Difference between revisions of "Journal:Moving ERP systems to the cloud: Data security issues"
Shawndouglas (talk | contribs) (Created stub. Saving and adding more.) |
Shawndouglas (talk | contribs) (Saving and adding more.) |
||
| Line 19: | Line 19: | ||
|download = [http://www.lectitopublishing.nl/download/8972P1SA http://www.lectitopublishing.nl/download/8972P1SA] (PDF) | |download = [http://www.lectitopublishing.nl/download/8972P1SA http://www.lectitopublishing.nl/download/8972P1SA] (PDF) | ||
}} | }} | ||
{{ombox | |||
| type = content | |||
| style = width: 500px; | |||
| text = This article should not be considered complete until this message box has been removed. This is a work in progress. | |||
}} | |||
==Abstract== | ==Abstract== | ||
This paper brings to light data security issues and concerns for organizations by moving their [[enterprise resource planning]] (ERP) systems to the cloud. [[Cloud computing]] has become the new trend of how organizations conduct business and has enabled them to innovate and compete in a dynamic environment through new and innovative business models. The growing popularity and success of the cloud has led to the emergence of cloud-based [[software as a service]] (SaaS) ERP systems, a new alternative approach to traditional on-premise ERP systems. Cloud-based ERP has a myriad of benefits for organizations. However, infrastructure engineers need to address [[Cloud computing security|data security]] issues before moving their enterprise applications to the cloud. Cloud-based ERP raises specific concerns about the confidentiality and [[Data integrity|integrity]] of the data stored in the cloud. Such concerns that affect the adoption of cloud-based ERP are based on the size of the organization. Small to medium enterprises (SMEs) gain the maximum benefits from cloud-based ERP as many of the concerns around data security are not relevant to them. On the contrary, larger organizations are more cautious in moving their mission-critical enterprise applications to the cloud. A hybrid solution where organizations can choose to keep their sensitive applications on-premise while leveraging the benefits of the cloud is proposed in this paper as an effective solution that is gaining momentum and popularity for large organizations. | This paper brings to light data security issues and concerns for organizations by moving their [[enterprise resource planning]] (ERP) systems to the cloud. [[Cloud computing]] has become the new trend of how organizations conduct business and has enabled them to innovate and compete in a dynamic environment through new and innovative business models. The growing popularity and success of the cloud has led to the emergence of cloud-based [[software as a service]] (SaaS) ERP systems, a new alternative approach to traditional on-premise ERP systems. Cloud-based ERP has a myriad of benefits for organizations. However, infrastructure engineers need to address [[Cloud computing security|data security]] issues before moving their enterprise applications to the cloud. Cloud-based ERP raises specific concerns about the confidentiality and [[Data integrity|integrity]] of the data stored in the cloud. Such concerns that affect the adoption of cloud-based ERP are based on the size of the organization. Small to medium enterprises (SMEs) gain the maximum benefits from cloud-based ERP as many of the concerns around data security are not relevant to them. On the contrary, larger organizations are more cautious in moving their mission-critical enterprise applications to the cloud. A hybrid solution where organizations can choose to keep their sensitive applications on-premise while leveraging the benefits of the cloud is proposed in this paper as an effective solution that is gaining momentum and popularity for large organizations. | ||
| Line 50: | Line 54: | ||
===Cloud ERP=== | ===Cloud ERP=== | ||
The success of cloud computing, combined with the increasing pressure on organizations to respond to unique customer needs in the increasingly competitive business environments of today, has given rise to the new subscription-based delivery model for ERP, also referred to as cloud-based ERP or SaaS ERP. This new model of ERP systems functions in the same way as a traditional on-premise ERP solution. The main difference is that the infrastructure (the software, as well as the hardware and network connection) adopts a pay-per-use model; in other words, ERP is delivered as a service.<ref name="JohanssonCloud14" /> The ERP in a SaaS model is accessed over the internet, while the application and data is controlled by the cloud service provider and offered as a “ready-to-use” product to the end client for a monthly subscription fee.<ref name="JohanssonExploring13">{{cite journal |title=Exploring Factors for Adopting ERP as SaaS |journal=Procedia Technology |author=Johansson, B.; Ruivo, P. |volume=9 |year=2013 |pages=94–99 |doi=10.1016/j.protcy.2013.12.010}}</ref> | The success of cloud computing, combined with the increasing pressure on organizations to respond to unique customer needs in the increasingly competitive business environments of today, has given rise to the new subscription-based delivery model for ERP, also referred to as cloud-based ERP or SaaS ERP. This new model of ERP systems functions in the same way as a traditional on-premise ERP solution. The main difference is that the infrastructure (the software, as well as the hardware and network connection) adopts a pay-per-use model; in other words, ERP is delivered as a service.<ref name="JohanssonCloud14" /> The ERP in a SaaS model is accessed over the internet, while the application and data is controlled by the cloud service provider and offered as a “ready-to-use” product to the end client for a monthly subscription fee.<ref name="JohanssonExploring13">{{cite journal |title=Exploring Factors for Adopting ERP as SaaS |journal=Procedia Technology |author=Johansson, B.; Ruivo, P. |volume=9 |year=2013 |pages=94–99 |doi=10.1016/j.protcy.2013.12.010}}</ref> | ||
===Traditional ERP vs cloud ERP=== | |||
A cloud-based ERP system uses the advantages of cloud computing to offer a new and more flexible approach to host and use ERP systems. A widespread shift from traditional ERP system architecture towards cloud-based SaaS ERP systems is ongoing.<ref name="LenartERP11" /> The advantages of cloud computing are for example easy usage and accessibility, virtualized resources, scalability, affordability, and availability, guaranteed through service level agreements (SLA).<ref name="VaqueroABreak09">{{cite journal |title=A break in the clouds: Towards a cloud definition |journal=ACM SIGCOMM Computer Communication Review |author=Vaquero, L.M.; Rodero-Merino, L.; Caceres, J.; Lindner, M. |volume=39 |issue=1 |year=2009 |pages=50–55 |doi=10.1145/1496091.1496100}}</ref> Cloud computing, and in particular SaaS technology, enables ERP systems to invert some of their typical weaknesses which are inflexibility, lack of scalability, and consummation of massive local resources (hardware, manpower, and financial expenditures) into advantages. Although significant concerns remain in the form of limited functionality, the potential loss of internal control, performance reliability, and security, cloud-based models continue to gain traction.<ref name="UtzigERP13">{{cite web |url=https://www.strategyand.pwc.com/media/file/Strategyand_ERP-in-the-Cloud.pdf |format=PDF |title=ERP in the cloud: Is it ready? Are you? |author=Utzig, C.; Holland, D.; Horvath, M.; Manohar, M. |publisher=Booz & Company |date=2013 |accessdate=01 February 2017}}</ref> | |||
Figure 1 clearly shows the differences in operating costs, solution complexity, and implementation time of a traditional on-premise ERP system in comparison to cloud-based ERP systems. | |||
[[File:Fig1 Saa JofInfoSysEngMan2017 2-4.png|800px]] | |||
{{clear}} | |||
{| | |||
| STYLE="vertical-align:top;"| | |||
{| border="0" cellpadding="5" cellspacing="0" width="800px" | |||
|- | |||
| style="background-color:white; padding-left:10px; padding-right:10px;"| <blockquote>'''Figure 1.''' ERP systems deployment models<ref name="UtzigERP13" /></blockquote> | |||
|- | |||
|} | |||
|} | |||
In comparison to traditional ERPs, the advantages of cloud-based ERPs include<ref name="JohanssonExploring13" />: | |||
* enabling smaller clients who are not able to set up a complete, complex ERP system on-premise to use ERP; | |||
* saving infrastructure expenditures (no large up-front capital investment necessary), as well as software, maintenance, and updating costs<ref name="ElragalInHouse12">{{cite journal |title=In-House versus In-Cloud ERP Systems: A Comparative Study |journal=Journal of Enterprise Resource Planning Studies |author=Elragal, A.; El Kommos, M. |volume=2012 |issue=2012 |year=2012 |pages=659957 |doi=10.5171/2012.659957}}</ref>; | |||
* reducing the staff needed for support and maintenance; | |||
* enabling faster implementation of a cloud-based ERP, with less effort needed due to its agile design<ref name="ElragalInHouse12" />; and | |||
