PROVIDING CLOUD SECURITY POLICY FOR ERP-SYSTEMS

Apply

PROVIDING CLOUD SECURITY POLICY FOR ERP-SYSTEMS

Journal Title: Вісник Університету банківської справи - Year 2018, Vol 0, Issue 2

Abstract

The article is devoted to the analysis of the possibilities of ensuring the security policy of an enterprise with modern cloud-based ERP-systems. The information security technologies that are available in the cloud ERP-systems from the list of top10 are considered. It is shown that these technologies are aimed at protecting the information resources of the enterprise from external threats and include the management of access rights, ensuring the security of the transport level and protection against network attacks. Technologies for detecting incidents of security policy and alarm generation are not used, although there is a possibility to access logs and data files in cloud ERP-systems. Information leakage protection from the enterprise by cloud ERP-systems is not provided. Also, the possibility of transferring to the cloud of systems that prevent information leaks from the enterprise, the so-called DLP-systems are considered. The services of specific DLP-systems presented on the Ukrainian market have been analyzed. It is proved that there are no full-fledged cloud analogs to local DLP-systems. The local system must be transformed to transfer the DLP-system to the cloud and create “DLP as a service”. The part of the system that provides verification of actions on work computers must remain at the local level. The part of the system that records information leaks through communication channels (Internet, Skype and others), as well as the database of indexed data, the security policy setting service and the alarm generation center can be transferred to the cloud. All this will lead to new technical requirements for communication channels, the need to use the services of a cloud broker with appropriate security certificates, as well as a significant increase in the cost of operating cloud services. The assessment of the cost of services of existing cloud DLP-systems showed that the company cannot fully control the entire flow of information due to the very high price. In addition, continuous updating of the security policy verification rules is necessary, which can only be carried out by an enterprise security officer. Thus, the continued active participation of information security officers is necessary for the effective operation of cloud DLP-systems. Providing the enterprise by the capacity to store indexed data and advanced technologies to search for incidents of security policy are advantages of future cloud DLP-systems.

Authors and Affiliations

Олена Нємкова, Олег Наумов

Keywords

information leak; security policy; information security incident; cloud-based ERP-system; DLP as a service; cloud broker

EP ID EP461775
DOI -
Views 111
Downloads 0