The Cloud ERP debate – security versus operational disruption?

Recent demands for tighter security measures and reduced operational costs have caused widespread cloud adoptions rates to rise as many businesses make the switch from on-premise to cloud ERP. This switch comes with plenty of business benefits from decreased security burdens to reduced capital expenditure and lower administrative burdens. However, some CIOs are still on the fence about adopting cloud ERP due to concerns that untested updates and version lag may cause disruption to their business operations – but is this really the case? 

An in-depth assessment of cloud ERP’s strengths and weaknesses

A well-configured cloud deployment offers significant cost, efficiency, and end-user benefits over more ‘traditional’ on-premise deployments, but no system is fully immune from disruption. If businesses adopt an ‘evergreen’ approach to updates they will benefit from a trustworthy, regular stream of bug fixes and security updates – but this does not mean IT departments will not face challenges along the way. 

When compared to the previous long-term, on-premise ERP strategy that can only be described as ‘find a version that works for you then sit on it for as long as possible,’ the Software-as-a-Service (SaaS) cloud model has very much established itself as a superior alternative. 

By selecting a cloud ERP system, businesses gain a specialist team provided by the vendor which can work 24×7 to ensure their SaaS solution is secure, releasing IT teams of their security burden usually faced when using on-premise deployment. The magnitude of a cloud upgrade can be a gamechanger for IT departments who will no longer need to worry about having to quickly respond to resolve bug problems and integrate new patchworks – an approach that often means other IT tasks are pushed to the side. 

A first-hand example of this was when we helped the charity Alzheimer’s Research UK by implementing a scalable cloud-based business management solution. This gave them the tools to have better data reporting, increased remote accessibilities, and improve their security all from changing to cloud ERP. With their old financial software, they struggled to access critical data remotely and restricted data reporting features. 

Approach updates the ‘evergreen’ way for top-notch security

The Microsoft ‘evergreen’ approach to keeping ERP systems updated, whereby patches are automatically applied on a regular scheduled basis, is a major shift from previous approaches to updates held by many IT departments. Once deployed and customised to be fully functional, many businesses avoid ‘rocking the boat’ with updates or patches – often leading to a significantly outdated version.

The ‘evergreen’ approach takes the update burden out of the business’ hands, ensuring a cloud ERP system such as Dynamics 365 is always kept running on a supported and security-patched version, easing end-of-life concerns. This ensures businesses are not running versions with limited functionalities or known security vulnerabilities.

Reduce operational disruption with a helping hand from managed services providers

While this faster, predictable update cycle tightens systems from a cybersecurity perspective, the highly integrated, customisable nature of today’s cloud ERP systems can also be seen as a double-edged sword in terms of operational ‘security’. ERP vendors naturally cannot test these updates for every individual business environment – many of which operate highly customised or extensively integrated ERP systems – so there is a low-lying risk of operational disruption to a critical system. If an update does go ahead, the difficulties don’t end there as many businesses lack the time or resources to analyse all the release notes an ERP vendor produces. These notes contain details of the updates and it’s up to the business to take this responsibility in-house to see how a rollout would affect their system in terms of downtime and user disruption.

To ensure business continuity and no unexpected threats to day-to-day operations, having support from a managed service provider along with testing the update of patches on critical processes prior to deployment will be vital – a task that is increasingly being automated to ease the manual burden.

Take the case of United Oilseeds, a long-standing Columbus customer which has gone on to become one of the UK’s most successful farmer co-operatives. Due to issues with a previous third-party infrastructure managed service, United Oilseeds reached out to Columbus to unite their application and infrastructure managed services. After an Azure migration project to modernise and futureproof their ERP system, United Oilseeds began to see the benefits of a complete managed services package. The company has been able to eliminate the back-and-forth between separate providers, and the more proactive approach results in less downtime of a single point of contact for their managed services. The newer, more up-to-date infrastructure also enables them to maximise the ROI of their ERP system.

Mitigate end-user mishaps with effective cyber training and application security 

Since the covid pandemic induced mass shift to remote working, there’s been a noticeable spike in business cyberattacks as more employees start to connect corporate devices to their own personal networks, which often have poorer security compared to corporate networks. Unfortunately, there has been many cases where the end-user is unintentionally the reason corporate systems are compromised. Back in 2021, all it took was for one user to click on an infected file in an email and introduce a major ransomware attack on the entire Irish public health system. To avoid similar outcomes, many businesses have prioritised teaching their employees about cybersecurity and online safety. 

IT departments that take a granular approach to security can relax knowing that should a user account be compromised, this will not heavily impacting on user access to critical systems and data. If configured correctly, should a user experience a cyber-attack they will not be able to spread to other users no matter the audit trail, privileges, and additional traceability measures including automated checks. 

Take a malware attack on a manufacturing company with operations running around the clock. A compromised on-premise ERP system linked to the factory floor would force the entire business to shut down to prevent the attack from spreading further and causing more damage to other back-end systems. This would have a catastrophic impact on the business because operations and manufacturing would have to cease until the issue is fixed, wasting time and money. However, with a SaaS deployment, whereby a client on a single device is compromised, this will not be the case.

Correct implementation can lead to a safe and smooth future with cloud ERP

Before rushing to make the switch over to cloud ERP, businesses must first understand the operational responsibilities that can minimise disruptions. Adopting an ‘evergreen’ approach to updates still has its own security and compatibility challenges as cloud ERP is not a fix all solution after all. End-user training, application security, having the right managed service provider, and correct configuration will be crucial for businesses to unlock the true benefits of cloud ERP – from reduced capital expenditure to skipping version lag and enhanced efficiency. 

+ posts

Chris Clifford, Principal Security Architect, Columbus UK. Chris is an experienced technology team lead and solution architect, delivering quality and innovative technical solutions for prospects and customers on the Dynamics, Windows and Azure Cloud platforms. His current focuses include Digital Transformation, Cloud Infrastructure, Azure, Azure Analytics, Azure Security and PowerBI.

CIF Presents TWF – Ems Lord


Related articles

The Future of Marketing: Automation vs Innovation

Does AI Understand Your Brand Voice? AI is dropping jaws...

AI Act – New Rules, Same Task

The first law for AI was approved this month...

Time to Ditch Traditional Tools for Cloud Security

Reliance on cloud technologies has significantly expanded the attack...

AI Show – Episode 3 – Guy Murphy

In this third episode of The AI Show! Host...

6 Ways Businesses Can Boost Their Cloud Security Resilience

The rise in cloud-based cyberattacks continues to climb as...

Subscribe to our Newsletter