Lately, we were discussing the future of the ERP. Imagining this future, what was said? Simply that there were chances to see many services connected to each other. Each perfectly fulfilling its mission as a true professional would. That being, what kind of impacts can one expect when using cloud applications, in terms of the security of digital environments?

A long, long time ago, in the last century, before the Web was invented, cloud computing did not exist. Each company had its infrastructure hosted in its premises and all the tools were installed on its servers. At the beginning of the computing era, cybersecurity was not the most important topic. At least not in everyone’s mind as it is these days. Over time, castles and fortifications were built around our systems. Computer scientists awakened the digital Vauban [brilliant 17th century French military engineer] who slumbered within them to invent protection systems not lacking in genius. 

Weak castles

Thus, DMZs* were created. These are the famous demilitarized zones inspired by the buffer zones between the first lines of two enemy armies. Such as those existing between North and South Koreas. To enter either country, one cannot do otherwise than transit across these zones. ‘DMZs’ are, therefore, mandatory passages for accessing a company’s IT tools. It is in these fortified border-like areas that checks to prevent viruses going through are done. Likewise, Honeypots appear as well as active defense techniques for luring hackers, identify and possible eliminate them. In addition to firewalls, encryption and other one, two or three factor identifiers have come in as reinforcements. In parallel, business recovery plans (BRP) with infrastructure backups on other sites have also been set up. Nevertheless, hackers manage to break through. No wall seems capable of stopping them. As a reminder, 67% of French companies were the subject of attacks in 2019. Current priority targets: medium-sized companies with between 50 and 249 employees. In other words, those companies with the fewer resources to manage security on internal servers. 

Security without a cloud

But is the cloud a game-changer then? Fortunately so. In all companies using a multitude of cloud-connected services, hackers cannot reach the castle. Simply because there is no castle anymore! The situation has changed and so has the landscape. Going forward, one must imagine being in the countryside, with little, discrete, scattered houses, much harder to target. In concrete terms, of the about twenty IT tools used by a company, a hacker may possibly access one tool and break it. But the other nineteen remain up! So, when a Microsoft Dynamics 365 For Operations and Finance ERP in cloud mode is deployed, complete and dedicated security teams are devoted to implementing complex solutions. 

540° defense

For its part, FiveForty has no any internal server and its IT system uses at least 15 completely interdependent tools. Interdependent but connected, (see What does the future hold for ERP?). Of course, each individual, the same as every organization must implement rules and follow them. Because keeping the same weak password on a Post-It stuck on a screen will always be a risk. Its consequences way too important to be taken lightly. For FiveForty, security is also at the heart of its business. The Microsoft Dynamics 365 For Operations and Finance ERP is the proof. In addition to a password-protected login, that a hacker can easily figure out, it is possible to configure a second security level for the updating of certain sensitive data. For instance, for the validation of production orders or supplier bank accounts. If hackers have managed to go through the first password barrier, they will be blocked for a production order or the diversion of the supplier’s payment to their own account. Within D365FO, this feature is called Electronic Signature. And cybersecurity, that’s also a FiveForty signature!

By J. Lascaux, FiveForty° founding partner

*DMZ, honeypots, encryption and firewalls against hackers and crackers