* offering better scalability (hardware/performance/user accounts can be increased quickly when needed but can also be easily reduced as well when resources are not needed anymore); | |||
* enabling mobility (server in the cloud is always accessible, wherever the employee works). | |||
Possible disadvantages include: | |||
* organizational data is stored in the cloud and not on-premise; | |||
* possible integrity and security issues due to loss of control over data storage and systems; and | |||
* dependency on the cloud provider. | |||
===Data security issues in cloud ERP=== | |||
As discussed in the previous sections, there is a clear tendency to move enterprise services and systems to the cloud. However, it is important for organizations that want to implement or use an ERP in the cloud (SaaS, PaaS or IaaS) to address the possible issues and risks of migration. Some of the main drawbacks in any cloud-based ERP are related to data security, performance, and availability. Dillon ''et al.''<ref name="DillonCloud10">{{cite journal |title=Cloud Computing: Issues and Challenges |journal=Proceedings of 24th IEEE International Conference on Advanced Information Networking and Applications |author=Dillon, T.; Wu, C.; Chang, E. |volume=2010 |year=2010 |pages=27–33 |doi=10.1109/AINA.2010.187}}</ref> have categorized security of data as the primary concern for organizations. Accordingly, this paper is focused on data security issues for cloud (SaaS) ERP. | |||
Bishop<ref name="BishopIntro05">{{cite book |title=Introduction to Computer Security |author=Bishop, M. |publisher=Addison=Wesley |year=2005 |isbn=9780321247445}}</ref> states that computer security relies on the confidentiality, integrity, and availability of data. From that context, cloud computing and ERP systems directly influence the required level of security. For example, as mentioned in the previous sections, ERP systems manage organizational data for essential business operations. Therefore, it is crucial for organizations to ensure data confidentiality and integrity in a cloud environment. | |||
==References== | ==References== | ||
Revision as of 00:11, 6 February 2018
| Full article title | Moving ERP systems to the cloud: Data security issues |
|---|---|
| Journal | Journal of Information Systems Engineering & Management |
| Author(s) | Saa, Pablo; Costales, Andrés Cueva; Moscoso-Zea, Oswaldo; Lujan-Mora, Sergio |
| Author affiliation(s) | Universidad Tecnológica Equinoccial, Yachay Public Company, University of Alicante |
| Primary contact | Email: psaa at ute dot edu dot ec |
| Year published | 2017 |
| Volume and issue | 2(4) |
| Page(s) | 21 |
| DOI | 10.20897/jisem.201721 |
| ISSN | 2468-4376 |
| Distribution license | Creative Commons Attribution 4.0 International |
| Website | http://www.lectitopublishing.nl/Article/Detail/8972P1SA |
| Download | http://www.lectitopublishing.nl/download/8972P1SA (PDF) |
 |
This article should not be considered complete until this message box has been removed. This is a work in progress. |
Abstract
This paper brings to light data security issues and concerns for organizations by moving their enterprise resource planning (ERP) systems to the cloud. Cloud computing has become the new trend of how organizations conduct business and has enabled them to innovate and compete in a dynamic environment through new and innovative business models. The growing popularity and success of the cloud has led to the emergence of cloud-based software as a service (SaaS) ERP systems, a new alternative approach to traditional on-premise ERP systems. Cloud-based ERP has a myriad of benefits for organizations. However, infrastructure engineers need to address data security issues before moving their enterprise applications to the cloud. Cloud-based ERP raises specific concerns about the confidentiality and integrity of the data stored in the cloud. Such concerns that affect the adoption of cloud-based ERP are based on the size of the organization. Small to medium enterprises (SMEs) gain the maximum benefits from cloud-based ERP as many of the concerns around data security are not relevant to them. On the contrary, larger organizations are more cautious in moving their mission-critical enterprise applications to the cloud. A hybrid solution where organizations can choose to keep their sensitive applications on-premise while leveraging the benefits of the cloud is proposed in this paper as an effective solution that is gaining momentum and popularity for large organizations.
Keywords: ERP, cloud computing, cloud ERP, data security, confidentiality, integrity
Introduction
“The cloud” has been a buzzword in the last few years and has caused a revolution in the information and communication technologies (ICT) industry. As IBM states, “Cloud computing, often referred to as simply ‘the cloud,’ is the delivery of on-demand computing resources, everything from applications to data centers over the internet on a pay-for-use basis.”[1] This new trend changes the way organizations deploy services, platforms, and infrastructure of information technologies (IT). The variety of applications and services offered by this new concept affect organizations and individuals who notice the benefits of cloud services in terms of efficiency, flexibility, and reduced investment effort, while technology companies and traditional operators see an opportunity to expand their businesses.[2]
According to Gartner, cloud-based services can be defined as “massively scalable system capabilities delivered as a service to external users using internet technologies.”[3] A study about cloud computing models describes that based on the completeness and abstraction levels of services delivered to the end user, there are three types of services offered through the cloud, namely infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (SaaS).[4]
Cloud computing has marked a substantial change in how IT services are developed, implemented, updated, maintained, and paid for. The evolution from traditional service organizations to the emergence of full internet-based service providers, namely through the cloud, enables the provision of flexible, scalable, and economical services.[5]
In an environment of global competition, there is growing recognition of the central role of IT in determining the overall success of organizations. The alignment of business objectives, strategic vision, and information technology, combined with strategic planning, could be seen as a key objective to seek efficiency in their operations. Enterprise resource planning (ERP) systems have played an important role in the integration of business functions within organizations to support the generation of products and services.[6] In any modern organization, the term ERP refers to the software used to plan and manage the organization’s resources across all functional areas by integrating the information through those functions and beyond the boundaries of the organization.[7]
In today’s highly competitive business landscape, the trend for organizations is to focus their resources and efforts on what they do best and leave the supportive services in the hands of more specialized third parties. The world’s economic model in IT today is moving from “buy and own” (on-premise) to a subscription-based, pay-per-use (cloud-based) model. The migration from traditional (on-premise) ERP to cloud-based ERP could help organizations to manage their costs efficiently and improve their operations. As such, deploying ERP software in a hosted or on-demand environment could support organizations to improve their business processes and remain competitive.
Cloud-based ERP provides organizations with the possibility to choose the provider that best suits their needs, eliminating inflexible traditional on-premise ERP solutions. However, Lenart[8] argued that while there are many advantages to the use of ERP implemented in a SaaS model, there also are drawbacks, especially those related to security and integrity of the data stored in the cloud.
Hence, the research question explored in this paper is “what are the data security issues in cloud-based SaaS ERPs?”
The next section presents the methodology used in this study. Following that is a literature review done on cloud-based ERP, comparing the advantages of ERP when adopted as a pay-per-use model versus a traditional on-premise solution. After the literature review several findings are presented on cloud ERP, illustrating the adoption factors and benefits for small, medium, and large organizations. Finally, the paper concludes with recommendations for organizations to ensure the security of sensitive corporate information when adopting cloud-based ERP, as well as the conclusion.
