For those working in the cyber security industry it has long been clear that cloud based software applications offer greater security potential when compared to their on-premise counterparts. This includes your Accounting and ERP data.
Bold claims, and we realise they are not universally supported by all decision makers, particularly when it’s time to take the plunge and purchase those new Accounting / ERP Systems. Less than representative press coverage within the industry is one cause of those chilly feet; large cloud data breaches are always reported and make headlines akin to plane accidents, whilst on-premise data breaches are covered rather more like car crashes, IE not at all in many cases. In fact, this same metaphor can serve to illustrate the genuine comparative risks, for those forward-thinking enough to hear them. For just as the chances of dying in a car crash are many times higher than dying in a plane crash, the vulnerabilities of on-premise systems make them much more susceptible to security attacks. In fact (and somewhat ironically), it is this same security misrepresentation which has helped strengthen the safety protocols of cloud-based system providers across the industry, as this immense negative attention they do receive when data does gets compromised pushes their security teams to ever greater heights.
Cyber security as a business risk has become an ingrained and persistent expense for most organisations… one that will not be disappearing any time soon. The total number of security incidents detected in 2014 was 42.8 million in 2014, an increase of 48% over 2013’s figures; meanwhile, the compound annual growth rate (CAGR) of detected security incidents has increased 66% year over year since 2009. The number of respondents, particularly large organisations, reporting losses of $20 million or more almost doubled over 2013 (figures based on a study by PwC Global State of Information Security Study).
Apart from the substantial increase in the annual financial costs of investigating and mitigating security incidents, the compromises have become increasingly sophisticated. In short, security breaches have not just become more expensive, but the type of problems they cause have become harder to put right, too. These problems are no longer limited to IT and operational disruptions, but often extend to other areas of the business. Areas potentially at risk include credit card and other financial data, sensitive customer and supplier information, intellectual property, and even database warehouse information for the world’s largest companies.
Older on-premise systems start to look like particularly easy targets for hackers as attacks become more effective. For example, a research study conducted by Onapsis, leading experts in SAP cyber-security reveals that over 95% of SAP business systems had vulnerabilities. These could lead to compromised data and disruption of critical business processes at the application layer. SAP systems are not protected from cyber threats by traditional security approaches. In 2014 alone, SAP released 391 security patches, averaging more than 30 per month to prevent full compromise of business data and processes. Though many companies are unaware of attacks, SAP ranked almost 50% of the security patches as ‘high priority.’ Hastily patching old software with so many security patches reflects the rates at which issues in this area are being uncovered.
According to Gartner, Inc. 2016 will mark the migration of traditional IT services to cloud service alternatives. We believe that the accelerating level of threats to company data will make this transition even quicker than Gartner expect throughout 2016 and 2017.
A key reason why we signed as a NetSuite partner was that it offers customers a very high level of security. Consider: despite being the world’s largest cloud ERP vendor, supporting over 24,000 organizations, these organisations are all running on exactly the same version of the system. This makes the product much easier to secure, as it offers a very defined surface area of attack. NetSuite includes application-only and role-level access, IP address restriction and industry standard SSL encryption for user IDs, passwords and data. Since the data is separate from the application itself, users can access all its features, but the underlying database or other infrastructure components remain safely inaccessible. The system is also designed to significantly reduce the risk of unauthorized access both from an unattended computer screen, and from specific computers and/or locations, by unwelcome third parties. NetSuite’s application runs on a three-tiered (web, application, and database) horizontally scalable architecture that supports multi-data centre deployment.
As the complexity, costs and frequency of security incidents continue to rise, companies will need to consider how to properly deploy and manage security across an increasingly distributed IT environment. Moving systems to the cloud ensures that critical business applications and data are protected. A cloud-based infrastructure not only delivers scalable and elastic IT-enabled capabilities ‘as a service’ using Internet technologies but also offers security, performance, reliability, features and flexibility.