Securing Procurement in the Cloud of Tomorrow

The rapid automation of business processes has exposed enterprises around the world to new levels of IT and data security challenges — both real and imagined. Economic espionage and cybercrimes have shot up in the past few years. Enterprises of every size and industry have been affected by the increasing complexity, novelty and persistence of cyberattacks.

Data breaches and security leaks have far-reaching impact on the business, including — but not limited to — risk to reputation, revenue losses, theft of trade secrets, and loss of intellectual property. In recent years, there has been a substantial increase in the regularity and targeted nature of these attacks.

According to PwC, 90 percent of large organizations experienced a breach in 2015, as did 74 percent of small organizations. The United States Office of Personnel Management (US OPM), twice became victim of cyberattacks, compromising personal information of approximately 21.5 million current and former federal workers. JP Morgan Chase – one of the world’s leading financial services firms saw a series of coordinated attacks on its computer networks that siphoned off gigabytes of data and customer account information .

Several retailers in the U.S., such as Target, Home Depot, Staples, have been subject to hacking attacks with loss of critical customer information – from credit card data to social security numbers. A recent report from Grant Thornton estimates the worldwide financial impact of such security breaches to business to be more than $315 billion.

Data Security – A Top Business Priority

The latest Global Risks Report by the World Economic Forum states that cyberattacks are perceived as one of the top 10 risks in more than 140 countries across the world, including the UK, Germany, Japan, Singapore, Switzerland, and the United States. The 2015 Fortune 500 CEO survey revealed that data security is the second biggest challenge for business leaders at large global companies (rapid pace of technological innovation was the top challenge).

Investment in state-of-the-art data security systems involves a long-term commitment and strategy to ensure that all critical business information is protected from cyberattacks – now and in the future. Increasing automation may make enterprises more susceptible to cyberattacks, and that possibility will lead to a rise in calls for greater and sustained investments and enhancement of the enterprise IT security infrastructure.

This is where the cloud comes in. Many enterprises are now moving their non-core applications to the cloud for the various benefits it offers over on-premise applications. New research from International Data Corporation (IDC) suggests that worldwide spending on private cloud services will grow at a compound annual growth rate (CAGR) of 13.8 percent and public cloud services will grow at a 19.4 percent (CAGR), nearly times six times the rate of overall IT spending growth – from nearly $70 billion in 2015 to more than $141 billion in 2019. Spending on IT infrastructure for cloud environments will grow at a compound annual growth rate (CAGR) of 15.5 percent and will reach $54.3 billion by 2019, accounting for 46.6 percent of the total spending on enterprise IT infrastructure.

The economics of the cloud – no heavy infrastructure investment, best-in-class security, flexibility in deployment, and on-demand scalability – make it a highly viable and cost-effective proposition for enterprises.

In the latest survey by Clutch1 , 47 percent of enterprises surveyed reported that they switched to the cloud for increased efficiency. Around 45 percent of enterprises cited better security as a reason for moving to the cloud.

Riding the Cloud

Mission-critical business processes, such as transaction processing, manufacturing, etc., are usually entrenched in bespoke, on-premise applications. Many enterprises are not comfortable with the idea of moving these applications to the cloud for various reasons, such as perceived loss of control and data security concerns (although this is changing rapidly with increased awareness and understanding of how the cloud really works).

Nonetheless, a large number of enterprises have successfully moved their non-mission critical processes and applications to the cloud. Leading this transition are the Sales and Human Resources functions. Salesforce, the world’s leading cloudbased customer relationship management (CRM) platform is used by millions of users across more than 100,000 large global enterprises as well as small and medium enterprises. PeopleSoft, the cloud-based human capital management software by Oracle is another example of how enterprises are moving their non-mission critical applications to the cloud.

On-Premise vs Cloud-Based Applications

Cloud-based solutions offer a number of benefits and advantages over on-premise applications. Moving non-mission critical applications to cloudbased platforms can deliver a significant boost to organizational agility and productivity, with minimal infrastructure investment and, of course, no compromise on data security.

Security:

On-premise solutions allow businesses to physically control the levels of security. However, any addition of IT infrastructure requires time- and cost-consuming addition of security layers. On the other hand, securing data in the cloud by dividing it into separate network segments, ensures categorization of data similar to how it would be in a local data center. This enables enterprises to benefit from the scalability, flexibility and cost benefits of the cloud, without sacrificing the advantages of effective multilayer security.

