*By Lauro de Lauro
With the evolution and consecration of cloud computing, strongly accelerated by the pandemic, it has made it possible for several difficulties faced by companies to adapt to technological changes, such as flexible access to their enterprise resource management (ERP) systems, have become accessible.
For small and medium-sized companies, what is most sought after in ERP systems is the possibility of expanding business operations through automation, remote use and at the same time reducing costs and somehow increasing the physical and logical security of the environment. computation.
In 2020 and 2021 we have seen exponential adoption migrating ERP systems to the cloud and the key issues faced during the migration were particularly around ensuring systems remain compliant with data and security regulations and nearly two-thirds of companies stated that moving sensitive data to the cloud was their main concern.
Moving ERP systems to the cloud is not a complex process, but it requires high specialization and a lot of governance of the environment, some of the best practices adopted are:
Having processes (Playbooks) – Having lean and well-defined processes and practices with measurable and predictable results, using technology to maximize and increase risk visibility is critical.
Change management – With integrated change management, teams can work with a clear and well-defined flow to understand the implications that any changes have on the stability and security of the environment.
Deployment Planning – A great approach to planning the deployment of any application or change is critical integration and cooperation between operations and development teams.
Unified Stakeholder Engagement – For effective governance of the environment, developers, operations staff, testers, and support staff must work together on a regular basis.
Continuous testing – This is common in agile projects and extends to cybersecurity approaches. This continuous validation approach allows you to ensure that vulnerabilities and/or misconfigurations can be discovered quickly. It is common for an attacker of an environment to be in possession of privileged access credentials for weeks or months without anyone having discovered it, continuous testing ensures the visibility and/or fragility of the environment.
Clear panels – Define clear roles in crisis cases, how they will act and what mitigation procedures are essential to act during a crisis.
With a well-implemented governance process, the greatest risk to cloud security is certainly minimized and will enable strict controls of access policies, configurations and anti-malware and patching technologies that, once implemented in the environment, will certainly minimize the company's risk. .
Several products and solutions can be employed to protect cloud ERP systems environments, whose highest order of adoption are identity and access management, firewalls, vulnerability assessments, intrusion prevention and detection systems.
Finally, while the migration from ERP to the cloud is beneficial for companies and, in some ways, inevitable, companies need to strongly evolve in the governance of their environments, ensuring that the impact of likely risks on the business function is minimal. .
* Lauro de Lauro, COO of Sky One Solutions and Board Member of ABES
EN 
PT 
