Cloud-based ERP : exploring aspects of information security in the Maltese SME scenario

Abstract

This study explored the various opinions held by Maltese SMEs in relation to the different security aspects pertaining to their Cloud-Based ERP. It also investigated the various security measures that such SMEs adopted for Cloud-Based ERP and how local businesses handle and overcome certain security risks that surface as the result of the implementation of cloud technologies in their ERP. After a thorough study of the different cloud-based ERP security aspects mentioned in the literature review, the researcher formulated a set of questions which explored the cyber-security level of these SMEs and the vulnerability aspects of their Cloud ERP. The research method adopted was qualitative research. The research was conducted through a structured interview that was held on skype or telephony. The participants were high-ranking business and IT related employees that work with SMEs which run Cloud-Based ERPs. Moreover, the interview was split into sections, each section reflecting questions about a Cloud ERP security aspect. The Maltese SMEs interviewed seemed to have an overall good relationship with their CSP and most did not experience any major issues concerning their business data. The same can be said with respect to the management of the ERP’s database. Organisations which collaborated in this study took the right measures to safeguard their database and made sure that their employees are well aware of the security risks involved with the ERP system and the cloud infrastructure. Most of the SMEs admitted that GDPR enforcement had a positive impact on their business, even though their understanding of the cyber-security awareness papers published by MITA was somewhat superficial. However, it was quite evident that all local SMEs undertaking the interview manifested their belief in ensuring that their Cloud-Based ERP system is as secure as possible.