Almost two-thirds of businesses are planning to migrate an enterprise resource planning (ERP) system to the cloud or are already doing so, despite many of them having concerns about moving sensitive data, security and regulatory compliance.
That’s according to the Cloud Security Alliance (CSA), which asked 200 businesses about their ERP migration plans.
They represent a small slice of a big market: Businesses will spend US$30 billion on cloud ERP systems in 2021, and a total of US$266 billion on all public cloud services, according to CSA's Impact of Cloud on ERP report.
Scalability was the most common reason for ERP moving to the cloud, cited by 65 per cent of respondents, followed by lower cost of ownership (61 per cent) and security patching and updating by the provider (49 per cent).
Moving sensitive data gave businesses the biggest pause for thought: 65 percent cited it among their top concerns about moving ERP to the cloud.
To make use of the cloud native migration tools providing access control and encryption of data at rest and in transit, though, businesses will need to re-architect their systems for the cloud environment, CSA warned.
This rules out the fastest way of getting a workload into the cloud, lift and shift, which would simply perpetuate existing problems with patching and access controls.
And it means enterprises wanting to move their ERP systems to the cloud have more design work ahead of them than just specifying the kinds of server instances and storage they want.
Security concerns were raised by 59 per cent of respondents, despite some evidence that security in the cloud can be an improvement over that of on-premises systems.
The security challenge for enterprises is not the cloud itself but their own policies, configurations and technologies, according to CSA, which warns that 95 per cent of cloud security failures are the customer’s fault.
Businesses on the whole are confident about the security of their systems: 51 per cent claimed not to have had any ERP-related security incidents in the preceding two years, while 44 per cent took the more realistic view that they didn’t know if they had had any.
The remaining five per cent reported an average of 3.8 security incidents each over the preceding two years.
CSA asked businesses about the security products protecting their cloud ERP systems. Identity and access management was in use by 68 per cent of them; firewalls by 63 per cent, vulnerability assessments by 62 per cent, and intrusion detection and prevention systems (IDS/IPS) by 59 per cent.
Only 38 per cent used a security information and event management system (SIEM) and 29 per cent a cloud access security broker (CASB).
Other concerns about moving ERP to the cloud included compliance challenges (54 per cent), disruption to business operations caused by the migration process (47 per cent), and the time taken to migrate data (46 per cent).
Enterprises have good reason to worry about delays in migrating data: 90 per cent of CIOs have already experienced data migration projects not going as planned due to the complexity of moving from on-premises to the cloud.
Only a quarter met their deadlines for such data migrations, with the average data migration taking 12 months.
Those missed deadlines hide two areas of concern for CIOs: the difficulty of accurately estimating how long data migrations will take and the number of unexpected problems they may encounter along the way.
Businesses moving data to the cloud need to plan for the worst and ensure that their ongoing business will not be impacted if there are delays.
Following the data
Much of this data is ending up with Amazon Web Services, the destination for 28 per cent of the businesses surveyed, or Microsoft Azure (25 per cent). SAP’s cloud is picking up another 14 per cent, IBM’s 10 per cent and Oracle’s eight per cent.
Contrast that with the ERP systems used by the businesses surveyed: 52 per cent of them use SAP (rising to 70 per cent among businesses with 50,000 employees or more.
Oracle’s ERP is used by 36 per cent, and Microsoft Dynamics by 24 per cent, rising to 50 per cent among businesses with fewer than 5,000 employees, a category accounting for half the respondents.