Select Page
Custom Cloud: Public Cloud Choices, SaaS Challenges

Custom Cloud: Public Cloud Choices, SaaS Challenges

What to Do When ERP Turns SaaS

I once sat in at a sales conference for an ERP vendor and listened as the CEO explained sales strategy as it related to their ongoing movement to the cloud. He described the situation as one of configurability vs. customizability. There were some customers who could live with and work within the configurable features and capabilities of the base application as they existed “out-of-the-box.” These customers would be targets for the vendors single-tenant and multi-tenant cloud (or SaaS) offerings. For the subset of customers whose needs extended beyond the system’s base configuration, and were in need of custom functionality and integrations, the vendor would still offer the traditional perpetual license. This would allow customers with more complex needs to deploy their applications on-premise or in a private cloud.

ERP Public Cloud Software as a Service

That was the CEO’s perspective. Customers have their own perspective. 

Configuration & Customization to Order

I recently talked with a customer who was struggling to implement the cloud version of an ERP to the vendor’s public cloud. The customer had purchased the software based on a set of assumptions, assumptions that were not instantiated by the vendor’s public cloud (or SaaS) platform. For one, the customer had come from a highly customized in-house suite of applications, and had a highly developer-centric approach to application implementation: if the app didn’t do what you need, customize it so that it would do what you need.

This approach is anathema to ERP implementations in general, and as a customer implementing on a public cloud SaaS platform, the shock was only intensified. The customization toolset to which they believed themselves to be privy to was less than advertised. And the documentation that explained just what was and was not possible was all but nonexistent. As the customer put it, his team’s vast C# skillset went largely underutilized.

Frustrations abounded on all fronts. Creating the necessary reports and labels, whether through Bartender or SSRS had been a disaster, as both the licensing and underlying architecture made for an untenable situation. Development and deployment of new solutions was cumbersome and time-consuming, as it required the vendor to perform the deployment every time a change was made. Similarly, the approved third-party applications that they had purchased in conjunction with the base package didn’t integrate as well as advertised, and they turned out to be even less configurable than the base ERP system.

Worse still, the customer was a user of the ERP’s product configurator module. This mode was itself a mini-development platform, but its features were largely server-side and thus greatly hampered in the vendor’s SaaS platform. The ability to use the module to look up and retrieve data, for instance, was greatly limited on the SaaS architecture, and the customer struggled to construct configurators to handle their complex product needs. Beyond functionality, the overall performance of the application was a drag. For many customers, the move from whip-fast, green-screen legacy platform to a contemporary ERP brings an unfortunate surprise when it comes to basic performance at a user interaction level. But in this case, it was magnified by the performance of the underlying cloud platform.

It was a disheartening conversation and I struggled to offer suggestions, outside of a reimplementation under a perpetual license model. The strange thing was that the customer did not really even come to me looking for help. He was really just venting his frustrations. He had learned enough of the application, its architecture, and the Service-as-a-Software (SaaS) deployment model to know that whatever help he might receive, he was constrained by the architecture to which he had bound himself. The cloud, whose name implies boundless opportunity and possibility, had become a crippling constraint.  

Different ERP systems provide different levels of configurability and customizability. Some systems offer a basic platform with robust tools to use to build custom functionality with which to tailor the base platform. Others provide extensive configurability, as to avoid the need for additional tailoring. The systems that best combine configurability and customizability capabilities stand the best chance of supporting the needs of complex organizations. Even still, the unbridled requirements of a given company can often exceed the combined abilities of an ERP system to handle it.

This may necessitate the need for third-party integrations, to atone for liabilities in the base system. It may require integration to a pre-existing home-grown system, to address the specific needs of the organization. In the most extreme of cases, customers may look to modify the system’s source code to make the system do what it needs. At some point, it should be considered whether such extreme measures justify the investment in ERP at all. Sometimes it is simply a cultural conundrum: if an organization is unable to bend some of its needs to the will of the application, they may truly be better off with a homegrown system, and live with the liabilities that come with such a decision. 

