The ERP platform is designed and implemented to control majority of the business process in the company. The users in the geographically separated locations like 2 factories and 4 sales offices are connected using remote connectivity. This also enables the users to interact with the system in a secure environment to manage workflows.
The company is using connectivity through leased lines with direct point-to-point (P2P) connectivity for the factory locations. However, as the sales offices are dispersed across 4 diverse locations, the company is using Internet based connectivity using Virtual Private Networks (VPN) to establish connectivity from these remote locations to the main server housed in the corporate office.
As mentioned above, the network connectivity plays an important role in the successful usage of ERP package. In order to have an uninterrupted connectivity, it is important to build a secured network as well as ensuring that it is maintained well. (Kadam Avinash, 2001)
Review of current networking setup. The current networking setup was build when the ERP package was implemented. The networking firewall configured at the same time. The Anti virus software was installed at the same time as well. Since, then (3 years back), no effort was spent to update the firewall configuration or anti virus software. On the customer privacy perspective, no encryption of customer data is being done which endangering it to be compromised easily. As the sales locations are using VPN, non encrypted data transfer becomes a sitting duck by the hackers who would want to steal the customer data for corrupt intentions. In certain areas, it was observed that some users are using the vendor provided default passwords and there is no password policy to access the network.
The Information Technology (IT) is a dynamic field. Numerous new virus, spywares, malwares or web crawlers are being written by hackers all over the world with intentions to bring down the Information systems in any organization. Hence, a constant up-gradation of the IT systems is necessary so that any attack on the IT system with a potential to bring the business to a halt or compromise of Customer data can be pro-actively prevented. During unplanned/planned system shutdowns or network outage, the data is transferred by emailing the data packets to update inventory and complete workflows exposing the organization's data to be stolen and misused. (Kutzke Todd, 2009)
A policy needs to be developed to ensure the constant up-gradation and testing of networking on regular basis so that the system is not susceptible to any possible attacks as well as an access control mechanism needs to be developed for accessing Customer Data by internal company employees.
Suggestions for enhancing the current networking setup. Subsequent discussion with the professionals in the IT department has resulted in following