Question

Your company is moving its ERP (enterprise resource planning) system to the cloud. While previously requiring multiple development and support teams to enhance and maintain, it will be moving to Software-as-a-Service. This will cause significant change within your company's organizational structure. This system contains sensitive HR and financial data, as well as critical business data. Assume you have a traditional corporate network and functional but highly internalized (not documented) processes in place around your on-prem system.  

1. Identify key risks associated with this effort. Explain why they are risks.
2. Prepare your risk report for upper management. Recommend actions your company could take to manage each of these risks. Be thorough but clear. Remember your audience

Answer 1

a.) Identification of key risk associated with this effort and explain why they are risks --

• ERP(Enterprice resource planning) is business critical application for organizations and moving to the cloud from ERP , there are some security keys which is needed to be considered the cloud security alliance.
• There are different types of models used in cloud based system, the one is (IaaS) infrastructure as a service, in which organization deploy SAP, oracle, and otehr ERP products in Azure, AWS, GCP and hosted environment.
• The other cloud model is SaaS (Software as a service). in this model, the applications are available based on number of user for example -- NetSuite, SuccessFactor, Oracle Cloud ERP, Ariba and public cloud.

b.) Prepare your risk report for upper management, recommend action your company could take to manage each of these risks --

• The main concern of cloud computing is security and risk of the data which is accessible to others on the web.
• The professional security requirements in place can play an important role in security in most companies.
• The steps of security moving from ERP to cloud system includes --
• Research the cloud model that business will support the applications like SaaS or IaaS, that contai dfferent security consideration and challenges.
• Legal and compliance department from offset to understand, the type of data which is need to be secured and and regulations that the business must comply it.
• Incorporate key performance indicators in project plan that will be part of overarching objective of the cloud migration project, and to make sure cost can be managed in terms of running secure applications.
• So you need to choose a reputable cloud provider and they will manage operational and regulatory guidelines that they follow to assure security of data.
• Reveiw the uptime guarantees and service level agreement and terms and conditions.