DRaaS for SaaS: When the Public Cloud Vendor Needs to Adapt

Beyond configurability and customizability, the questions of functionality and integration as they relate to an ERP system’s deployment model complicate matters further. The textbook cases regarding ERP customization nightmares from the 1990s all occurred within an on-premise context. The evolution of cloud computing had not yet thrown this new variable into the mix. But with the improvement of server processing power, the expansion of data centers, and the ability to pass larger and larger amounts of data over networks, ERP vendors were able to construct ERP applications that conformed to the public cloud software-as-a-service (SaaS) deployment model.

This shift toward a SaaS model allowed for highly available and highly scalable ERP solutions, whose subscription-based model provided ERP services for a monthly rate. But in doing so, the features and capabilities that these vendors offered were often scaled back significantly, when compared to their on-premise, perpetual license predecessors. Similarly, the integration capabilities of such platforms were drastically reduced to the web APIs that the ERP SaaS platform supported. This made the extension of the application’s capabilities much more difficult to achieve. For customers needing robust and expansive ERP functionality, as was the case with my customer above, the results of a mismatch between business requirements, customization tendencies, and deployment models can lead to a perfect storm of failure and disillusion. 

How does one avoid such a problematic situation? To begin with, there are some key questions to answer at the time of software selection before you’ve signed the dotted line:

  • Firstly, you need to understand the background of your own organization. Are you coming from a standard system or from a highly-tailored home-grown system? Are your business requirements of the variety that are commonly managed by a packaged system? Is the shift from your current system to the future system a small shuffle or a quantum leap?
  • You also need to understand your own expectations for the new system: are you trying to fit your organization into the system, or are you trying to tailor the system to fit your business? Do you see an ERP system as a packaged application or a custom development platform? Companies differ in this approach, and this greatly affects how they intend to use the system, so you need to be explicit about your expectations.
  • Finally, it should be noted that in many cases, a software’s public cloud version will differ markedly in functionality from its cloud cousin. As such, be careful to understand the version from which the Sales Engineers are basing their demonstrations. If you’re looking at a cloud deployment, ensure that the sales team demonstrates the application, as you will experience it as a customer, and not the products more robust, on-premise version.

Cloud services are as unique as business processes, and SaaS companies / SaaS, or public cloud, applications aren’t always as “internet connection, web browser, go” like they’re often advertised to be.

If your corporate office is mandating some form of “cloud” solution, understand that not all clouds are created equal. A system’s deployment mode is not as simple as choosing between an on-premise dinosaur and a public cloud popsicle. One significant alternative to the SaaS vs on-premise dichotomy is a private cloud deployment. Private cloud allows an ERP customer to install an on-premise, perpetual license version of the software, but in a virtual cloud environment. This allows customers to leverage the full set of capabilities, functionality, and integration opportunities that the software offers. For customers bent on heavy tailoring and customization, this allows them to leverage the full set of tools tailor the application to the customer’s specific needs. Further still, this model makes integrations much easier, as it provides access to the application and database server layers, as needed, which can greatly simplify integration architectures. 

Cloud Customs of Custom Code

A company’s implementation story should be neither a laughable comedy nor a disheartening tragedy. With planning and discretion, companies can formulate a successful narrative. Are you in search of an ERP story with a happy ending? Talk to us, and we’ll spin you a yarn.

You can consolidate everything from software licensing and updates to hardware inventory management with EstesCloud Managed Application Hosting. We offer custom solutions for web-based transactions. We might not be famous like Amazon web services, but our private cloud, hybrid cloud, IaaS, and PaaS solutions offer you the personal attention of world-class IT and ERP consultants.

ERP Deployment Options & Cloud Services

Infrastructure as a Service

Platform as a Service

Software as a Service

IT Management Models

In pure form, a public cloud deployment limits your control and troubles cybersecurity and compliance management efforts. Know your enterprise resource planning options before you deploy. The cloud should be one of your most powerful tools as you move your company forward. But cloud computing terminology is hazy, and cloud migration can be a step backward if the deployment model isn’t a good fit. Do you understand your cloud options? Our cloud ERP experts can walk you through the cloud spectrum and help you find the best platform for your business. When a complex ERP like Epicor’s Prophet 21 is going through client-server architecture changes, EstesGroup consultants are here to answer questions so that you can focus on your business, rather than on its supporting software.

