Sunday, 18 March 2007

ERP Security, any ideas?

Friday afternoon, 4pm, Barcelona: The Managing Director comes to me and says we need to reposition our approach to the European market. "Everyone is saying they need us, but as part of a bigger picture". My heart sank, we've put a lot of effort in since I moved out here and to tell the truth I was experiencing the same thing with my calls, even to the guys I know in the States who are at least 4 years ahead of us in security terms.

So we're repositioning, and I've spent the weekend preparing our ERP security program. I'm pulling industry best practices and solutions from all over the place and putting them together in a package, but one thing is overwhelmingly clear. The ERP guys don't pretend to have security sewn up, they are ERP guys, not security guys after all, but the security that is available for these applications has a large amount of holes, and not a huge amount of solutions.

Does anyone out there have some good ERP security offerings? Tools for getting right inside the database to audit the data, identifying users after connection pooling from the app has anonymised them to the db, tracking transactions from start to finish, etc. I know enough about securing the data once it's got to the storage, ensuring the integrity of all the transactions through to reporting, and even applying user security, but the "application to database audit problem" seems to be pretty tough.

I'd really appreciate some pointers.



No comments: