ERP security: How a bad status quo can be improved in the long run

The economy is also becoming increasingly global, digitalised and dynamic in medium-sized businesses. The market is undergoing constant change, and the obsolescence of products is becoming increasingly rapid, especially in the area of technology. Not only the manufacturers of IT solutions, but also the users must adapt to this development if they want to remain competitive.

IT and information security ensures a flawless workflow

Obsolete systems inhibit a company’s productivity and should therefore be replaced gradually or completely by new versions. The disadvantage of partial renewal is that the new components are not fully efficient. This applies to both software and hardware.

Properly functioning IT systems, including ERP systems (read more at, and the resulting smooth operation are commonly referred to as “IT and information security” and should not be confused with external attacks. Although the latter are of course a problem, many companies also need to improve their system performance: As a study has shown, IT and information security in medium-sized companies and public administrations is not in good shape.

According to a study, many companies take a critical view of their own IT security.

The “Security Bilanz Deutschland” study annually examines the status of IT and information security in medium-sized businesses and public administrations. For this purpose, companies and administrations or non-profit organizations with 20 to 2,000 employees are surveyed with the help of over 500 interviews. Finally, index values are determined on the basis of the companies’ self-assessment of the implementation of security measures.

The analysis showed that about half of the surveyed medium-sized companies only have about 50 out of 100 index points. The companies’ own assessment was correspondingly negative.

Optimize security: Success in 6 steps

Even if this result is initially pessimistic and gives cause for concern, IT and information security in general and ERP security in particular can be improved very well. The following 5 steps show the way.

1. use VPN software

One of the best thing to secure IT environments is to use VPN software (read more at There are a lot of  VPN provider who offer special deals for companies. Check out comparison sites for the best deal.

2. provide an overview

Many companies do not have an accurate picture of the security in their operations. Here a systematic analysis of the current situation can provide a good basis for planning further steps.

3. search for information and partners

Information material on associations and institutions is available. A detailed analysis of the problems can be carried out with the support of providers and external consultants, who also help to identify solution strategies.

4. separate security budget

In many companies, the budget for IT and information security falls within the general IT budget. However, this means that the issue of security does not receive the importance and attention it requires. A separate planning of the budget ensures that all aspects related to security are sufficiently considered.

5. planning and objectives at all levels

The various factors and prerequisites of IT and information security must be considered in context, as the entire company is affected by security quality. Important measures are, for example, employee training or liability regulations in contracts. In the areas of technology, law and organization, as well as in strategy, the definition of responsibilities and goals are of great importance.

6. review

Of course, the implementation and success of the measures must be reviewed regularly. This is the only way to ensure long-term IT and information security in line with requirements.

First the insight, then the optimization

As these steps show, an improvement of the security measures of medium-sized companies is quite feasible. The “Security Bilanz Deutschland” study may have sensitized the participating companies to their own security. This insight is an important basis on which further measures of the optimization process can be built.