Securing Procurement in the Cloud of Tomorrow Securing Procurement in the Cloud of Tomorrow


Data security is one of the biggest challenges for enterprises today, across industries and geographies. Traditional, on-premise applications provide the scale, speed and stability necessary to manage business processes more efficiently. But they lack the robust security framework and infrastructure required to combat today’s sophisticated cyber threats. Upgrades and security retrofits are expensive and often fall short of the level of protection required to prevent or defend cyberattacks.

The cloud offers a flexible and more effective alternative to on-premise applications, allowing enterprises to manage their core as well as non-core business processes more efficiently and protect their data from internal as well as external security threats.

This paper discusses the key security benefits and advantages of a cloud-based procurement technology solution over an on-premise application and why enterprises must consider moving all their procurement processes to the cloud.

The rapid automation of business processes has exposed enterprises around the world to new levels of IT and data security challenges — both real and imagined. Economic espionage and cybercrimes have shot up in the past few years. Enterprises of every size and industry have been affected by the increasing complexity, novelty and persistence of cyberattacks.

Data breaches and security leaks have far-reaching impact on the business, including — but not limited to — risk to reputation, revenue losses, theft of trade secrets, and loss of intellectual property. In recent years, there has been a substantial increase in the regularity and targeted nature of these attacks.

According to PwC, 90 percent of large organizations experienced a breach in 2015, as did 74 percent of small organizations. The United States Office of Personnel Management (US OPM), twice became victim of cyberattacks, compromising personal information of approximately 21.5 million current and former federal workers. JP Morgan Chase – one of the world’s leading financial services firms saw a series of coordinated attacks on its computer networks that siphoned off gigabytes of data and customer account information .

Several retailers in the U.S., such as Target, Home Depot, Staples, have been subject to hacking attacks with loss of critical customer information – from credit card data to social security numbers. A recent report from Grant Thornton estimates the worldwide financial impact of such security breaches to business to be more than $315 billion.

Data Security – A Top Business Priority

The latest Global Risks Report by the World Economic Forum states that cyberattacks are perceived as one of the top 10 risks in more than 140 countries across the world, including the UK, Germany, Japan, Singapore, Switzerland, and the United States. The 2015 Fortune 500 CEO survey revealed that data security is the second biggest challenge for business leaders at large global companies (rapid pace of technological innovation was the top challenge).

Investment in state-of-the-art data security systems involves a long-term commitment and strategy to ensure that all critical business information is protected from cyberattacks – now and in the future. Increasing automation may make enterprises more susceptible to cyberattacks, and that possibility will lead to a rise in calls for greater and sustained investments and enhancement of the enterprise IT security infrastructure.

This is where the cloud comes in. Many enterprises are now moving their non-core applications to the cloud for the various benefits it offers over on-premise applications. New research from International Data Corporation (IDC) suggests that worldwide spending on private cloud services will grow at a compound annual growth rate (CAGR) of 13.8 percent and public cloud services will grow at a 19.4 percent (CAGR), nearly times six times the rate of overall IT spending growth – from nearly $70 billion in 2015 to more than $141 billion in 2019. Spending on IT infrastructure for cloud environments will grow at a compound annual growth rate (CAGR) of 15.5 percent and will reach $54.3 billion by 2019, accounting for 46.6 percent of the total spending on enterprise IT infrastructure.

The economics of the cloud – no heavy infrastructure investment, best-in-class security, flexibility in deployment, and on-demand scalability – make it a highly viable and cost-effective proposition for enterprises.

In the latest survey by Clutch1 , 47 percent of enterprises surveyed reported that they switched to the cloud for increased efficiency. Around 45 percent of enterprises cited better security as a reason for moving to the cloud.

Riding the Cloud

Mission-critical business processes, such as transaction processing, manufacturing, etc., are usually entrenched in bespoke, on-premise applications. Many enterprises are not comfortable with the idea of moving these applications to the cloud for various reasons, such as perceived loss of control and data security concerns (although this is changing rapidly with increased awareness and understanding of how the cloud really works).

Nonetheless, a large number of enterprises have successfully moved their non-mission critical processes and applications to the cloud. Leading this transition are the Sales and Human Resources functions. Salesforce, the world’s leading cloudbased customer relationship management (CRM) platform is used by millions of users across more than 100,000 large global enterprises as well as small and medium enterprises. PeopleSoft, the cloud-based human capital management software by Oracle is another example of how enterprises are moving their non-mission critical applications to the cloud.

On-Premise vs Cloud-Based Applications

Cloud-based solutions offer a number of benefits and advantages over on-premise applications. Moving non-mission critical applications to cloudbased platforms can deliver a significant boost to organizational agility and productivity, with minimal infrastructure investment and, of course, no compromise on data security.

Common Cloud Security – Myths and Reality

Cloud is Less Secure than On-Premise Applications

This is more of a perspective, than a truth. Concerns related to security of the cloud are more due to lack of understanding of the cloud than any objective analysis of actual security capabilities. The fact is, a majority of security breaches continue to happen in on-premise environments. As we’ve seen, unwitting data loss can result directly from the lack of access supposedly secure on-premise systems provide. Users will move the data they need into a more convenient environment, by email or download, thus creating a level of uncontrolled exposure that can be eliminated at a stroke with a cloud solution.

Cloud Means Loss of Control Over Your Data

Again, the notion of behind-the-firewall providing more control is largely a myth. While the physical location of the data is largely determined by your services provider, you may choose a global cloud provider with locations across the world or a regional provider, according to your business needs and regulatory requirements. Also, your data (at rest or in transit) is secured with multiple layers of security and encryption keys (which are accessible only to you).

Cloud is Not for Mission-Critical Applications

While most enterprises are currently using cloud solutions for non-mission critical processes, there are many enterprises (large and small) who have progressed beyond this and are now utilizing cloud applications for missioncritical work. There are also many new enterprises (besides startups) who are “born in the cloud” and run their core business processes entirely in the cloud.


On-premise solutions allow businesses to physically control the levels of security. However, any addition of IT infrastructure requires time- and cost-consuming addition of security layers. On the other hand, securing data in the cloud by dividing it into separate network segments, ensures categorization of data similar to how it would be in a local data center. This enables enterprises to benefit from the scalability, flexibility and cost benefits of the cloud, without sacrificing the advantages of effective multilayer security.

Furthermore, procurement data is generally of value to the enterprise in condensed report formats, created by category managers and other analysts. In on-premise situations, these valuable extracts are typically distributed outside the secure confines of the in-house data center via email and portable drives, leaving the valuable data open to uninvited access. Cloud-based business intelligence services permit global accessibility to reports and business intelligence, without replicating the reports themselves across multiple vulnerable devices.


Cloud deployment provides greater customization and configuration capabilities than on-premise solutions – a critical factor in the growing global adoption and popularity of such solutions.


On-premise solutions require businesses to purchase software licenses, hardware and bear the ongoing overhead of maintenance. On the other hand, deploying cloud-based solutions is significantly less expensive as they require no additional investment in IT infrastructure. Ongoing maintenance and upgrade costs are effectively eliminated. The pay-per-use model allows companies to plan for the future, without making huge upfront investments in developing infrastructure, reducing the total cost of ownership.

Banking on the Cloud

A prime target for cyberattacks and other security threats, the banking and financial industry is steadily increasing its adoption of cloud. A survey by Boston-based Aite group suggests that nearly 50 percent of banks and financial institutions surveyed were likely or highly likely to use private clouds in the next 24 months. According IDC, the worldwide banking industry spend on public cloud services crossed $6.8 billion in 2015.

The banking and financial sector has traditionally been slow in adopting new technology or upgrade systems as it often entail huge investments and several technical challenges. The legacy banking systems provided scale and stability to banks, but today these institutions need speed, flexibility and scalability to meet their business requirements.

Today, the benefits of upgrading their legacy systems far outweigh the costs. Cloud provides banking and financial institutions the scale, flexibility and security they need to manage their core as well as non-core business processes more efficiently.


The importance of implementation speed depends on the company’s need for the solution. While acquiring and setting up an on-premise infrastructure may take several months, cloud-based solutions can be implemented much more quickly and easily, once the decision is made. Indeed, multi-tenant cloud services are already up and running and client configuration, although not trivial, becomes the only step required during implementation.


On-premise solutions require periodic upgrades — costing time and money — to stay compatible with other systems. On the other hand, cloud-based solutions are maintained by the solution provider, so they are always up to date for users.


Issues, such as power outages, natural disasters, viruses and malware can potentially have a large impact on business operations. Applications hosted on premise inevitably face downtime until issues are resolved. On the other hand, cloud solutions are typically hosted on multiple servers across multiple data centers, eliminating downtime risk and allowing business to function as usual.

The Rise of Cloud-Based Procurement Solutions

In recent years, owing to the growing awareness of the benefits of cloud computing, many enterprises are now open to deploying cloud-based solutions. A recent IDC study shows that 72 percent of enterprises surveyed have at least one application in the cloud. Around 56 percent of surveyed enterprises said that they were identifying IT operations that are candidates for cloud hosting. Nearly 27 percent plan to use cloud-based apps within the next three years.

Cloud Based Procurement Solutions

Procurement organizations too are likely to follow this trend and invest in cloud-based sourcing and procurement solutions. Leading research and analyst firm Gartner estimates double-digit growth for cloud-based procurement and supply chain management solutions.

The latest Global CPO Survey by Deloitte reveals that 45 percent CPOs plan to make investments in cloud-based technology solutions in 2015 compared with 26 percent in 2014.

GEP’s Approach Toward Cloud Procurement Technology

GEP’s approach was to build a new unified procurement technology solution in the cloud from the ground up, while ensuring the highest levels of security for the enterprises. GEP SMART™ is a cloud-native, source-to-pay platform based on the Microsoft Azure cloud and delivered through the platform-as-a-service model.

The PaaS model allows us to generate an entirely new level of value for our customers. GEP SMART™ provides the highest levels of availability, security and business continuity while virtually eliminating the complexity of buying and managing the hardware and underlying software infrastructure and focus on driving innovation.

GEP SMART features state-of-the-art data encryption (in transit, at rest, end-to-end), robust authentication and authorization, cryptography and database infrastructure with row-level data security to ensure that your data is always secure, no matter where it resides, or is accessed. User information is limited to login credentials and business configurations, and no third party has access to any data, unless required to do so by applicable laws. Also, if a device is ever lost, stolen, or compromised, state-of-the-art data encryption and cryptography ensure that the data is still safe.

The scale of the Microsoft Azure cloud platform gives far greater scope for redundancy and disaster prevention than any enterprise can plan for or budget.

Microsoft Azure is available in multiple data centers around the world, allowing users to deploy GEP SMART wherever they are or wherever they want, making it easy to comply with local as well as international data storage laws. The accompanying paper “Securing Procurement in the Cloud of Tomorrow: The SQL” describes GEP SMART’s security architecture and policies.


A rapid move toward process automation could make enterprise procurement organizations increasingly vulnerable to cyberattacks and other data security threats, calling for greater investment in IT and data security. The cloud offers a cost-effective and practical solution to managing the ever-changing enterprise IT infrastructure and security requirements. With limited resources and shrinking budgets becoming a feature of current economics, cloud solutions will see increased demand and adoption among enterprises of all sizes for non-mission critical as well as core business processes.

Enterprises who haven’t explored the cloud yet can first start by moving non-core applications to the cloud. With the availability of integrated, cloud-based source-to-pay solutions, procurement is a ripe candidate for this transition.


To continue reading or download the PDF,

Please Log In or Register

Theme: Procurement