Feeling the pressure to upgrade your ERP system to a new SaaS version? Know your options before you commit to the public cloud. Get a free demo and consultation with our cloud experts today.

Hosted or SaaS ERP? Understanding the Differences

Hosted or SaaS ERP? Understanding the Differences

In the world of enterprise resource planning (ERP), companies spend a lot of time on the software selection cycle. Determining which application will best fit the needs of the business also brings deployment model questions to the table. Currently, many manufacturers and distributors are trying to understand the differences between hosted ERP and SaaS (software as a service) ERP. Whether you’ve already chosen your ERP or are in the process of selecting your software, understanding your on-premise and cloud deployment options is key to enterprise resource planning success.

Hosted or SaaS ERP Infrastructure with Cybersecurity Locks

An application’s functionality is understandably important. The best fit that a company can find with its ERP system will very likely lead to a better implementation, with lower costs and reduced risk surfacing as essential benefits. Ideally, you’ll build a solid foundation for all business activities that follow your ERP implementation. Your computing costs should go down, and time formerly spent on technology and software should shift into more time to spend on your business.

What is ERP deployment? 

A key consideration, one that I do not believe receives enough time and effort during the software selection phase, has to do with the deployment of the solution itself. The implications of such a deployment are life-changing for any company, and particularly influential in the manufacturing and distribution industries.

At the time of software selection, it’s important to understand how you intend to deploy your new ERP system. An application’s functionality is almost as important as the functionality itself. For this reason, you’ll want to ensure that the deployment model you choose successfully overlaps with the functionality that you need.

What is a deployment model?

By deployment model, I am not referring to the operating system or the underlying database management system, whether the system is Windows-or Linux based or whether it sits on top of an SQL server or Oracle database. Those are in themselves important considerations, but the deployment model has more to do with installation and accessibility. How will the application itself be installed and accessed by the customer?

What is cloud deployment?

There are two very general classifications of cloud ERP deployment models that you can make to try and understand your cloud options. I would classify these as SaaS (software as a service) and hosted deployments.

The Software as a Service Deployment Model

Software as a service, or SaaS, is the model in which the application lives somewhere in the vendor’s data center, and the consuming customer has no line of site to its deployment. The customer subscribes to the software and consumes the application on a client-only basis, often in the form of a web browser. There is no need to manage a complex installation or oversee the application’s administration. The SaaS deployment model limits your control by limiting your responsibility in regard to application management.

The Hosting Deployment Model

The other common deployment model you could classify broadly as hosting. In a hosted environment, the application is deployed to a known server architecture. This architecture could be an on-premise or a local host, or a colocation facility, but I’m seeing much less of that these days, except with larger organizations that are comfortable with large hardware investments. Most often, I find hosting to refer to some form of cloud data center hosting, where the resources are consumed over the cloud as a service. In this scenario, the software itself is purchased using a perpetual license model and deployed to and administered from a discrete platform.

Hosted & SaaS ERP: Two Roads Diverged

So SaaS and hosting are your two basic options for the underlying technology that will serve as the foundation for your ERP. If you are a customer in the midst of an ERP software selection journey, you need to understand what deployment options are available and how they differ, relative to the specific software you are evaluating. That said, I think some generalizations can be made regarding the two models.

SaaS itself can be divided into two categories. The first would be the family of applications that were built from the ground-up to be browser-based, web applications. Plex, NetSuite, and Salesforce are examples of purely web-based applications. 

Another class of applications would be vendors who are retrofitting their older, on-premise applications to be web-enabled and centrally installed and administered, like any other SaaS application.

In general, SaaS is a great option, especially for what I would consider lightweight applications. The software as a service deployment model provides the functionality you need with a costing model that your accountants will like, and it does this without a lot of administrative IT overhead. 

I say lightweight because I’ve found some challenges with some of the limitations of SaaS functionality. In my own efforts, working within various applications, I’ve found that SaaS applications provide a more limited functionality when it comes to the need for more robust capabilities. This is especially true in terms of reporting or administration, or in the construction of specialized business logic.

