ERP security: Dispelling common misconceptions

2020-08-25 04:30

"Since ERP systems have a lot of moving parts, one of the biggest misconceptions is that the built-in security is enough. In reality, while you may not have given access to your company's HR data to a technologist on your team, they may still be able to access the underlying database that stores this data," Mike Rulf, CTO of Americas Region, Syntax, told Help Net Security.

"Another misconception is that your ERP system's access security is robust enough that you can allow people to access their ERP from the internet."

In actual fact, the technical complexity of ERP systems means that security researchers are constantly finding vulnerabilities in them, and businesses that make them internet-facing and don't think through or prioritize protecting them create risks that they may not be aware of.

"Businesses need some way to mitigate any threats between when patches are released and when they can be fully tested and deployed. An application firewall can act as a buffer to allow a secure way to access your proprietary technology and information during this gap. Additionally, an application firewall allows you to separate security and compliance management from ERP system management enabling the checks and balances required by most audit standards," he advises.

To make mobile access to ERP systems safer for a remote workforce, CISOs should definitely leverage multi factor identification that forces employees to prove their identity before accessing sensitive company information.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/NvmoGHQWXoY/

#ERP #security