Adoption of cloud solutions is spreading far and wide. Many businesses have turned to cloud ERP systems to reduce human capital costs, others to increase efficiency and flexibility – all valuable benefits amid ongoing pandemic disruption.
However, continuous cloud updates are not a ‘fix-all’ solution to ensure ongoing operations. Thorough testing of updates and implementation of sound security policies must be used in conjunction with regular updates to ensure consistent operational functionality and security.
The benefits of cloud ERP are clear
The Software-as-a-Service (SaaS) cloud model has very much established itself as a superior alternative to the previous long-term, on-premise ERP strategy that can only be described as ‘find a version that works for you then sit on it for as long as possible’.
Gone is the in-house management burden of quick fixes, patchwork integrations and rushed responses to emerging security exploits – an approach that often detracted from other business-critical IT tasks. By opting for a cloud ERP system, businesses can take advantage of thousands of dedicated staff with 24x7 availability on the vendor side, with yet more specialist teams focused on ensuring the security of their SaaS solutions.
There simply is no going back.
The ‘evergreen’ approach – continuous updates to keep you on track
The Microsoft Evergreen approach automatically schedules regular patch updates to ensure ERP systems are kept as up-to-date as possible, completely changing the way ERP systems are managed – especially in terms of functionality and security.
Traditionally, businesses would avoid updating business-critical systems at the risk of compromising operational functionality or consuming extensive time and resources – a ‘don’t fix what isn’t broken’ attitude.
However, this leaves systems outdated and vulnerable.
The Microsoft Evergreen approach takes the update burden out of the business’ hands. It ensures a cloud ERP system is always kept running on a supported and security-patched version, easing end-of-life concerns.
Testing: Minimised operational disruption, optimised operations and availability
While continuous patch updates increase cybersecurity and improve operations by adding new features, it can also lead to a false sense of security and cause businesses to fall into a trap of complacency. This could include, for example, authorising automatic updates that are incompatible with business-critical systems and leading to major operational disruption.
ERP vendors naturally cannot test these updates for every individual business environment – many of which operate highly customised or extensively integrated ERP systems – creating this low-lying risk of operational disruption.
But of course, many businesses lack the time or resources to analyse all the release notes an ERP vendor produces that contain crucial information on these updates.
Here’s where support from an experienced managed services provider can help ensure business continuity and avoid unexpected threats to day-to-day operations. This would include testing updates on critical processes prior to deployment – a vital task that is increasingly being automated to ease the manual burden on IT staff.
Mitigate against human risk for optimal operational security
While updates improve cybersecurity, especially in terms of countering external threats, it doesn’t fully protect against operational security threats that occur internally. It’s often human error that can put critical systems in harm’s way – for example, a ransomware attack triggered by an unsuspecting user opening a single infected document received via email. The Covid-induced mass shift to remote working has also increased attacks from cybercriminals, as many vulnerable personal devices with typically poorer security were connected to corporate networks.
End-user training in online safety and cybersecurity best practice has never been so important. For ERP systems, application security will also have a vital role to play.
By taking a granular approach to security, IT departments can ensure ease of mind should a user account be compromised, without heavily impacting user access to critical systems and data. When configured correctly, this spans detailed user types with varying privileges, audit trails and additional traceability measures such as automated checks.
And with a cloud deployment, a single end-user account or device being infected will not result in an entire shutdown of operations, like in the case of on-premise systems.
Cloud ERP resolves many issues – but won’t cover all your bases
While there are clear advantages to the evergreen approach over ‘traditional’ periodic upgrades – such as reduced risk and increased functionality – businesses must not become complacent about operational availability and security. Cloud ERP doesn’t solve all the issues, and operational security remains the overall responsibility of the business.
Organisations will need to be proactive in testing updates, to ensure that they are the best fit for the individual business’ ERP configuration and that they optimise operational availability rather than hinder it.
Businesses must also make sure to cover the potential human weakness in operational security, through sound in-house risk management and security policies. These are necessary procedures to ensure long-term cloud ERP success.
But businesses don’t need to lose valuable time and resources to these tasks. These can be automated with the assistance of testing services, such as Columbus’ very own dedicated team of testing specialists that can help reduce the burden and keep you focused on business-critical tasks.
Learn more about our testing service by downloading the brochure below.