If you take a well-known software like Salesforce, for instance, and compare its capabilities to traditional on-premise enterprise systems, you’ll see some challenges or differences in the relative functionality of the two systems. An example might be the administrative tools provided to manage, load, and update data. The capabilities are somewhat comparable, but on-premise applications will almost always be more robust, easier to use, and more effective.

The Future of ERP Deployment Makes All the Difference

Currently, ERP software vendors understand this gap and are working to close it over time, but this process is years in the making. For vendors that offer both on-premise and SaaS versions of their applications, I’ve found that the functionality available in SaaS has a long way to go to catch up with their on-premise antecedents. If you were to purchase the SaaS version and the on-premise version of an ERP from the same vendor, you should expect the SaaS version to underperform compared to the on-premise version.

The resources on ERP deployment out there are not always very clear on what those differences actually are, especially when the information comes from the vendors themselves. 

For a hosted model, whether it is some form of self-hosting on top of an infrastructure as a service model, or a managed hosting situation, where a group is providing the entire platform, you can think of it as an on-premise installation without the risks and costs and overhead that come with an on-premise install. This is great from a functionality standpoint, as the control provides over the server architecture allows you to really leverage the full functionality available to you as a customer.

From my perspective, the difference between SaaS and hosted ERP really comes down to expectations with regard to functionality.

I have seen cases during the software selection cycle where the solutions engineers of various companies demonstrate the capabilities of their ERP systems using their full-bodied on-premise versions, only for the sales reps to actually sell the SaaS-based version of the application to the customer. 

This is done with the implicit assumption that the SaaS-based version contains all the rich features and functionality of its on-premise sibling. But as we’ve discussed, that this is not always the case, and I’ve known more than a few customers who express tremendous frustration over this experience—believing they are buying a luxury car, only to have the dealer deliver them the base model. 

How to Choose SaaS or Hosted ERP

If you are looking at a software that sprung from the web fully formed, like a NetSuite or a Plex, the question is a little more straightforward. There is no option to host the application, and from a functionality standpoint, what you see is what you get.

But if you’re working though the decision as to whether to purchase the SaaS subscription license or the perpetual license of an application, you really need to understand whether the functionality will be available in both versions. Essentially, you need to understand how the user experience might differ between the two versions, and then make your choice from there. 

Companies that need the robust functionality that comes with a perpetual license and an on-premise installation and can’t afford to lose that in moving to a pure SaaS or purely web-based architecture have hosting options. If you wish to avoid the liabilities and costs of an on-premise install, then you need explore some of the hosting alternatives available. There are plenty of benefits to be gained through leveraging the cloud:

  • the scalability
  • the dynamic consumption model
  • the benefits of adaptive computing

With these in mind, your cloud migration should also be done in a process that ensures that you are leveraging the full functionality of the software and not limiting yourself, your business, and your future in the process.

Cloud environments like hosted or SaaS ERP systems demand that your team is ready to handle everything from basic business processes to highly sensitive data. Cloud ERP is becoming the go-to jump, and a cloud based software solution could become a downfall without expert project management.

Software applications are becoming more complex, and your ERP solution will change regularly as your vendor adapts to changing technology. Are you looking for help understanding cloud infrastructure? Our cloud computing consultants have answers. Whether you’re trying to head out of community clouds or get lightning-strike level understanding of single tenant infrastructure, our EstesCloud team is here to help make your business run better.

Know Your Network, Know Yourself

Get a network assessment today

Principles of Successful Supplier Relationship Management

Principles of Successful Supplier Relationship Management

A Shifting Landscape is Changing Supplier Relationships

The past year underscored the impact and the importance of supply chains more than ever. For manufacturers and distributors, the criticality of a robust and flexible supply chain cannot be understated. Supply chains are dynamic—shifting forces raise new concerns, and what was a given yesterday could be a curveball tomorrow. Many of these things, in the broad context of the global supply chain, are outside of our control. That said, even with the variables that come from an evolving climate such as the current day, there are still many things we can control—things that we can do to better manage our specific supply chains.

Supplier Relationship Management Supplier with engineer checking on production in factory

New Supply Chain Challenges Require Adaptive Tools and Processes

Developing tight supplier relationships is key to managing changes in lead time, delivery, prices, and products.

ERP System Management

Change and Opportunity

For many companies, managing the manageable comes through a tighter integration with suppliers. And in many cases, this is accomplished through collaboration platforms such as SourceDay. Portal-based integrations allow customers to work with their suppliers to manage purchase order requests, acknowledgements, expedite requests, exception handling, changes, and the variety of related processes and tools that come with supplier relationship management (SRM) systems. In working with our Epicor ERP and Prophet 21 customers, we’ve seen several principles embodied through the use of such platforms.

Automation

In manufacturing and distribution environments, Automation is often thought of as an improvement inefficiency. Automation in supply chains goes well beyond the simple idea of efficiency. Automation is fundamental to a portal platform like SourceDay, as it provides the bedrock for supply chain effectiveness and its related principles. For example, moving the process of acknowledging a PO from a collection of emails, text messages, and phone calls into a single point of contact builds the foundation for everything that follows: visibility, measurement, collaboration, etc.

Visibility

Fundamental to the successful execution of a supply chain is the visibility of supply and demand between customer and supplier. Changes to global supply chains cascade changes onto suppliers, and concomitantly, their customer base. Lead times, lot sizes, pricing—all can be affected, and keeping these changes organized and updated in your ERP system begins with a customer’s clear “line-of-site” to their supplier’s reality as it evolves. Good data is fundamental to the function of a business system, as it drives all the behaviors of the system, and of the related users. This can be an either-or:

  • Is your data up to date and accurate such that you are making reasonable requests to your supplier?
  • Is the data in your system sending your buyers on supply missions that are doomed to fail?

Companies that can leverage the real-time feedback from suppliers are best equipped to make the act of acquisition a successful endeavor.

Collaboration

The value of a reciprocal relationship between customers and suppliers cannot be underestimated. Beyond the benefits already stated, visibility is fundamental to the development of a successful partnership with your suppliers. The creation of a clear communication pipeline between customers and suppliers allows for more collaborative options, including the ability to quickly adjust dates, shift demand patterns, manage pricing and course-correct, all early in the buying cycle, while options are still available.

KPIs and Metrics

Metrics are key to accountability; you cannot fix what you cannot measure. Can you quantify your suppliers on time delivery performance? Or do you need to perform an extraction from your ERP system, massage the data, such that it can be presented to the organization? Just as metrics are key to accountability, automation is key to developing consistent and timely metrics. For instance, the automation of the process of tabulating plan-vs-actual data without human intervention makes real-time visibility and measurement a reality. 

But what are the metrics you need to successfully manage your supply chain? Supplier delivery performance is an obvious choice. What about acknowledgement rates? Are your suppliers doing a good job of acknowledging your purchase orders? Can you quantify this? Supply chain researchers have found that acknowledgement rates strongly correlate with on-time delivery performance. Thus, a company can view a supplier’s acknowledgement score as a leading indicator of their ultimate delivery performance. As such, when you bring in a new supplier, you should have the tools to quickly assess how well they are acknowledging their POs, even before shipments arrive.

Putting the Pieces Together for Wholesome Supplier Relationships

As companies implement and optimize their ERP investments, the search to better fine tune and extend their systems becomes the next priority. We’ve found that the extension of the supply chain thought vendor portals such as SourceDay to be one key way that companies maximize their ERP investments and optimize their internal and external business processes.

Are you in search of the next step to your ERP implementation? Come to our most excellent session with SourceDay on “Bridging the Gap Between Epicor and Suppliers for Distribution Companies” and learn how their solution can help you with supplier relationships.

Prophet 21 Event: Servers, Financials & Supply Chains

Prophet 21 Event: Servers, Financials & Supply Chains

With summer in full swing, distributors are on the move, crossing docks, splitting shipments, and delivering goods by the truckload to a diverse array of customers. It is a time for expansion—of old trade routes of supply chains and of new opportunities as our reopening country rediscovers its possibilities.

Female Attending a Virtual Epicor Prophet 21 Event

Attend a 2021 Prophet 21 event in person or online

With user conferences back in the schedule for 2021, P21 users are highly anticipating the Prophet 21 user conference P21WWUG CONNECT in mid-August. This event serves as a focal point for the P21 user community and as a bookend for a busy summer. At the onset of the summer season, we thought it would be helpful to host our P21 summer summit as a prelude to the larger Prophet 21 community event. This also gives you the opportunity to open the summer with some new ideas for using your P21 application to its fullest capabilities.

