R. Hrischev. Information Security in Enterprise Resources Planning Systems (ERP)

Key Words: ERP systems; data security; security policy.

Abstract. This paper introduces Enterprise Resource Planning (ERP) systems from its evolution through architecture to its products regarding the security point of view. ERP is a technology that integrates most business processes and covers all information flows in the organization. ERP is a prerequisite and tool with which the enterprise can automate its core business activities, reduce the complexity and cost of their interaction, force the company to start reengineering business processes to optimize its work and generate a successful business. But modern business is more and more open to communication with external organizations, especially through the Internet. Therefore ERP system is becoming a system with high vulnerability and high confidentiality, in which security is a critical aspect. The main characteristics of ERP systems are presented. The largest ERP vendors have already integrated their security solutions; many vendors are using specialized hardware and software solutions. The new e-business requires the development and implementation of e-features of ERP systems (e-orders, e-shop, e-store, e-invoice, etc.), focuses on business between companies and customers. New technologies – Cloud computing, IoT, Block Chain are opportunities to make ERP highly integrated, more intelligent, more collaborative, cloud-based. Based on the literature of the biggest developers of this type of systems are presented popular security solutions for ERP systems. The standard architecture of the systems, the security policies guaranteeing secure access to the information are presented. Methods for data transfer with remote access to the systems are considered. The evolution of database development from structured (SQL) via unstructured (NoSQL) to blockchain is shown. The methods for ensuring secure access to user information used by the developers of ERP systems, such as permissions, roles, authentication, are summarized. The main challenges to information security and the prospects for ensuring data security are outlined.