Improving the Security of Cloud-based ERP Systems
Enterprise resource planning (ERP) systems integrate internal and external management information across an entire organization, embracing finance/accounting, manufacturing, sales and service, customer relationship management, etc. ERP systems automate this activity with an integrated software application.The architecture of the software facilitates transparent integration of modules, providing consistent flow of information between all functions within the enterprise. ERP popularity has rapidly increased in the last few years and they are starting to be used by all types of businesses. In this regard, the ERP is becoming a system with high vulnerability and confidentiality in which security is critical for the system to operate. Recent studies show that many ERP vendors have already integrated some kind of security solutions, which may work well internally. However, in an open environment, one needs more advanced and innovative technological approaches to secure an ERP system.
In this paper, we evaluate how and to what extent one can improve the security of an ERP system by implementing a set of security measures addressing the current top security threats. The paper evaluates the effects and provides conclusions on the applied security measures using ArtAIIS – Artisoft’s cloud-based, web-enabled software-as-a-service ERP system.
M. A. Rashid, L. Hossain and J. D. Patrick (2002): Evolution of ERP Systems: A Historical Perspective, Chapter 01, DOI: 10.4018/978-1-931777-06-3.ch001, IGI Global
G. Dhillion (2004): Guest Editorial: the challenge of managing information security. International Journal of Information Management. Volume 24. pp 3 – 4
G. Fathima Haseen Raihana (2012): Cloud- ERP: A Solution model. IRACST - International Journal of Computer Science and Information Technology & Security (IJCSITS), ISSN: 2249-9555 Vol. 2, No. 1
C. Marnewick and L. Labuschagne, (2006): A Security framework for ERP Systems, Academy for Information Technology, University of Johannesburg.
OWASP, (2010): The ten most critical Web application security risks (Top 10). The Open Web Application Security Project. Accessed on 18.04.2012
C. Herberger – SCMagazine (2010): Defense in depth: building a holistic security infrastructure, Accessed on: Februray 2012, (http://www.scmagazine.com/defense-in-depth-building-a-holistic-security-infrastructure/article/190025/
Microsoft (2005): Prevent Cross-site scripting in ASP.NET, Accessed on: February 2012. http://msdn.microsoft.com/en-us/library/ff649310.aspx
Microsoft (2005): Protect from SQL Injection in ASP.NET, Accessed on: February 2012. http://msdn.microsoft.com/en-us/library/ms998271.aspx
C-SharpCorner (2004): How to secure your Web Applications, Accessed on: February 2012. http://www.c-sharpcorner.com/UploadFile/krishvr/securewebapp11262005011914AM/securewebapp.aspx