2020 security predictions from Greg Wendt, executive director of Appsian. His comprehensive list of key trends and security challenges enterprises and in particular ERP systems will face in the new year are included below.
Enterprises can expect the trend of increased data breaches in ERP systems to continue to rise in 2020.
Since ERP was first designed as an application product, ERP systems cannot evolve alongside an organization’s evolving IT environment and are unable to integrate with advanced security initiatives. It is and will remain very challenging to keep ERP systems up-to-date and due to the business criticality of these applications, enterprises are wary of switching them out entirely. In order to secure ERP systems in 2020, business owners must realize the criticality of their businesses’ usability of ERP apps. It is the business owner who is more familiar with the users, and as Gartner concluded, it is the user – not the provider – who fails to manage the controls used to protect an organization’s data. With the growing number of connected applications running across the company, such as payment and HR apps, business owners need to evolve their ERP systems and go beyond firewalls.
In 2020, there will be a shift of CIO’s from systems technology experts to data-centric experts as security increasingly becomes more of a data level issue with more regulations arising such as CCPA.
As enterprises become more and more aware that the security of sensitive ERP systems data is a high priority especially with the rise in data privacy regulations such as CCPA, there will be a rise in CDO roles as well as a shift in the roles of CIO’s from focus on systems to a focus on data. This shift will cause many challenges though, as the majority of CIO’s do not specialize in the systems aspect of ERP. Yet, the rise in data-centric compliance initiatives as well as the deployment of fundamental security tools such as multi-factor authentication and SSO within the enterprise, will ease the transition from a systems-centric CIO to a data-centric CIO. Additionally, from an organizational perspective, we can expect more CIO and CISOs at the board level as organizations continue to mature and invest further in security and understand the varying operational budgets.
We can expect more enterprises adopting Privileged access management (PAM) as a key IT security project as well as effective access controls due to heightened third-party risk.
PAM is the first, fundamental level of data protection, privacy and compliance when logging and auditing are concerned, and with more and more data privacy regulations on the horizon, PAM will become a key IT security project in the coming year. Additionally, given that the majority (83%) of organisations engaging with third parties to provide business services identified risks, organizations must hold all third parties at greater liability and bound them by their contracts as to data protocols if breached in 2020.
Users will increasingly demand ERP systems access beyond their corporate networks.
As organizations continue to ask more of their employees, employees will insist that their ERP transactions are available from any location, at any time. In order to maintain high levels of security, ERP transactions have traditionally been available (only) behind corporate firewalls. However, this model immediately causes user push-back, especially as more organizations rely on mobile workforces to scale and keep business running in the coming years. When enterprises insist that employees only execute their ERP transactions when they have access to a corporate network, users will inevitably avoid it which will cause increased strain on an organization across functions. Therefore, in 2020, we can expect more organizations to invest in solutions that focus on enhancing access controls and logging. More and more organizations will begin to understand the importance of expanding access as a table stakes initiative as productivity requirements shift, demanding users to be as mobile as possible.
About the Author
Greg Wendt is the Oracle® PeopleSoft security expert. During his 17 year career, he has been recognized as a leader in data security, application architecture and business operations. He served as ERP Application Architect at TCU where he was responsible for TCU’s PeopleSoft system and was Chairman of the Higher Education User Group’s multinational Technical Advisory Group (HEUG TAG). Greg has led criminal justice and cyber security courses focusing on hacking techniques.