Cloud 101

CSA Official Press Release

Published 02/12/2018

Cloud Security Alliance Issues State of ERP Security in the Cloud Report

Cloud Security Alliance Issues State of ERP Security in the Cloud Report

Newest research paper examines security, privacy challenges of migrating ERP systems to the cloud

SEATTLE, WA – February 12 - 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released The State of ERP (Enterprise Resource Planning) of Security in the Cloud. The research paper is the first in a series planned over the coming year from the CSA ERP Security Working Group and aims to provide IT and management professionals with a sound overview of cloud security for ERP systems while simultaneously examining the privacy challenges involved.

“Modern organizations have long relied on legacy and on-premises systems to manage a host of automated services and data, from inventory and order management to human resources and customer relationship management. However, as the technology driving these systems is increasingly becoming obsolete, enterprises are realizing they must shift these business tools to the cloud if they are to remain agile and competitive,” said Charlie Singh, co-chair of the CSA ERP Security Working Group and SAP security and GRC leader at IBM. “Unfortunately, many IT managers are still unfamiliar with the intricacies of securing such systems in the cloud, and that’s where our latest research comes in.”

“We are hearing from many of our customers that they are actively starting to move their ERP implementations to cloud environments,” commented JP Perez-Etchegoyen, co-chair of the CSA ERP Security Working Group and CTO at Onapsis. “As a lead research pioneer in this emerging space, we are excited to co-launch this white paper with the CSA to begin enabling organizations to understand what their cloud environments will consist of and begin taking measures to secure them.”

The paper, sponsored by Onapsis examines such topics as:

  • Common challenges in ERP security;
  • General security concerns in cloud-based ERP applications, including data residency, user activity and access monitoring, and incident response; and
  • Security around SaaS ERP applications and IaaS ERP deployments.

“Migrating large ERP systems can take months if not years of planning,” said John Yeoh, Research Director, Americas for the CSA. “These deployments involve significant investment of time and money and are extremely complex. It’s these complexities that make standard security measures difficult to implement. We hope this paper initiates much-needed discussion of how to comply with security and privacy guidelines to protect organizations’ critical infrastructure.”

The ERP Security Working Group seeks to develop best practices to support organizations that are planning or are in the process of securely migrating or operating their large ERP implementations, as well as all other business-critical applications in the cloud. Individuals interested in joining the working group and participating in future research can do so by visiting

The State of ERP Security in the Cloud is a free resource being offered by the CSA and is available at

Editor’s Note: CSA research prides itself on vendor neutrality, agility and integrity of results. Thank you to our sponsors for helping fund the development and quality control of our research lifecycle. Sponsors are CSA Corporate Members who support the findings of the research project but have no added influence on the content development or editing rights of CSA research.

Share this content on your favorite social network today!

About Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.

For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.