Why Your Cloud ERP Needs Role and Record-based Security
Caleb Finch | Marketing/Communications for QAD
Adaptive ERP
One of the best things about an adaptive ERP solution in the cloud is the way it facilitates communication and collaboration with all your trading partners. Whether it’s enabling customers to enter or manage their own orders over the internet or quickly communicating schedule and demand changes to your suppliers, cloud-based ERP has helped thousands of manufacturing companies manage the current global supply chain snarls.
But opening your essential ERP system to even trusted third parties isn’t without some risk. You have no way of knowing whether your customer forgets to change their password after an employee leaves, for example. Or if one of your suppliers checks for schedule changes from an insecure network in an airport or coffee shop. With open collaboration in the cloud, if you aren’t careful, your system’s security is only as good as the security in your trading partners’ networks.
Cloud Providers Typically Offer Strong Security
That’s why one of the first questions you should ask prospective cloud partners is to explain their security. Many cloud options have superb, state-of-the-art security on their networks. They keep the network up to date with patches and security fixes. They have physical security for their buildings, to prevent unauthorized access, often including live guards and CCTV monitoring. They have automatic backup and recovery, fail-over systems, and redundant sites. They take security seriously. In many cases, your data security comes down to the security within your enterprise applications.
Data Security Also Depends on the Applications
Most enterprise business applications provide security at the module and menu item level. They may have separate security authorizations for add, change, delete and modify actions.
But if you’re sharing data with third parties, even that isn’t enough. You need both role-based and record-based security.
Most ERP Platforms have security that grants or denies access to specific menu level items, but maintaining such detailed security structures for individual users can be complex and time-consuming. To be feasible, you need a way to assign security access quickly but flexibly.
The Security Value of Predefined Roles
A series of roles within the ERP that have predefined levels of access to the typical functions required by the role will provide such flexibility. While you can’t change these predefined roles, you can copy them as a baseline and then add or remove required capabilities and functions to match the business processes in use at your company.
Also Needed is Record-level Security
When opening your system up to trading partners, whether for record maintenance or simple inquiries, role-based access alone isn’t enough. You also need record-based security.
Record level security allows you to restrict user access to individual records. If you grant access to customer order inquiries, for example, you can restrict a user to seeing only records for their customer number. In that case, you won’t have to worry that they will check prices or terms you may have granted to other customers.
The same goes for suppliers. Supplier users with record-level security in place would be able to see only records for their own company. They can’t see that you are paying one of their competitors more than you pay them for a similar product or service, for example. Once you understand it, you realize that record-level security is essential for rapid, efficient cloud-based communication with trading partners.
You Need an Adaptive ERP
No business stays the same for long, so your business processes, trading partners and collaboration needs most likely won’t stay the same over time either. You need a sophisticated security system able to handle the nuances of every trading partner relationship, but with a simple method of maintaining access.
Talk to Strategic about an Adaptive ERP with industry-leading security to provide the protection, flexibility, and ease of maintenance you need to adapt to changes in your business.