ERP cloud migration and its complexities

Migrating mission-critical elements to the cloud is something most enterprises are doing right now and enterprise resource planning (ERP) applications form the bulk of these projects.

According to a report from the Cloud Security Alliance, 69 percent of organizations are migrating data for popular ERP applications to the cloud, moving to major cloud infrastructure-as-a-service providers.

90 percent of these applications are business-critical, and the top three migration concerns center on the movement of sensitive data, security, and compliance.

More than half of the survey respondents stated that they expect security incidents in the cloud to increase in the next year. The research finds that the attackers are evolving too.

Worryingly, in terms of accountability, there are misconceptions among the survey’s respondents.

60 percent think that if a breach occurs, the cloud service provider should be held liable, while 77 percent think the organization itself should be responsible for securing their ERP applications.

Third parties are held least accountable and responsible, and this shows a perception gap that highlights the need for organizations to take ownership of their business-critical applications while migrating them to the cloud.

“Organizations are starting to explore the question of whether a cloud environment might alleviate traditional challenges that business-critical applications normally face,” said John Yeoh, Director of Research, Americas for the Cloud Security Alliance.

“As moving to the cloud raises its own security and privacy challenges, we wanted to provide some benchmarks regarding the myriad issues surrounding cloud migration and security,” he added.

The study surveyed 199 managers, C-level executives, and staff from enterprises in the Americas (49%), APAC (26%) and EMEA (25%).

“In any cloud migration, security must be implemented from the start and implemented in phases throughout the project. Our studies have found that implementing security in each phase of the migration could save customers over five times of their implementation costs,” stated Juan Pablo Perez-Etchegoyen, CTO of Onapsis and Chair of the CSA ERP Security Working Group.

Other key findings of the survey included the following:

• Americas (73 percent) were more likely to report that they were migrating business-critical applications to the cloud, where regulations such as the European Union General Data Protection Regulation (GDPR) will have an impact on technology purchases, cloud services, and third-party policies.
• Companies are taking added measures to protect their ERP applications, including identity and access controls (68 percent), firewalls (63 percent) and vulnerability assessment (62 percent).
• On-premise models (61 percent) are employed most commonly, with cloud SaaS (41 percent) cloud IaaS (23 percent) and cloud PaaS (17 percent).
• Listed among the benefits of moving to the cloud were scalability with new technologies (65 percent), lower cost of ownership (61 percent) and security patching and updating by the provider (49 percent).
• Barriers listed were moving of sensitive data (65 percent), security (59 percent) and compliance challenges (54 percent)

Essentially, migration of critical business applications is happening because on-premise solutions are becoming very costly. Hardware leases are up for renewal, upgrades need to occur to move to the next generation of ERP and other critical applications. This means more hardware procurement and data center space for IT.

Companies who are intending to migrate to the cloud should be ready to remain on-premises during the negotiation phase with cloud-based ERP providers to ensure they don’t get hung out to dry.

Keeping an open mind can be beneficial too, as alternatives such as SaaS-based ERP can sometimes be more cost-effective than traditional on-premises ERP.