Hybrid ERP: the postmodern transformation for ERPs
Postmodern ERPs are the new form of ERP systems, no longer coming only from single-instance megasuites such as SAP or Oracle. ERPs are now hybrid – mega-suite on-premise but also partly in the cloud – or even fully outsourced.
Analysts have been paying attention for several years now to this rising phenomenon but this is it. Hybrid ERPs are not a hype but becoming the norm, year after year. Indeed, according to a Gartner study, within 3 years less than 1 out of 5 multinational companies will still be having a single-instance megasuite ERP system.
ERP transformation projects are launched for various business needs, from adopting a new marketing or HR cloud-based management solution, a new Saas CRM such as Salesforce or conducting a major ERP renovation after years with costly megasuites.
Paying attention to security risks to ensure success and business goals
The enthusiasm coming with such projects and the business stakes shouldn’t make you forget the security risks will probably rise with your company’s transformation projects. With ERPs going to the cloud and, in most cases, spread between on-premise applications and cloud-based ones, new risks appear and more actors are involved.
Here are 5 reasons why you need to put access-related security at the top of your priorities for your hybrid ERP:
- Greater lack of visibility over applications and business processes
- Higher risk of frauds and human errors with more actors involved, including numerous third parties
- Greater risk of data quality and management issues with mutliple data sources and formats
- Less control over HR movements, access rights management and the activity of users regarding these access rights
- Harder to ensure audits and controls over access rights and user activity at a satisfying frequency (larger and more diversified perimeter)
The solution? A proper access-rights security policy, collaboration and Identity Analytics & Intelligence
With hybrid ERPs now becoming the dominant ERP model, the security stakes are high and need to be taken in charge properly. Defining a relevant and realistic security policy is only one of the steps that will ensure success for your transformation projects. The other steps? Enabling and encouraging collaboration between IT and business units in order to reduce the risks related to data collection, transmission and processing but also to conduct efficient and easy access certifications as well as regular controls.
What are often under-estimated risks ? Access-related risks in Active Directory, SoD or even your CRM. With the proper tool you need to ensure a 360° visibility over access rights and how people use them in your company, including contractors and interns. The risks can go from a high number of dormant accounts and ex-employees with access-rights still active in some applications to SoD risks with users able to operate incompatible actions over the Purchase-to-Pay business process.
The need for a cross-applications and business process view for risk analysis and remediation but also controls and access reviews is stronger than ever with a hybrid ERP. Are you ready?