Events like this are a great opportunity to review your application’s capabilities and find ways to improve internal processes, discover ways to reduce costs, and reveal methods to improve information flow and presentation. You’ll also surface steps you can take to better integrate Prophet 21 with suppliers and customers.

Our summer 2021 Prophet 21® event takes place on June 24, from 10:00 AM to 1:30 PM (Central Time). Three panelists will discuss topics pertinent to the P21® user community. The event is free, and all are welcome! This summit will also provide an insider’s view of the Epicor Prophet 21® solution for any distributor who is looking for growth opportunities that only a new software can provide.

Prophet 21 Event Itinerary

Server Best Practices for the Epicor P21 Environment

10 AM – 11 AM (CST)

Daryl Sirota, Executive Director of Technical Services at EstesGroup, will discuss server best practices for P21. Understanding the optimal means for deploying the Prophet 21 application has never been more important, especially with Epicor’s move to a new client-server architecture. Daryl will discuss some of the key considerations when deploying and maintaining your server stack. Daryl leverages 35+ years of IT experience to help customers develop server and cloud architectures that are robust, flexible and reliable. A veteran systems engineer and Microsoft expert, Daryl provides the stable technical foundations that allow customers to focus on their business. Attend this Prophet 21 event if you’d like to know how to create a private cloud for your ERP software.

Creating Financial Statements Using Financial Line Express

11 AM – Noon (CST)

Terri Gage, Senior Consultant at EstesGroup, will discuss the creation of Financial Statements. P21 customers express frustration in successfully creating financial statements, but the often forgotten Financial Line Express can bring ample help to your financial reporting needs. A longtime project manager, implementation consultant, and Prophet 21 specialist, Terri works with organizations to help them successfully implement and fully benefit from the P21 application, actualizing their goals of sustained profitability and business excellence.

Bridging the Gap Between Epicor and Suppliers for Distribution Companies

12:00 PM – 1:00 PM (CST)

Jim Frye, Enterprise Sales Director at SourceDay, will discuss how distribution companies bridge the gap between their Prophet 21 system and their supply chains. Distributors need to do many things to help secure their supply chains as the ground shifts beneath them, automating the mundane and improving collaboration, visibility, and accountability between them and their varied suppliers. Jim leverages 30+ years of experience working with Global Manufacturing Companies, big and small. His passion is to help organizations facilitate growth, reduce operating costs, and increase profitability through supply chain efficiency.

Our event concludes with an open Q&A session, allowing users to raise questions regarding the sessions themselves and the Prophet 21 application in general. Operations management strategies. Cloud server integration steps. Cloud hosting service risks. Prophet 21 cloud platform options. Global supply chain trends. Operation system updates. Dedicated servers, multiple servers, SaaS… from Prophet 21 consulting to server hosting, we have answers to your P21 ERP and IT questions.

Do you have questions you’ve been meaning to ask a consultant, but haven’t wanted to shell out the cash? 

Now is your chance to do it–on our time and our dime!

Epicor’s Prophet 21 user community is founded on collaboration.

Come collaborate with us on June 24.

This event can also help distributors who are considering a new enterprise resource planning (ERP) software.

Cyber Security

Don’t Avenge a Cyber Attack – Prevent It

Don’t Avenge a Cyber Attack – Prevent It

One cyber world story that captivated me as a youth was the character of “Ultron,” as depicted in comic books and in the movie adaptation of The Avengers. The character was a breed of artificial intelligence created with the intent of protecting the earth. But he turned against his creators, and against the earth itself, becoming a cyber super villain in the process. Origin story complete. Now queue the good guys.

Cyber Attack Encrypted Files Ransomware Attack

Such is the nexus of superhero narratives. A good intention turns violently wrong, necessitating radical intervention. Movies and comic books love to prey on fears of killer robots and cyber intelligence. It’s an archetype as old as the myth of Daedalus and Icarus: technology going too far and humanity in its arrogance flying too close to the sun, then landing on those old Led Zeppelin t-shirts instead.

