Cloud ERP

The Celebrity Photo Leak: Is Your Cloud ERP At Risk?

Written by Chandler Hutchison | Sep 5, 2014 5:00:00 AM

 

Just a few days ago, hundreds of pictures presenting celebrities in compromising situations were distributed online without consent, as a tactic of abuse intended to humiliate, intimidate, and harass. It seems that the images were hacked from individual iCloud accounts, which puts Apple in a bad light. In response to harsh allegations, Apple reassured users that its systems are secure, stating that the celebrity photo-related incident was actually the result of targeted attacks on personal accounts; Apple systems haven’t been breached.

Will Things Escalate?

With so many organizations depending on cloud computing to process and manage business data on a daily basis, we cannot help but wonder whether the hackers will turn their attention to enterprise accounts, in an attempt to hack business data, which is far more valuable than some celebrity photos. Is cloud ERP at risk of abandonment due to security threats? Or are cloud-based ERP security issues just a fading worry?

Data security is the most important factor for ERP service providers who have developed and adopted different levels of security and protocols, which set cloud-based ERP apart from other cloud solutions. When talking about cloud ERP security, most professionals look at how ERP systems manage user authentication and how secure each application added to the system actually is. User authentication is critical since it controls access rights along with what users can and cannot do in the system. Typically, cloud-based ERP applications only allow users to access information and perform tasks according to their specific roles and responsibilities.

However, security on the cloud-based ERP environment remains a concern, especially because:

  • each deployment model, be it private cloud, public cloud, or hybrid cloud, requires different levels of security, according to its own set of characteristics
  • each organization has different requirements regarding security components, thus security applications must be flexible enough to meet all needs and demands
  • certain areas, such as data availability, traceability, accuracy, confidentiality, and integrity, must be considered when implementing security protocols

Assessing the Difference

To understand how cloud ERP security measures differ from the measures applied to other cloud environments, we will analyze different security aspects according to the level of security required.

Physical Security. Cloud-based ERP solutions come with the advantage of having the hardware located off-premise. Hardware components are stored in dedicated locations, protected by cameras and authentication technologies, such as ID badge, fingerprint, and retina recognition software.

Data Security. Data can be easily intercepted during transmissions across wireless networks. The easiest way to secure data is to encrypt communications between users, servers, and databases. Critical enterprise information is usually protected by encryption keys, algorithms, and protocols, such as HTTPS and SOAP. All cloud-based ERP systems also use advanced authentication protocols, which will block user access to the login page after several unsuccessful login attempts. As far as data storage security, the most advanced cloud ERP systems deny unauthorized access to any kind of enterprise data.  As an additional measure, stored data is encrypted, allowing data decryption only via the application logic.

Compared to other cloud solutions, cloud-based ERP makes available different architecture models. This means that cloud-based ERP applications are more flexible and customizable in terms of security upgrades and maintenance than other solutions.

The recent cyber attacks on celebrity iCloud accounts should not be considered a simple “wake up call.” Cloud computing security risks are real, whether we talk about ERP or other systems. However, the main difference is that, if done correctly, cloud ERP is much more secure than many other solutions, whether in cloud- or self-hosted environments.
View full post