Method
The research approach was based on an exploratory search to review the existing literature on SaaS cloud-based ERPs and their benefits. Additionally, several papers were studied to identify issues on data security, particularly confidentiality and integrity problems that organizations should be aware of before adopting cloud-based ERP solutions. More than 50 articles from 2008 to 2015 were found from several A and A* journals[9] such as Journal of Information Systems, MIS quarterly, Journal of Innovation, Management and Technology, Journal of Systems and Information Technology, International Journal of Computer Applications, and Journal of Network and Computer Applications, among others. Searches were made using remarked academic databases and search engines for computer science and information systems fields: IEEE Xplore, Emerald, ACM Digital Library, Gartner Core Research, Science Direct, and Google Scholar. Furthermore, specific search terms included “cloud ERP,” “hybrid ERP,” “implementation of ERP,” “SaaS ERP,” “cloud computing,” and “data security issues.”
After reviewing all the articles and papers, key insights and findings were gathered and classified according to the size of organizations. Based on the findings, several recommendations and possible solutions are outlined in this paper.
Literature review
Cloud ERP
The success of cloud computing, combined with the increasing pressure on organizations to respond to unique customer needs in the increasingly competitive business environments of today, has given rise to the new subscription-based delivery model for ERP, also referred to as cloud-based ERP or SaaS ERP. This new model of ERP systems functions in the same way as a traditional on-premise ERP solution. The main difference is that the infrastructure (the software, as well as the hardware and network connection) adopts a pay-per-use model; in other words, ERP is delivered as a service.[7] The ERP in a SaaS model is accessed over the internet, while the application and data is controlled by the cloud service provider and offered as a “ready-to-use” product to the end client for a monthly subscription fee.[10]
Traditional ERP vs cloud ERP
A cloud-based ERP system uses the advantages of cloud computing to offer a new and more flexible approach to host and use ERP systems. A widespread shift from traditional ERP system architecture towards cloud-based SaaS ERP systems is ongoing.[8] The advantages of cloud computing are for example easy usage and accessibility, virtualized resources, scalability, affordability, and availability, guaranteed through service level agreements (SLA).[11] Cloud computing, and in particular SaaS technology, enables ERP systems to invert some of their typical weaknesses which are inflexibility, lack of scalability, and consummation of massive local resources (hardware, manpower, and financial expenditures) into advantages. Although significant concerns remain in the form of limited functionality, the potential loss of internal control, performance reliability, and security, cloud-based models continue to gain traction.[12]
Figure 1 clearly shows the differences in operating costs, solution complexity, and implementation time of a traditional on-premise ERP system in comparison to cloud-based ERP systems.
|
In comparison to traditional ERPs, the advantages of cloud-based ERPs include[10]:
- enabling smaller clients who are not able to set up a complete, complex ERP system on-premise to use ERP;
- saving infrastructure expenditures (no large up-front capital investment necessary), as well as software, maintenance, and updating costs[13];
- reducing the staff needed for support and maintenance;
- enabling faster implementation of a cloud-based ERP, with less effort needed due to its agile design[13]; and
- offering better scalability (hardware/performance/user accounts can be increased quickly when needed but can also be easily reduced as well when resources are not needed anymore);
- enabling mobility (server in the cloud is always accessible, wherever the employee works).
Possible disadvantages include:
- organizational data is stored in the cloud and not on-premise;
- possible integrity and security issues due to loss of control over data storage and systems; and
- dependency on the cloud provider.
Data security issues in cloud ERP
As discussed in the previous sections, there is a clear tendency to move enterprise services and systems to the cloud. However, it is important for organizations that want to implement or use an ERP in the cloud (SaaS, PaaS or IaaS) to address the possible issues and risks of migration. Some of the main drawbacks in any cloud-based ERP are related to data security, performance, and availability. Dillon et al.[14] have categorized security of data as the primary concern for organizations. Accordingly, this paper is focused on data security issues for cloud (SaaS) ERP.
Bishop[15] states that computer security relies on the confidentiality, integrity, and availability of data. From that context, cloud computing and ERP systems directly influence the required level of security. For example, as mentioned in the previous sections, ERP systems manage organizational data for essential business operations. Therefore, it is crucial for organizations to ensure data confidentiality and integrity in a cloud environment.
