Cloud environments offer greater data security than most on-premises installations. Learn the advantages of running your ERP in the cloud.
Are you prepared for a ransomware attack? Will your on-premises data be secure if an attack does occur? How can you know for sure?
One company recently discovered that its on-premises data servers (provided by an Acumatica competitor) were no match for a ransomware attack. This attack wiped out all of the company’s data. Hoping to shore up its defenses after the attack, the company upgraded to Acumatica Cloud ERP.
What went wrong?
So, where did this company go wrong? While the company thought its on-premises equipment was secure, it failed to keep its network security up-to-date. Spotting this weakness, attackers gained access to the company’s servers, encrypted all the data, and demanded a ransom to release the data back to the company.
Like many companies that fall victim to these attacks, this company was forced to pay the ransom. After making the payment and decrypting the hostage files, however, the company discovered that its data remained unusable. And when the company re-installed its data from backups that took place before the attack, it discovered all the data was worthless because the backups were never tested in the first place!
Why did it happen?
We can’t blame this data breach on the company’s ERP software—but we can blame it on the way in which this software was deployed. Craving control over its data, this company made the common mistake of deploying its software within its own facilities.
Two other major reasons for the breach were the lax security of the company’s IT department and the absence of a reliable backup to recover lost files. As you can imagine, it was devastating for this company’s staff to learn that not only had they lost all their data, but their own negligence in running backups had turned a bad situation into a complete disaster.
Result: Move ERP to the Cloud
After exploring all its options, this company decided to move its on-premises data to Acumatica Cloud ERP. The company now recognizes the value of an ERP provider such as Acumatica that specializes in network access and security in the cloud.
While most companies are aware that security breaches are a possibility, many of these same companies don’t realize that on-premises storage of data increases their exposure to a security breach. Major companies such as Target, JP Morgan Chase and Uber have all been victims of on-premises data breaches over the past five years. In 2016 alone, there were more than 1,000 internal data center breaches, which exposed more than 36 million records.
Lest you think that all these data breaches are caused by lax oversight, JP Morgan Chase spends approximately $250 million every year on security. Even if you’re devoting significant resources to security and applying appropriate prevention measures, you could still be hit with an attack.
On July 25, 2018, United States Computer Emergency Readiness Team (US-CERT) warned that attackers are seeking to access sensitive information by exploiting vulnerabilities in ERP systems. The most vulnerable companies are the ones that can’t apply the many needed security fixes due to complex implementations, customized functionality, or a lack of technical expertise in the prevention and backup process.
In spite of the overwhelming evidence in favor of moving data to the cloud, two old myths about the cloud remain.
Myth #1: Migrating an on-premises application to the cloud is too expensive
Truth: There’s a cost associated with remaining on your current on-premises software. Consider the cost to maintain the software, which typically runs about 18% of the purchase price of the software itself every year. Add to that the cost of upgrading the software to the latest release, plus hardware and software maintenance and support. You’ll soon realize there’s a substantial cost to remaining on a system that, supposedly, is “already paid for.”
Why maintain your software license? In addition to providing new features, software updates also contain critical security fixes. Failing to keep software up-to-date can expose you to security threats that have already been addressed by your software manufacturer.
Find out how much your current on-premises ERP is costing you by using Acumatica’s ERP Total Cost of Ownership (TCO) calculator. This handy tool will help you determine your “cost of doing nothing.”
Myth #2: On-premises installations are more stable and secure than cloud implementations
Truth: Maintaining control over your on-premises servers does not guarantee security. The data centers used to host Acumatica Cloud ERP—such as Amazon Web Services (AWS) and Microsoft Azure—offer fast, reliable, and secure access to your data. They stake their business and reputation on providing an environment for mission-critical applications used by government and financial institutions, and they meet or exceed strict standards (such as SOC 2 Type II). These hosting providers specialize in optimizing their environments with network security tools that few small- to mid-sized companies can match. Consider the benefits that a cloud hosting service can provide:
- Control of physical access to the equipment, including video surveillance and two-factor authentication.
- Environmental protection, including fire detection and suppression, continual power and network connectivity, and climate and temperature controls.
- Protection against unforeseen disasters, such as redundant systems, regular backups, geographical diversity, and failover capabilities.
- Network intrusion prevention, detection, and audit tools to detect and prevent attacks and audit user activity on their servers.
- Regular system maintenance, with hardware and software updates to ensure that all your software is on the latest release.
A word of caution: Your data is only as safe as the weakest link in your security chain. Your company culture must maintain strict policies on data security – whether that data is housed on-premises or in the cloud. Easily-cracked username and password combinations or unsecured email attachments of sensitive company data can undermine even the strongest network security measures a company puts in place.
To ensure the highest security of your mission-critical data, Acumatica recommends a hosted SaaS implementation for your ERP.