You know that mechanism you use to manage all the patches, updates, code migrations and change/service requests (CSRs) for your ERP system? Open it up and take a look at the requests in it.
Most of them have to do with security, don’t they? Most of them are bug fixes that plug up holes, or updates that close off vulnerabilities someone discovered.
As you look through your database of requests, you realize what a drag it is to have to deploy all those CSRs. But when you consider that most of them make your ERP system more secure, think about what a drag it would be if you didn’t deploy them and something got in that wasn’t supposed to.
Few organizations think of the security aspects of application change management, so they tolerate processes that depend on spreadsheets, documents, email threads, sticky notes or other manual vehicles. But think about it: if you don’t have automated tools for deploying and reporting on CSRs, you’re leaving your company to doubt whether all necessary updates, patches and fixes are in place.
In other words, you’re not sure whether your ERP system is secure.
Automated change management also implies better security because it tightens your IT controls. Your ERP application is more secure when you’re forced to adhere to the established policies that define who can apply patches to which environments. It may be fine for your developers to apply patches to the development environment, but do they also have permission to deploy those same patches to production? If not, your change management tool should prohibit it by enforcing your companywide security policy.
You should be able to define your processes for managing change. Change management tools should support application security by specifying the areas that users may patch or migrate, while ensuring separation of duties.
New eBook: Avoid the Common Pitfalls of ERP Change Management
Part 1 of our new eBook, “Avoid the Common Pitfalls of ERP Change Management,” explains how to define a sound application change management process, including best practices for implementation and what to look for when you automate.
Once you start thinking about security in your ERP system, you begin to see the value in controlling access to change management functions through security privileges. Part 1 of the eBook, available for download now, emphasizes the value of automating your change management tools to control that access.