References
- ↑ "What is cloud computing?". IBM. https://www.ibm.com/cloud/learn/what-is-cloud-computing. Retrieved 01 February 2017.
- ↑ Lin, A.; Chen, N.-C. (2012). "Cloud computing as an innovation: Percepetion, attitude, and adoption". International Journal of Information Management 32 (6): 533–540. doi:10.1016/j.ijinfomgt.2012.04.001.
- ↑ "Cloud Computing". Garner IT Glossary. Gartner, Inc. https://www.gartner.com/it-glossary/cloud-computing. Retrieved 27 September 2015.
- ↑ Gorelik, E. (January 2013). "Cloud Computing Models" (PDF). Massachusetts Institute of Technology. http://web.mit.edu/smadnick/www/wp/2013-01.pdf.
- ↑ O'Loughlin, M. (September 2014). "IT Service Management and Cloud Computing White Paper". Axelos Limited. https://www.axelos.com/case-studies-and-white-papers/it-service-management-and-cloud-computing. Retrieved 23 January 2017.
- ↑ Shehab, E.M.; Sharp, M.W.; Supramaniam, L.; Spedding, T.A. (2004). "Enterprise resource planning: An integrative review". Business Process Management Journal 10 (4): 359-386. doi:10.1108/14637150410548056.
- ↑ 7.0 7.1 Johansson, B.; Alajbegovic, A.; Alexopoulos, V.; Desalermos, A. (2014). "Cloud ERP Adoption Opportunities and Concerns: A Comparison between SMES and Large Companies". Pre-ECIS 2014 Workshop "IT Operations Management". http://lup.lub.lu.se/record/4770066.
- ↑ 8.0 8.1 Lenart, A. (2011). "ERP in the Cloud - Benefits and Challenges". In Wrycza, S.. Research in Systems Analysis and Design: Models and Methods. Lecture Notes in Business Information Processing. 93. Springer. pp. 39–50. ISBN 9783642256769.
- ↑ "CORE Journal Portal". Computing Research & Education. http://portal.core.edu.au/jnl-ranks/. Retrieved 23 January 2017.
- ↑ 10.0 10.1 Johansson, B.; Ruivo, P. (2013). "Exploring Factors for Adopting ERP as SaaS". Procedia Technology 9: 94–99. doi:10.1016/j.protcy.2013.12.010.
- ↑ Vaquero, L.M.; Rodero-Merino, L.; Caceres, J.; Lindner, M. (2009). "A break in the clouds: Towards a cloud definition". ACM SIGCOMM Computer Communication Review 39 (1): 50–55. doi:10.1145/1496091.1496100.
- ↑ 12.0 12.1 Utzig, C.; Holland, D.; Horvath, M.; Manohar, M. (2013). "ERP in the cloud: Is it ready? Are you?" (PDF). Booz & Company. https://www.strategyand.pwc.com/media/file/Strategyand_ERP-in-the-Cloud.pdf. Retrieved 01 February 2017.
- ↑ 13.0 13.1 Elragal, A.; El Kommos, M. (2012). "In-House versus In-Cloud ERP Systems: A Comparative Study". Journal of Enterprise Resource Planning Studies 2012 (2012): 659957. doi:10.5171/2012.659957.
- ↑ Dillon, T.; Wu, C.; Chang, E. (2010). "Cloud Computing: Issues and Challenges". Proceedings of 24th IEEE International Conference on Advanced Information Networking and Applications 2010: 27–33. doi:10.1109/AINA.2010.187.
- ↑ Bishop, M. (2005). Introduction to Computer Security. Addison=Wesley. ISBN 9780321247445.
Notes
This presentation is faithful to the original, with only a few minor changes to presentation. In some cases important information was missing from the references, and that information was added. The original article lists references alphabetically, but this version — by design — lists them in order of appearance.
