Balancing cloud ERP security with operations: continuous updates are not a ‘cure-all’.

Cloud adoption rates have certainly increased in recent years as migration of people, systems and data became simpler, costs have decreased and concerns over security eased. Shifting from on-premise to cloud ERP systems has brought a wealth of benefits to businesses, from reduced administrative burdens to lower capital expenditure. But cloud still has CIOs wrestling with questions around the system and operational security. CIOs need a way to avoid the risk of version lag, and not fall into the trap of risking operational security through untested update failure.

Weighing the pros and cons of cloud erp

Well-configured cloud deployment offers significant cost, efficiency and end-user benefits over more ‘traditional’ on-premise deployments, but no system is fully immune from disruption. The ‘evergreen’ approach of continuous updates provides a reliable, regular stream of security patches, bug fixes and incremental improvements – but its very nature poses challenges to IT departments and is certainly not an ERP cure-all.

When compared to the previous long-term, on-premise ERP strategy that can only be described as ‘find a version that works for you then sit on it for as long as possible,’ the Software-as-a-Service (SaaS) cloud model has very much established itself as a superior alternative.

Gone is the in-house management burden of quick fixes, patchwork integrations and rushed responses to emerging security exploits – an approach that often detracted from other business-critical IT tasks. By opting for an ERP system hosted in, for example, the Azure cloud, businesses can take advantage of thousands of dedicated staff with 24×7 availability on the vendor side, with yet more specialist teams focused on ensuring the cybersecurity of their SaaS solutions. The scale is simply incomparable.

For a case in point, we recently implemented a cloud-based Microsoft Dynamics 365 Business Central solution for charity Alzheimer’s Research UK, with enhanced reporting, remote access and enhanced security all part of the core benefits of a shift to cloud ERP. With a single solution, the charity was able to replace ageing financial software with limited remote availability and minimal data reporting features, introducing an advanced, cloud-based alternative in its place.

Skip the version lag – and security holes – with an ‘evergreen’ approach to updates

The Microsoft ‘evergreen’ approach to keeping ERP systems updated, whereby patches are automatically applied on a regular scheduled basis, is a major shift from previous approaches to updates held by many IT departments. Once deployed and customized to be fully functional, many businesses avoid ‘rocking the boat’ with updates or patches – often leading to a significantly outdated version.

The ‘evergreen’ approach takes the update burden out of the business’ hands, ensuring a cloud ERP system such as Dynamics 365 is always kept running on a supported and security-patched version, easing end-of-life concerns. This ensures businesses are not running versions with limited functionalities or known security vulnerabilities.

A testing challenge: outdated systems or operational disruption?

While this faster, predictable update cycle tightens systems from a cybersecurity perspective, the highly integrated, customizable nature of today’s cloud ERP systems can also be seen as a double-edged sword in terms of operational ‘security’. ERP vendors naturally cannot test these updates for every individual business environment – many of which operate highly customized or extensively integrated ERP systems – so there is a low-lying risk of operational disruption to a critical system. If an update does go ahead, the difficulties don’t end there as many businesses lack the time or resources to analyze all the release notes an ERP vendor produces. These notes contain details of the updates and it’s up to the business to take this responsibility in-house to see how a rollout would affect their system in terms of downtime and user disruption.

To ensure business continuity and no unexpected threats to day-to-day operations, having support from a managed service provider along with testing the update of patches on critical processes prior to deployment will be vital – a task that is increasingly being automated to ease the manual burden. Take the case of United Oilseeds, a long-standing Columbus customer which has gone on to become one of the UK’s most successful farmer co-operatives. Due to issues with a previous third-party infrastructure managed service, United Oilseeds reached out to Columbus to unite their application and infrastructure managed services. After an Azure migration project to modernize and futureproof

their ERP system, United Oilseeds began to see the benefits of a complete managed services package. The company has been able to eliminate the back-and-forth between separate providers, and the more proactive approach results in less downtime of a single point of contact for their managed services. The newer, more up-to-date infrastructure also enables them to maximize the ROI of their ERP system.

Support the all-important human element – application security is key

Unfortunately, the end-user is often the weak link when business-critical systems are compromised. Witness the 2021 major ransomware attack on the Irish public health system, which was triggered by an unsuspecting user opening a single infected document received via email. The Covid-induced mass shift to remote working – which also made cloud deployments a far more attractive prospect due to their cost-saving abilities and accessibility – has also increased the attack vector for cybercriminals, as many vulnerable personal devices with typically poorer security were connected to corporate networks. End-user training in online safety and cybersecurity best practices has never been so important – and for ERP systems, application security will also have a vital role to play.

But by taking a granular approach to security, IT departments can ensure ease of mind should a user account be compromised, without heavily impacting on user access to critical systems and data. Configured correctly, this spans detailed user types with varying privileges, audit trails and additional traceability measures such as automated checks. And with a cloud deployment, a single end-user account or device being infected will not result in catastrophic failure. Take a malware attack on a manufacturing company with operations running around the clock. A compromised on-premise ERP system linked to the factory floor and other back-end systems will require an entire shut-down to avoid further spread and damage – affecting operations, manufacturing output, and ultimately the bottom line. With a SaaS deployment, whereby a client on a single device is compromised, this will not be the case.

Cloud tackles one cause for concern – but tread carefully with updates

There are clear security risks for the traditional approach of finding an on-premise ERP deployment that works and then touching the infrastructure as little as possible – something that can leave

organizations running off highly outdated, vulnerable or unsupported versions. Yet the rush to embrace an ‘evergreen’ approach to updates must also be taken with an understanding of the security implications – cloud doesn’t solve all the issues and operational security remains the responsibility of the business.

IT departments will need to take a broad definition to ‘security’, spanning both protection from external threats and business continuity through sustained critical operations. To ensure long-term cloud ERP success, they must ensure their cloud deployment is correctly configured, security at the application level is fit-for-purpose, and updates are thoroughly tested to ensure maximum compatibility.

By Chris Clifford, Technical Solution Architect, Columbus UK.

Choose an AI solution to transform beyond technology

Kit Cox • 09th December 2024

The first step is knowing exactly what your business wants to achieve with AI; think faster, smarter and more efficient. Once you know what you are working towards, you can start looking for a solution that can help you make it a reality. AI integration can feel like a daunting task at the beginning, so...

A Roadmap to Security and Privacy Compliance

John Lynch Director of Kiteworks • 04th December 2024

Only by understanding the current regulatory environment and implementing robust data protection measures, can organisations enhance their security posture, ensure compliance, and build resilience against the latest cyber threats. This article provides a comprehensive roadmap of how to do it.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...