ERP in the Cloud – what you need to know about controls and security

By - December 2, 2014

Companies today deal with implementing constant technology changes in order to fit their growing needs. Leveraging internal staff for in-house IT needs and storing files in a filing cabinet are rapidly becoming “old school concepts.” Heck, that’s how I started my career at RSM 14 years ago! Technology has moved at lightning speed and I’m getting old.   Online information, blogs, articles and overall opinion overload can often result in a company not fully understanding the technology decisions they make today, and may cost them again in a year or two down the road.

Financial management systems or enterprise resource planning systems, such as Microsoft Dynamics GP, Microsoft Dynamics SL or Microsoft Dynamics AX, have a crucial role to play in a business. And when you think of deploying this systems in the cloud, it would be best to build the appropriate environment for these systems at the get go. SaaS, IaaS, private cloud, public cloud, hybrid cloud and Microsoft Azure are all buzz words that are pushing companies to re-evaluate the need for the typical on premises application deployment.

Where should your ERP reside?

The news of systems being breached within large corporations lately has pretty much hit everyone in some capacity. Coupled with acts from Mother Nature, one can’t help by being swayed to move to the cloud. I’ve talked with many companies that have ineffective IT staff, outdated hardware, outdated software or those that have been suffering from an uncooperative cloud provider.  This experience has yielded several key factors that help lead clients to the appropriate location for their ERP system.

In the next series of blog posts, I will cover these key factors – The 6 C’s:

  • Controls (security in place, both physical and virtual)
  • Compliance requirements (change management, regulatory needs)
  • Continuity (backup measures, recovery, redundancy)
  • Costs (infrastructure comparisons and licensing demands)
  • Competency (skill sets within team to manage IT and ERP)
  • Capacity (growth abilities, peak level settings)

If you’d like a better understanding between the differences between public, private and hybrid cloud, please refer to this blog post from Lee Voigt.


Today, I’m going to talk about controls as this might be the most obvious reason why you should consider offsite infrastructure or hosting of your ERP system.   Let me ask if you’ve ever worked in a company that you could literally walk into the room or area that housed the critical server infrastructure for your business? I know I have. I had the ability at one time to walk directly up to a server and push the blinking light to shut it down. Not much security there, eh? I’ve also had the experience of walking into businesses that had a server under a desk. A step up would be a locked room in the back of the office, such as a closet or storage room holding crucial data.

Now, let’s look at a typical data center. Complete inability to gain access into the server rooms without prior authorization from the data center, logs recording each visit, card scanners and biometrics in place at each locked access point. Onsite personnel and 24 x 7 camera systems in place recording your every move. And these controls are in place just to get you to the area storing infrastructure! Once inside the server room, you are then lead to the locked rack storing your equipment, given the key from a lock box (with PIN required) and again watched from above. This is a true secure environment focused with security of your data or infrastructure in mind.

I haven’t even gone down the road of environmental controls that should be in place. That closet or storage room I mentioned earlier probably didn’t have a regulated cooling system or a server friendly fire support system that will automatically alert the fire department. These things are and should be standard in a secure, controlled server environment. Costly yes, but necessary as well.

Access controls within the servers and applications are key components also. How many users in your office can login with the admin account? How many users have the ability to delete or create users at free will? Is there a log recording this activity anywhere? What if you have a disgruntled employee? What damage can they do to your environment (delete data, lock out other users, download and steal intellectual property)?

There are a number of areas to consider when you think about the controls that really need to be in place when dealing with crucial, sensitive data. I’ve really only brushed the surface and would gladly expand on this topic if you’d like to hear more. But, these items I’ve outlined are really the primary considerations when evaluating your ERP deployment choices.  If you’d like help exploring your deployment options, ask our professionals about Cloud Computing Rapid Assessment®.

By: Bobbi Kuhlman – Cloud Services for Microsoft Dynamics

Receive Posts by Email

Subscribe and receive notifications of new posts by email.