The Cloud Security Alliance (CSA) released Friday findings from its initial research survey on “Enterprise Resource Planning (ERP) Applications and Cloud Adoption.” The study offers greater insight into cloud preparation and migration, the features and benefits gained, and the security and privacy challenges for ERP systems in a cloud environment.
The study, which was sponsored by Onapsis, a vendor of business-critical application security, surveyed 199 managers, C-level executives, and staff from enterprises in the Americas (49 percent), APAC (26 percent) and EMEA (25 percent).
According to the survey, 69 percent of organizations are migrating data for popular ERP applications to the cloud, moving to major cloud infrastructure-as-a-service providers, with the overwhelming majority, almost 90 percent, stating that these applications are business-critical.
In line with the top three migration concerns – moving sensitive data followed by security and compliance – the research finds that attackers are evolving, too. Over half of the survey respondents stated that they expect security incidents in the cloud to increase in the next year.
Yet, when it comes to accountability, there are troubling misconceptions: While 60 percent of survey respondents claim that they feel the cloud service provider is responsible for a breach, 77 percent believe that it is the responsibility of the organization itself actually to secure their ERP applications.
Third-parties are held least accountable and responsible. This perception gap shows that organizations need to take more ownership of their business-critical applications while migrating them to the cloud.
The survey also revealed that 73 percent both in the Americas and in the APAC region were more likely to report that they were currently migrating business-critical applications to the cloud than those in EMEA, where regulations such as the European Union General Data Protection Regulation (GDPR) impacted organizational plans for technology purchases, cloud services, and third-party policies.
Companies are taking added measures to protect their ERP applications in the cloud, including identity and access controls (68 percent), firewalls (63 percent), and vulnerability assessment (62 percent).
On-premise models (61 percent) are employed most commonly, with cloud SaaS (41 percent), cloud IaaS (23 percent) and cloud PaaS (17 percent) following.
Listed among the benefits of moving to the cloud were scalability with new technologies (65 percent), lower cost of ownership (61 percent) and security patching and updating by the provider (49 percent). Barriers listed were moving of sensitive data (65 percent), security (59 percent), and compliance challenges (54 percent).
“The cloud computing ecosystem is maturing rapidly and business-critical applications, such as ERP solutions, are being moved to cloud environments. With this shift, organizations are starting to explore the question of whether a cloud environment might alleviate traditional challenges that business-critical applications normally face,” said John Yeoh, Director of Research, Americas for the Cloud Security Alliance. “As moving to the cloud raises its own security and privacy challenges, we wanted to provide some benchmarks regarding the myriad issues surrounding cloud migration and security.”
“In any cloud migration, regardless of the provider, security must be implemented from the start and implemented in phases throughout the project. Organizations are concerned about moving sensitive data across environments, then addressing the security and compliance implications that come of that migration. Our studies have found that implementing security in each phase of the migration could save customers over five times of their implementation costs,” stated Juan Pablo Perez-Etchegoyen, CTO of Onapsis and Chair of the CSA ERP Security Working Group.