MANAGING ERP SECURITY

Introduction

To mange the risk regarding ERP implementation and ERP project is much larger issue and need to be seen as a whole to ensure that ERP system is implemented and operated successfully during the life cycle

TYPES OF ERP SECURITY ISSUES

Network Security :

Selected customers and suppliers with whom a company need collaboration should be allowed within company’s FIREWALL and should be able to see only relevant data.

Secured network to avoid hackers

TYPES OF ERP SECURITY ISSUES

System Access Security – Role & Authorisation

Valid authorization and authentication for each employee in the organization

“For example the person creating purchase order should not be allowed to release payment”

TYPES OF ERP SECURITY ISSUES

Data Security

During ERP implementation company’s sensitive data are visible to the implementation team members.

Security of the data are more important to the companies like bank,defence,credit card etc…

SYSTEM BASED SECURITY- AUTHORISATIONS

Depending upon the roles and responsibly of

the employees two types of authorization

strategies are supported by ERPs

(I) Activity based authorization(II) Role based authorization

Activity Based Authorizations

Steps:1. Indentify the activities of the

particular process may involve2. Prepare set of transaction code for

each activity3. Prepare authorization role for each

transaction4. Assign the user the specific role

For Example – Leave Approval Process

(I) Identify the activities(I) View Leave Balances(II) Execute and approve workflow for leave

request

(II) Prepare set of code(I) View Leave Balances - XX(II) Execute and approve workflow – YY

(III)Prepare authorization roleZ:HR_APPROVE_LEAVES will consists XX

and YY.

Advantage and Disadvantage

Advantage of activity based is Flexibility in

assigning various combination of transaction

sets.

Disadvantage is Transaction code should be

carefully created to avoid duplication

Role Based Authorization

Instead of focusing on individual activity hereauthorization is created for a “Role” for

example“Procurement Role”.Steps:(I) Identify the transaction codes that each

role in organization require(II) Prepare authorization role for list of

transaction(III)Assign role to the user.

Advantage and Disadvantage

Advantage of role based is authorization role becomes specific to identified role in a function, therefore future modification can be managed easily.

Disadvantage : This method requires careful standardization of roles.

Different Types of Authorization

Role Transaction Code Types of Authorization

Material Manager Material Master Create,Change,Delete,Display

Goods Issue Clerk Material Master Display

Data Security and Technology For Managing DATA

Data Masking:The Process of concealing sensitive data in

development, test or training environment so that developers or testers do not get exposed to this data.

Benefits:1. It meets regulatory compliance requirement2. It enhance data security for outsourcing application

Data Masking Algorithms

1. Shuffling / Reorder2. Random Value3. Hashing4. Date aging5. Numeric Alternation6. Custom7. Substitution with a random value IBM optim is popular data masking

tool