Today’s powerful ERP systems help companies run business processes across their operations – manufacturing, supply chain management, sales, marketing, finance, and back-office business management. As systems of record, they are a repository of an organization’s data available in planning and decision-making, and provide the operational standard for processes.
In more recent years, as the conventional separation between ERP and customer relationship management (CRM) systems has largely disappeared in the cloud, ERP has also become a system of engagement, a key element in enabling a high-quality customer experience. In addition, ERP often serves as the foundation for exchanges and collaborations among teams and partnering companies involved in product development, marketing and sales campaigns, or mergers and acquisitions. In many companies, that means more data flowing through ERP, and more people who interact with ERP functions and data or benefit from the integrations of ERP solutions with other business systems.
Opening ERP to greater numbers of users and broadening its functional scope brings more security risks and greater vulnerability to business-critical software and data. Some integrations – for example, with ecommerce software – may further increase the vulnerability of ERP to digital malfeasance.
Unfortunately, ERP security is often not a prime consideration when companies evaluate and select ERP solutions and providers, and when they implement an ERP system. Typically, goals for ERP include managing growth, operating more efficiently, reducing costs, gaining greater agility, or becoming more competitive and innovative in services and products. Security may only come up as an afterthought. CIOs and ERP managers likely understand potential security risks, but may not hold enough sway to secure upfront planning or budgeting when other priorities promise desirable outcomes. While individuals may in many companies be accountable for compliance and physical security, it is not always clear who is responsible for the security of digital assets.