and other concerns, the authors wrote.

But the momentum driving the migration is clear and “is definitely going to continue,” Perez-Etchegoyen said. “The most important aspect to consider when moving to the cloud is to incorporate security as an enabler to avoid it becoming a roadblock.”

Read more about:

Channel Research
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like