PROVIDING CLOUD SECURITY POLICY FOR ERP-SYSTEMS

Abstract

The article is devoted to the analysis of the possibilities of ensuring the security policy of an enterprise with modern cloud-based ERP-systems. The information security technologies that are available in the cloud ERP-systems from the list of top10 are considered. It is shown that these technologies are aimed at protecting the information resources of the enterprise from external threats and include the management of access rights, ensuring the security of the transport level and protection against network attacks. Technologies for detecting incidents of security policy and alarm generation are not used, although there is a possibility to access logs and data files in cloud ERP-systems. Information leakage protection from the enterprise by cloud ERP-systems is not provided. Also, the possibility of transferring to the cloud of systems that prevent information leaks from the enterprise, the so-called DLP-systems are considered. The services of specific DLP-systems presented on the Ukrainian market have been analyzed. It is proved that there are no full-fledged cloud analogs to local DLP-systems. The local system must be transformed to transfer the DLP-system to the cloud and create “DLP as a service”. The part of the system that provides verification of actions on work computers must remain at the local level. The part of the system that records information leaks through communication channels (Internet, Skype and others), as well as the database of indexed data, the security policy setting service and the alarm generation center can be transferred to the cloud. All this will lead to new technical requirements for communication channels, the need to use the services of a cloud broker with appropriate security certificates, as well as a significant increase in the cost of operating cloud services. The assessment of the cost of services of existing cloud DLP-systems showed that the company cannot fully control the entire flow of information due to the very high price. In addition, continuous updating of the security policy verification rules is necessary, which can only be carried out by an enterprise security officer. Thus, the continued active participation of information security officers is necessary for the effective operation of cloud DLP-systems. Providing the enterprise by the capacity to store indexed data and advanced technologies to search for incidents of security policy are advantages of future cloud DLP-systems.

Authors and Affiliations

Олена Нємкова, Олег Наумов

Keywords

Related Articles

КОНЦЕПТУАЛИЗАЦИЯ ПРОЦЕССА ОБЕСПЕЧЕНИЯ ФИНАНСОВОЙ СТАБИЛЬНОСТИ КРЕДИТНЫХ УЧРЕЖДЕНИЙ

Посвящено исследованию процесса обеспечения финансовой стабильности кредитных учреждений. Обозначены факторы данного процесса, а также обоснованы субъекты воздействия и объекты управления. Обобщение факторов обеспечения...

РАЗВИТИЕ СТРАХОВОГО ПОСЕРДНИЦТВА В УКРАИНЕ СКВОЗЬ ПРИЗМУ ЕГО ВЛИЯНИЯ НА ЭФФЕКТИВНОЕ УНКЦИОНИРОВАНИЕ СТРАХОВОГО РЫНКА

Целью работы является разработка теоретико-методологических основ совершенствования государственного регулирования деятельности страховых посредников в Украине в контексте развития финансово-кредитной системы. В статье а...

КЛАСИФІКАЦІЯ РИЗИКІВ БАНКІВСЬКОГО РИТЕЙЛУ І ЧИННИКІВ, ЩО НА НИХ ВПЛИВАЮТЬ

Розглянуто поняття ризику, економічного ризику, банківського ризику, ризику банківського ритейлу. Описано умови виникнення економічного ризику. Крім того, описано групи ризиків, які виникають а залежно від напряму веденн...

DEVELOPMENT AND IMPLEMENTATION OF THE UKRAINIAN STATE-OWNED BANKS STRATEGIES

The article is dedicated to the strategic lines of development and their implementation for the domestic state-owned banks activities during the period of 2015-2018. The purpose of the study is to outline the peculiariti...

ВПЛИВ ВАЛЮТНОЇ ЛІБЕРАЛІЗАЦІЇ НА ВОЛАТИЛЬНІСТЬ ВАЛЮТНОГО КУРСУ В УКРАЇНІ

Розглянуто питання впливу валютної лібералізації в Україні, що посилилася за останній рік, на волатильність курсоутворення гривні. Такі дії регулятора були одними з кроків реалізації політики інфляційного таргетування і...

Download PDF file
  • EP ID EP461775
  • DOI -
  • Views 108
  • Downloads 0

How To Cite

Олена Нємкова, Олег Наумов (2018). PROVIDING CLOUD SECURITY POLICY FOR ERP-SYSTEMS. Вісник Університету банківської справи, 0(2), 98-103. https://europub.co.uk/articles/-A-461775