Companies encounter similar, albeit less explosive, narratives when deploying cybersecurity solutions, in an attempt to lock down their networks. Often such solutions are deployed in the absence of a comprehensive infrastructure threat review. As such, they fail to provide comprehensive cyber protection.

This amounts to a technical placebo. The cybersecurity plan once implemented gives the impression of the cure without any real medicine provided. And while the attempt to paint over one’s data security problems is not itself an act of malice, it can nevertheless have deleterious effects to the organization in question. 

My own experience in the business world tells me that user oblivion is as dangerous as malice when it comes to cyber vulnerability. A corporate network with rudimentary cybersecurity and normal online hacking attempts, such as phishing scams or malvertising, can be more problematic than a secured network under a heavy cyber attack, such as ransomware.

A Cyber Attack from an ERP Perspective

While the tale of Ultron and the Avengers had itself a happy ending, the story of many businesses is not so optimistic. I once worked for a manufacturing organization that was on the cusp of an ERP (Enterprise Resource Planning) cutover. Painstaking work had been done to ensure that all steps were accomplished and that everyone was ready for a successful go-live.

Training, communication, data conversion—all of the pieces were in place. Cutover weekend went without a hitch; the steps in the go-live plan were executed without issue. The first day live went off without major problems. The normal hiccups associated with a new system surfaced, but nothing unexpected came the way of the ERP implementation team.

On the second day after the ERP go-live, users quite suddenly lost access to shared network drives. Soon after, they began receiving errors when trying to save ERP transactions to the database. Then they abruptly lost access to the application entirely. Amongst all of the communication, they hadn’t even realized yet that their email server had gone down and that they were therefore no longer sending nor receiving communication. Their network had been completely compromised. Chaos ensued.

When people think of the most common reasons for an ERP failure, they normally speak of over-customization, or a lack of management support. They rarely think of ransomware. But for the company in question, getting ransomed over cutover weekend was the first step to a cascading number of failures. In a panic, the company reached for paper-based manual processes while communicating to customers and suppliers over hotspot connections, using the employees’ own private email accounts. It was a cyber mess on all ends and resulted in late shipments, efficiency issues, unhappy customers, and months of work to resolve. Time and talents could have been spent on things other than cyber attack recovery—if only the company had been prepared through preventive measures.

Companies Running ERP Systems Can Avoid Ransomware

The moral of this story is less than heroic: there are no super powers that can save a network that is unprepared, or insufficiently prepared, for an attack. And there are no super heroes to jump in and avenge the wrongdoing.  

Avoiding a cyber attack entirely is always preferable to avenging it after it’s happened. Many companies believe they’ve taken the steps necessary to mitigate a cyber attack. Enterprise risk management needs to be an ongoing activity, however, with business owners and executives involved in designing, understanding, and implementing a cybersecurity plan customized to the vulnerabilities of the industry under attack—because every industry is ALWAYS under attack. 

A company’s greatest vulnerabilities are often the ones that they never realized they had. The greatest risks are the ones they believe they’ve already mitigated. The company in this tale of ERP implementation security chaos thought they had done everything internally to secure their network. But their efforts were done in a vacuum, without any impartial opinions or outside analysis. They weren’t out to create a monster, but their vulnerabilities created a monstrous problem. They didn’t feel they were walking on enemy ground because the villians were hidden and undetected by current cybersecurity measures.

The lesson to be learned here is that malice often masquerades as magnanimity. The most significant threats to an organization are often clothed in good intentions.

Is Your Business at Risk of a Cyber Attack?

Could cybersecurity be the biggest problem you didn’t know you had? I’ll spoil the plot—cyber vulnerability, particularly the risk of a ransomware attack, is the biggest problem currently lurking within most businesses. Manufacturers are at risk of complete shutdown. Distributors face supply chain attacks on a daily basis. And there is no type of business that isn’t under attack. Law offices, financial institutions, hotels, medical facilities—all are under the threat of a cyber attack.

Are you feeling the cyber risk and wondering what you can do to protect your business? Don’t avenge your problems—prevent them before they’ve occurred. Get a security assessment, identify your vulnerabilities, and assemble your future. Know the problems you had yesterday and predict the ones you might face in the future of cybercrime.