The Onapsis Security Blog

The world of business-critical application security and compliance is dynamic, with new developments happening on a continuous basis. Read our blog posts for recommendations, insights and observations on the latest news for safeguarding your SAP® and Oracle® applications.

Blog Banner

3 Tips to Mitigate Security Risk During an ERP Cloud Migration

Thank you to Barry Snow of our Professional Services Team for sitting down with me to help contribute to this blog post. 

Your Enterprise Resource Planning (ERP) system, whether it’s SAP or the Oracle E-Business Suite (EBS), is vital to your organization’s processes. It can support all business functions, including finance, manufacturing, procurement, ordering, services, human resources and more. Keeping your ERP system functional and performing efficiently and at a high level is an absolute must. To optimize performance, making changes is necessary. One of the biggest challenges with making changes to the ERP system is that these changes can create security and compliance risks or expose new exploit opportunities on existing vulnerabilities. 

Some common change scenarios to your ERP system include applying security patches, updating servers, upgrading software versions and migrating servers and applications to the cloud. While each of these changes can introduce varying degrees of risk, I am going to focus this blog on a major change agent that is trending today, ERP cloud migrations.

ERP-to-Cloud migration projects already exist at many organizations as either ‘in discussion’, ‘in planning’, ‘in progress’, or already ‘a reality.’  Are you moving your servers that support your ERP system to a cloud service? Or, are you moving your entire ERP system to the cloud where it will be also be managed by SAP, Oracle, or another managed service provider? Either way, I will offer up a few tips to manage and mitigate the risks from start to finish to help ensure a successful migration. Of course, I’ll also put a plug in for how the Onapsis Security Platform (OSP) can help as well.

Tip #1: Start Your Migration with Proper Configurations and Controls
Before starting your ERP migration, you will want to make sure your systems are configured correctly and you have the proper controls in place. Establish your configuration and controls baseline. Then, assess your systems against that baseline. Here’s where OSP can help you automate this process, so you know exactly what to fix and see your progress as you address identified issues.

Tip #2: Complete Outstanding Vulnerability Remediation Cloud Migration Prerequisite 
It is essential to reduce the risk exposure of your ERP’s vulnerability footprint before moving to the cloud. For example, if you need to upgrade your SAP ERP Central Component (ECC) to ECC EHP8, you will then want to finish that upgrade effort with any associated remediations ahead of the cloud migration initiative. 
  
Tip #3: Remain in Control After the Migration
You just put your organization’s most business-critical applications and important assets – the crown jewels of your business – in the cloud. Whether it was a migration to a private or public cloud or managed service provider, you are still going to want visibility into your ERP system to ensure and maintain security and compliance. You might even feel like someone moved your server room from “down the hall” to an externally hosted vendor location that is totally out of your control. But, your mission of managing risk and keeping your ERP system secure and compliant did not change. You are still accountable and responsible. OSP can help you remain in control by providing continuous monitoring and assessments of your ERP system, even when it has migrated to the cloud. You can continue to identify and remediate issues and vulnerabilities, while mitigating risk and ensuring security and compliance.  

Onapsis is actively working with multiple customers who are currently migrating their ERP systems to the cloud. We also are actively involved with industry alliances that focus on cloud initiatives. We just recently worked with the Cloud Security Alliance (CSA) on a research survey, “Enterprise Resource Planning (ERP) Applications and Cloud Adoption.” According to the survey, 69 percent of organizations are migrating data for popular ERP cloud applications to the cloud, moving to major cloud infrastructure-as-a-service providers. The survey also discovered many misconceptions about the responsibility of security and compliance of ERP systems while moving to the cloud. 

Whether you are planning, starting or right in the middle of your ERP cloud migration, Onapsis can help you manage your configurations and controls to ensure a secure and compliant migration. We can get you started today with a Business Risk Illustration, an assessment of your ERP system, that will show you areas where you are vulnerable. I welcome you to check out how we secure your ERP systems in the cloud and talk to us today.

Request a
Business Risk Illustration

Examine the operational risk and cybersecurity posture of your business-critical applications to determine the potential impact of sub-optimal application performance, unplanned downtime and an attack on your organization’s ERP platforms.

Engage