Furthermore, procurement data is generally of value to the enterprise in condensed report formats, created by category managers and other analysts. In on-premise situations, these valuable extracts are typically distributed outside the secure confines of the in-house data center via email and portable drives, leaving the valuable data open to uninvited access. Cloud-based business intelligence services permit global accessibility to reports and business intelligence, without replicating the reports themselves across multiple vulnerable devices.

Flexibility:

Cloud deployment provides greater customization and configuration capabilities than on-premise solutions – a critical factor in the growing global adoption and popularity of such solutions.

Cost:

On-premise solutions require businesses to purchase software licenses, hardware and bear the ongoing overhead of maintenance. On the other hand, deploying cloud-based solutions is significantly less expensive as they require no additional investment in IT infrastructure. Ongoing maintenance and upgrade costs are effectively eliminated. The pay-per-use model allows companies to plan for the future, without making huge upfront investments in developing infrastructure, reducing the total cost of ownership.

Implementation:

The importance of implementation speed depends on the company’s need for the solution. While acquiring and setting up an on-premise infrastructure may take several months, cloud-based solutions can be implemented much more quickly and easily, once the decision is made. Indeed, multi-tenant cloud services are already up and running and client configuration, although not trivial, becomes the only step required during implementation.

Maintenance:

On-premise solutions require periodic upgrades — costing time and money — to stay compatible with other systems. On the other hand, cloud-based solutions are maintained by the solution provider, so they are always up to date for users.

Continuity:

Issues, such as power outages, natural disasters, viruses and malware can potentially have a large impact on business operations. Applications hosted on premise inevitably face downtime until issues are resolved. On the other hand, cloud solutions are typically hosted on multiple servers across multiple data centers, eliminating downtime risk and allowing business to function as usual.

The Rise of Cloud-Based Procurement Solutions

In recent years, owing to the growing awareness of the benefits of cloud computing, many enterprises are now open to deploying cloud-based solutions. A recent IDC study shows that 72 percent of enterprises surveyed have at least one application in the cloud. Around 56 percent of surveyed enterprises said that they were identifying IT operations that are candidates for cloud hosting. Nearly 27 percent plan to use cloud-based apps within the next three years.

Procurement organizations too are likely to follow this trend and invest in cloud-based sourcing and procurement solutions. Leading research and analyst firm Gartner estimates double-digit growth for cloud-based procurement and supply chain management solutions.

The latest Global CPO Survey by Deloitte reveals that 45 percent CPOs plan to make investments in cloud-based technology solutions in 2015 compared with 26 percent in 2014.

GEP’s Approach Toward Cloud Procurement Technology

GEP’s approach was to build a new unified procurement technology solution in the cloud from the ground up, while ensuring the highest levels of security for the enterprises. GEP SMART™ is a cloud-native, source-to-pay platform based on the Microsoft Azure cloud and delivered through the platform-as-a-service model.

The PaaS model allows us to generate an entirely new level of value for our customers. GEP SMART™ provides the highest levels of availability, security and business continuity while virtually eliminating the complexity of buying and managing the hardware and underlying software infrastructure and focus on driving innovation.

GEP SMART features state-of-the-art data encryption (in transit, at rest, end-to-end), robust authentication and authorization, cryptography and database infrastructure with row-level data security to ensure that your data is always secure, no matter where it resides, or is accessed. User information is limited to login credentials and business configurations, and no third party has access to any data, unless required to do so by applicable laws. Also, if a device is ever lost, stolen, or compromised, state-of-the-art data encryption and cryptography ensure that the data is still safe.

The scale of the Microsoft Azure cloud platform gives far greater scope for redundancy and disaster prevention than any enterprise can plan for or budget.

Microsoft Azure is available in multiple data centers around the world, allowing users to deploy GEP SMART wherever they are or wherever they want, making it easy to comply with local as well as international data storage laws. The accompanying paper “Securing Procurement in the Cloud of Tomorrow: The SQL” describes GEP SMART’s security architecture and policies.

Conclusion

A rapid move toward process automation could make enterprise procurement organizations increasingly vulnerable to cyberattacks and other data security threats, calling for greater investment in IT and data security. The cloud offers a cost-effective and practical solution to managing the ever-changing enterprise IT infrastructure and security requirements. With limited resources and shrinking budgets becoming a feature of current economics, cloud solutions will see increased demand and adoption among enterprises of all sizes for non-mission critical as well as core business processes.

Enterprises who haven’t explored the cloud yet can first start by moving non-core applications to the cloud. With the availability of integrated, cloud-based source-to-pay solutions, procurement is a ripe candidate for this transition.