You are the CIO of a midsize manufacturing company. The company has a hybrid enterprise resource planning (ERP) system that supports their HR, Manufacturing, Customer Relationship Management, R & D, and supply chain processes. The system is protected by a rewall and virus protection system. Your IT staff has been diligent about maintaining the system but the department understaffed and have not been able to guarantee that all software patches have been installed and other security procedures have been adhered to. Additionally, there is no policy in place to require employees to update their passwords routinely nor password construction guidelines to avoid compromise. Your company’s Customer Relationship Management system had a cyber security breach and has recently been hacked. Credit card numbers and nancial information of the company’s clients has been compromised. You were required to notify all compromised clients and offer them data security protection for 3 years. Additionally, the hack became public knowledge and your stock prices declined by 20% as a result.
You have recently been approached by a vendor with a proposal to upgrade your current ERP system to a cloud based system. Considering the recent data breach, you are inclined to pursue this option but are concerned about the cost, lack of customization and control that a cloud based system might provide.