As SAP and some other vendors are forcing users of ERP software systems into vendors’ proprietary clouds, a significant percentage of the world’s Chief Information Officers are concerned about the security of the data being stored there.

This is one of the main takeaways from a KPMG and Oracle survey released during the midst of COVID-19. Due to the timing, many executives may have missed this news as they focused on the security and safety of their families.

ERP security is not the only concern for technology heads – this applies to all information stored in the cloud. However, for many public and private sector businesses, ERP contains a huge amount of information, concentrated in one place and covering many functions in the company. The global study also found that CIOs are concerned about how their organizations are taking a mixed, often confusing approach to data security.

(We highlighted some of the growing issues surrounding ERP migration to the cloud in an earlier blog post from Sept. 2019)

Multiple Security Systems

The hodge-podge approach to security in ERP software systems is just one thing keeping technology chiefs awake at night.

  • Some 78% of respondents said they used more than 50 discrete cybersecurity products to protect their data and nearly four in 10 use a whopping 100 or more, making them concerned about how they do – or do not – work together.
  • Organizations that uncovered misconfigured cloud services experienced 10 or more data loss incidents in the previous 12 months.
  • A mere 8% of those surveyed fully understand the shared security responsibility for data stored in the cloud, unsure about what is their obligation to protect and what the cloud provider oversees.

Many organizations responded to the stay-at-home orders that found everybody working remotely by accelerating moving both workloads and data to the cloud. In doing so, it revealed current vulnerabilities and created new ones in the protocols governing company systems.

Despite this, 92% of respondents do not believe their organization is well-prepared to secure data in public cloud services. Eighty percent take some comfort in reporting that news of data breaches at other businesses increases their organization’s focus on securing the data in ERP software systems and other technology. Nearly nine out of 10 people believe that artificial intelligence and machine learning will help improve data security in the cloud.

Tightening ERP and Cloud Data Security

Many heads of technology worry that the corner office turns its attention to data security only after there is a problem. It seems to take security breaches and data leaks, usually reported in the media, to attract the attention of the C-suite, even though it is a management issue that needs to be discussed and reviewed on an ongoing basis at the board level.

As a result, some 69% of CIOs responding to the survey complain that CEOs and Chief Information Security Officers – if the organizations have one – get involved in public cloud projects only after a cybersecurity incident.

Address the issues and concerns uncovered in the study in the contract for cloud services, whether it involves migrating ERP or some other data-rich piece of technology. We have spent our career focusing on all aspects of ERP software system contracts and protecting the security of the treasure trove of data they hold.

As one example, a well-crafted cloud contract will specify the responsibilities of the user and the cloud provider. Not only does this eliminate the confusion many CIOs expressed in the survey, if there is a data incident, each side will know who to hold accountable for the problem.

If you want to discuss your situation, whether you are an executive of a private business or a senior technology manager in a public sector organization, feel free to contact Taft. We will be happy to share our knowledge and insights regarding negotiation of a cloud contract.