2020’S Top ERP Security Challenges: It’s All About The Data!
As we enter the new year, the criticality of securing sensitive data will continue to mold and transform the structure of security strategies across enterprises, resulting in a heightened focus on access controls, visibility solutions, and (generally) data-centric ERP investments. With numerous data privacy regulations on the horizon, the cost of data breaches will be more catastrophic for businesses. In 2020, enterprises must invest in proactive strategies that combat the dynamic threats targeting an organization’s most sensitive data.
Enterprises can expect the trend of increased data breaches in ERP systems to continue to rise in 2020
Since ERP was first designed as an application product, ERP systems have been incapable of evolving alongside an organization’s maturing IT environment – and are unable to integrate with advanced security initiatives. It is, and will remain very challenging to keep ERP systems up-to-date and due to the business criticality of these applications – enterprises are wary of switching them out entirely.
In order to secure ERP systems in 2020, business owners must realize the criticality of their businesses’ usability of ERP apps. It is the business owner who is more familiar with the users, and as Gartner concluded, ‘it is the user – not the provider – who fails to manage the controls used to protect an organization’s data.’ With the growing number of connected applications running across the company, such as payment and HR apps, business owners need to evolve their ERP systems and go beyond firewalls.
In 2020, there will be a CIO responsibility shift from “systems technology experts” to “data experts”, as security increasingly becomes more of a data-level function
As enterprises become more and more aware that the security of sensitive ERP data is a high priority, especially with the rise in data privacy regulations such as CCPA – there will be a rise in Chief Data Officer roles as well as a shift in the roles of CIO’s from focus on systems to a focus on data. This shift will cause many challenges though, as the majority of CIO’s do not specialize in the systems aspect of ERP. Yet, the rise in data-centric compliance initiatives, as well as the deployment of fundamental security tools such as multi-factor authentication and SSO across the enterprise, will ease the transition from a systems-centric CIO to a data-centric CIO.
Additionally, from an organizational perspective, we can expect more CIO and CISOs at the board level as organizations continue to mature and invest further in security and understand the varying operational budgets.
In the coming year, we can expect more enterprises adopting Privileged access management (PAM) as a key IT security project as well as effective access controls due to heightened third-party risk
PAM is the first, fundamental level of data protection, privacy and compliance when logging and auditing are concerned, and with more and more data privacy regulations on the horizon, PAM will become a key IT security project in the coming year. Additionally, given that the majority (83%) of organizations engaging with third parties to provide business services identified risks, organizations must hold all third parties at greater liability and bound them by their contracts as to data protocols if breached in 2020.
Users will increasingly demand ERP access beyond their corporate networks – core transactions will need to face the open internet
As organizations continue to make (and demand) employees be more productive, employees will (in turn) insist that their ERP transactions are available from any location, at any time. In order to maintain high levels of security, ERP transactions have traditionally been available (only) behind corporate firewalls. However, this model immediately causes user push-back, especially as more organizations rely on mobile workforces to scale and keep business running in the coming years. When enterprises insist that employees only execute their ERP transactions when they have access to a corporate network, users will inevitably avoid it which will cause increased strain on an organization across functions.
Therefore, in 2020, we can expect more organizations to invest in solutions that focus on enhancing access controls and logging. More and more organizations will begin to understand the importance of expanding access as a table stakes initiative as productivity requirements shift, demanding users to be as mobile as possible.
What are your ERP security and compliance goals for 2020?
The security experts at Pathlock would love to help ease the journey toward a fully secure and compliant ERP system. Email us at [email protected] to learn how we do it!