TECH INTELLIGENCE: A back door for hackers?

Enterprise resource planning—the type of software that many organizations use to manage supply chain operations, accounting, procurement, and other routine business activities—can offer many benefits. When an online order is submitted, the ERP system automatically checks prices, initiates credit checks, verifies product availability, and notifies the appropriate departments to schedule delivery. Once an order is completed, the system can send invoices and coordinate record keeping and inventory replenishment.

All this is very useful, but there are many security threats to ERP systems. Often unrecognized by customers, vendors who build and integrate processes, cybersecurity services, and other partners who implement these solutions.

Because ERP systems are typically deployed on cloud servers behind firewalls, business clients tend to perceive ERP systems as impenetrable. However, as attacks against ERP systems increase, it becomes clear that an effective intrusion detection and protection system must start on the front line.

more tech intelligence

Security concept: Pixelated Closed Padlock icon on Digital background with empty copyspace for your card, text or advertising

A well-designed frontline defense that incorporates organizational planning and security best practices becomes a digital “fence” that cannot be easily extended. Security solutions can be bundled into services to develop comprehensive ERP security configurations.

The basic concept involves layering multiple security controls across vulnerable entry points. A good starting point is to include complex passwords that are securely stored and regularly updated in combination with multi-factor authentication. Encrypting sensitive data adds another layer of protection.

One often-overlooked component of defense-in-depth involves the application program interface, which acts as an intermediary between software and programs requesting data. APIs can add tremendous value to an ERP program, but they are often developed by third parties as “add-on” products and can be a weak link in security. However, a qualified IT support service provider can review API security and investigate security issues such as:

  • Consistency: Are API endpoints predictable and well-documented?
  • reliability: How often do API endpoints experience downtime?
  • speed: Does your API respond to requests quickly or slowly?
  • Security protocol: Who has access to your APIs, and what safeguards are in place to ensure that external programs comply with your terms of use?
  • Vendor response: Do API vendors report outages or scheduled maintenance to users?
  • access: Can I restrict source and destination access to a small set of IP addresses or connections?

An experienced IT support services company can also scrutinize business contracts with API vendors to determine how much responsibility the vendor has for security and other issues. An experienced IT support provider may also have a working relationship with an API developer, making it more likely that the provider will be able to suggest a developer that fits the needs of their business client.

Carl Mazzanti President, eMazzanti Technologies

Mazzanti

An effective defense system also includes additional fences such as security intelligence and event management platforms that can detect threats before they disrupt your business. His cloud-based SIEM platform can aggregate log data to highlight incidents, events, and anomalies while streamlining user processes, increasing efficiency and reducing operational costs.

Data is the lifeblood of modern business, and your ERP system is where your data lives. Therefore, companies that implement ERP security best practices reduce the chances of their systems being compromised while supporting data safety and making things more difficult for cybercriminals.

Karl Mazzanti is president eMazzanti Technology in Hoboken.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *