ERP Security Based on Web Services

Table of contents

1. Introduction

rganizations in the world are using a wide variety of information systems to Support their products and services to growing business and improve organizational performance (Al-Dhaafri et al, 2016).

ERP systems in large and medium-sized organizations contribute to the management and use of their resources (materials, human resources, financing, etc.) in effective ways, by providing integrated solutions to the organization's information processing needs. (Olson DL et al., 2012) ERP systems are a key component of government or private organizations. The ERP system contains important data that is exposed to many threats both external and internal, has a significant impact on the failure of the Organization's work. Therefore, all security aspects such as Integrity, confidentiality and availability are critical in the ERP system (Gupta et al., 2017).

2. The other important benefits of an ERP as following as:

? Lower operational cost by defined and more streamlined business processes (oracle, 2017).

3. Principles of ERP System Security based on Web Services

Security principles for system designers are considered as guidelines in the design and implementation of systems security.

There are many security principles will be mentioned as follows:

4. a) Security Defense in depth

This principle is based on the imposition of security policies on every layer of the system and the architecture of this system, which prevents the hacker from infiltrating the system (Kumar,2014). In addition, enterprises apply this principle by using the firewall as the first line of defense, the second line is using Web server security, the third line operating system security, database security level and other levels as the customer needs.

5. b) Patch the weakest link

This principle depends on the designers of the systems to identify weaknesses in the security of the system in various components by conducting tests of the system and try to penetrate this system (Kumar, 2014). Also strengthen any weak layer can be penetrated.

6. c) Classifications

This principle classifies all system resources and functions into different security classifications, limiting access to users with appropriate roles and privileges (Kumar, 2014). In addition to preventing accidental access to system confidential data and preventing unauthorized access to the system.

7. d) Single entrance point of entry

The ERP system should allow users only through a single authentication point and should avoid other points of entry and URL shortcuts. However, the importance of this principle reduces the chances of penetration to secret data and unauthorized access to data (Kumar,2014). It also has all the web pages protected and automatically redirected to the login page that performs as a single entry point. The system does not allow access to system data through pages other than the login page.

8. e) User data validation

The data inserted by the user should be validated and cleaned at various levels in the system. Data must also be properly encrypted when saved and transported into different layers (Kumar, 2014). However, the importance of this principle is to prevent attacks caused by the introduction of malicious contents into system data. The security mechanism checks the data entered by the user in the client layer and on the server layer using different verification methods.

9. III. Properties of ERP System Security based on Web Services

There are five security properties as follows (Messaoud and Diouri, 2014):

10. a) Confidentiality

This property includes preventing unauthorized persons from reading the information and allowing only those authorized to read the information from the system.

11. b) Integrity

This feature does not allow unauthorized users to allow modification of data in the system, and only allow modification of data to authorized users.

12. c) Authenticity

This property ensures that the person using the system is the same person who is allowed to use the system.

13. d) Non-repudiation

This property ensures that the appropriate proof is logged in the user transaction log so that the user is not allowed to deny the transaction.

14. e) Availability

This property ensures that users can access the information in the system at any time without any obstacles preventing this property.

15. IV. Security challenges of ERP System

Security based on Web Services ERP systems are of critical nature because of the value of the data they contain and the need to adopt the complete confidentiality of these data .also what may be dangerous to all department of the organization because of any security breach of data, representing security challenges is a real problem for organizations using the ERP system.

The main of the security challenges facing the ERP system is as follows: 1. Passwords are used in the default database or default applications. 2. Access to the system from outside the place of the organization using this system. 3. Direct access to the database system by users of this system inside the organization. 4. The bad design of the security system of the ERP system by the providers, which leads to security problems in this system. 5. Not using a data encryption system in the ERP system that prevents any data leaks during data transfers and update information. 6. Weak passwords and the inability to control them because of the use of many machine passwords.

16. V. Security Requirement of ERP System Security based on Web Services

Data-level transactions are performed securely from one end to the other during transport and data storage. Requirements for providing comprehensive security for web services are summarized in following table (Messaoud and Diouri, 2014):

17. Requirement

18. Clarifications

19. Authentication

There is an urgent need for the system to verify the identity of the user. Especially in the case of mutual authentication because users may have indirect contact with the system. Therefore, multiple authentication methods are used and can be grouped together. These methods include password and Lightweight directory access protocols (LDAP)

20. Authorization

Authorization: This requirement is necessary to control the process of authorizing access to information about the system, and determining the mechanisms of delegation for the system Data Integrity and Data Confidentiality

Data integration technology guarantees that data has not been changed during the transmission process. This technique also includes data confidentiality using various encryption and digital signature technologies.

21. Audit Trails

This requirement includes the audit process and tracking user access and behaviour. In order to reduce the occurrence of any violations and check the accounts to ensure that this violation does not occur and repair any gap may lead to any violation VI.

22. Conclusions

This paper focused on ERP security based on web services where this study explained the ERP system in terms of its definition and indicated the extent of its importance for governmental and private organizations as this system is one of the most important systems that organizations seek to implement due to the great benefits that this system provides to organizations.

The implementation of the ERP based on web services faces many challenges and difficulties and the most important of these challenges, which this study focused on are security challenges, so the study clarified the basic principles upon which the security systems that used in ERP based on web services, where the study found that the most important safety principles that should be present are Security defence-in-depth, Patch the weakest link, Classifications, Single entrance point of entry and User data validation.

Also, the study explained the most important security characteristics of the ERP based on web services that must be contained in the security system, which are Non-repudiation, Authenticity, Confidentiality and Availability.

Nevertheless, the implementation of the ERP system faces many challenges, so the study explained the most important of these challenges that face the implementation of the system, and there are many requirements that the security application requires in the ERP system based on web services, so this study explained the most important system requirements that must exist In order to activate security with high efficiency, the most important of these requirements are Authentication, Authorization, Data Integrity, Audit Trails.

1

Appendix A

  1. Classifying systemic differences between Software as a Service-and On-Premise-Enterprise Resource Planning. B Link , A Back . 10.1108/JEIM-07-2014-0069. Journal of Enterprise Information Management 2015. 28 (6) p. .
  2. Case of development of a small business ERP consultant knowledge base. Advances in Enterprise Information Systems II 2012, D L Olson , V Van Huy , N M Tuan . p. 81.
  3. Web Service Security Overview, analysis and challenges, E Houssain . 2014. 11 p. .
  4. The impact of total quality management and entrepreneurial orientation on organizational performance. H S Al-Dhaafri , A Al-Swidi . International Journal of Quality and Reliability Management 2016.
  5. Oracle ® E-Business Suite, R Farrington . 2017. August.
  6. Identification of challenges and their ranking in the implementation of cloud ERP: A comparative study for SMEs and large organizations. S Gupta . 10.1108/IJQRM-09-2015-0133. International Journal of Quality and Reliability Management 2017. 34 (7) p. .
  7. Architecting High Performing, Scalable and Available Enterprise Web Applications, S S Kumar . 2014. 8 February 2019. San Francisco: Elsevier Science & Technology. (Available from: ProQuest Ebook Central)
  8. What is ERP? Definition and FAQs -ProQuest. W Thomas . https://search-proquestcom.ezproxy.napier.ac.uk/docview/1919042734?rfr_id=info%3Axri%2Fsid%3Aprimo ERP Systems 2017. p. .
Notes
1
Year 2020 ( ) E © 2020 Global Journals ERP Security Based on Web Services
Home 
Date: 2020-01-15