Recep Benzer, Emre Akar, Usage of Enterprise Resource Planning (ERP) in Turkey and Information Safety in:

Alptekin Erkollar (Ed.)

Enterprise & Business Management, page 231 - 252

A Handbook for Educators, Consultants, and Practitioners

1. Edition 2020, ISBN print: 978-3-8288-4255-7, ISBN online: 978-3-8288-7230-1,

Series: Enterprise & Business Management

Tectum, Baden-Baden
Bibliographic information
Recep Benzer, Emre Akar Usage of Enterprise Resource Planning (ERP) in Turkey and Information Safety Learning Objectives The objectives of this chapter Enterprise Resource Planning in Turkey are discussed and new technical approaches to secure an Enterprise Resource Planning system. Once you have mastered the materials in this chapter, you will be able to: – Discuss Enterprise Resource Planning in Turkey. – Understand the difference national and international ERP system. – Identify ERP system with high vulnerability and high confidentiality in which the security is critical for it to operate. – Discuss information security in ERP system. – Supporting security solution in ERP as well as directions for secure ERP systems. Chapter Outline Businesses have to adapt to the increasing competition conditions in today's business world to ensure their sustainability. Knowledge management systems are the most important tool for helping enterprises in this competitive environment. In parallel with the developments in the information management systems technologies, the new management and business approach and the increase in the use of computers, the result of Enterprise Resource Planning (ERP) became more evident. The ERP system is becoming the system with high vulnerability and high confidentiality in which the security is critical for it to operate. ERP vendors have already integrated their security solution, which may work well internally; while in an open environment, we need new 231 technical approaches to secure an ERP system. This study introduces ERP technology from its evolution through architecture to its products. Further information will be made regarding the use of ERP in Turkey. The security solution in ERP as well as directions for secure ERP systems is presented. The information security that should be in ERP will be discussed. Keywords Enterprise Resource Planning, Information security, Management System, Security, Business methods. Introduction As being parallel to developments in information and communication technology, an outcome of increase in computer usage in enterprises with new management and business conduct approach is Enterprise Resource Planning- ERP. Enterprise Resource Planning (ERP), is a wide spectrum computer software enabling for enterprises to manage all their functions ranging from procurement to distribution with the support of an integrated information system. Enterprises show significant efforts in the last forty years period to use the resources they have in an effective way. According to the efficiency definition in the form of ratio of output to input, decrease in the value of denominator is synonymous with increase in efficiency. Many resources owned by enterprise are among particulars effecting the denominator. Idle materials which don’t attract attention of anyone in the warehouse and which have been purchased once by making payment for significant amount of money can be shown as example for this. "Corporate Resource Planning” software helps for all these inputs to be effectively used (İnal 2004). ERP system covers a very wide business net such as accounting, logistics, production planning, stock management, purchasing, production, marketing, and human resources. Basic target of ERP systems is to manage these activities in a coordinated way. As it is the case with all the systems, ERP has attained its current status as a result of making additions to various systems. ERP covers Material Requirements Planning (MRP), Closed Circuit (MRP), Main 1 Usage of Enterprise Resource Planning (ERP) in Turkey and Information Safety 232 Production Schedule (MPS), Capacity Requirements Planning (CRP) and Production Resource Planning (MRP II) systems (Al-Mashari et al. 2003). Intentional or unintentional threats can come from people within the enterprise (operational personnel) or from people outside the enterprise. These people can give harm to software, hardware, data, system, communication net and information. People within or outside the enterprise can threaten safety either intentionally or unintentionally with technological developments. These can be listed as computer viruses, information hackers/unauthorized accesses, information technology robberies, technical problems, misuse of authorized accesses either intentionally or unintentionally and computer tricks (Demir 2005). In this study, it has been focused on the definition of ERP, its historical development, basic technical features, and its market structure in Turkey and in the world. Besides, information safety particulars in ERP systems have been examined. Definition and Scope of ERP Enterprise Resource Planning (ERP) is a software system including planning, coordination and controlling functions of supply, production and distribution resources in different geographic regions in accordance with strategic objectives and targets of enterprise in the most effective and efficient way (Keçek and Yıldırım 2009; Laudon and Laudon 2004). ERP is formed with initial letters of the words. Even if it has come to a status that appeals to other functions and sectors in a short time, roots of ERP are based on production. Realization of ERP application is based on organization changes. In a simple way, ERP system can be defined as an integrated information system that serves for all particulars of enterprise. It handles the processes, keeps the records, provides real time information, and facilitates planning and control. Furthermore, its effectiveness is an output of success of application cycle (Erkan 2008). According to the definition made by APICS (American Production and Inventory Control Society), Enterprise Resource Planning systems provides a method including receiving of customer orders, their being fulfilled, delivered and reports prepared as relating with their calculations for having effective planning and con- 2 2 Definition and Scope of ERP 233 trolling of all necessary resources. Finally, ERP systems plan resources of factories of enterprise, their supplier companies and distribution centers which are geographically located at different regions in a coordinated way. It plans from which distribution center the customer order should be met or at which factory it should be produced, how machinery, material, labor force, energy, information and other production and distribution resources that are available at the factories can be used commonly and in a coordinated way as being appropriate for meeting material and service requirements of all factories (Manetti 2001). Most important feature of ERP is to be able to share resources of factories of enterprise in different regions (local and abroad), their supplier companies and distribution centers (warehouse) in a coordinated way. Within this frame, it is determined from which distribution center which order of which customer should be met or at which factory it should be produced, how machinery, material, labor force, energy, information and other production and distribution resources that are available at the factories can be used commonly and in a coordinated way as being appropriate for meeting material and service requirements of all factories (Avunduk and Güleryüz 2018). An ERP system is a business management system that is enabled with information technology, that plans all resources of enterprise, that meets all information requirements as having completely integrated computer support. It combines software and processes of all divisions within a single software application operating over a single database. ERP software is a software application series providing opportunity to an institution to share information during the whole period of organization (Usmanij et al. 2013). It is possible to look at ERP concept in 3 different ways; ERP is a commercial product which can be bought and sold in the form of a computer software. ERP is a development tool that gathers all processes and data of an institution under a single wide spectrum and integrated structure. It is the key factor of an infrastructure providing solutions for work processes. The purpose in using ERP system applications that begin to be more widespread in different sectors is to develop connections outside the enterprise and to support value chain activities of company, going beyond provision of process integration within the enterprise. Usage of Enterprise Resource Planning (ERP) in Turkey and Information Safety 234 Development of ERP System Evolution of ERP systems has closely followed up big scale improvement of computer hardware and software systems (Sumner 2005). When it is looked at historical development of ERP system, it is seen that foundation of this system is based on 1960s. In 1960s financial situation of enterprises could not enable them to buy their own computers. For this reason, stock counting and recording were done manually. While this method caused for problems to be faced in timely delivery of orders, it has not provided a health method for giving net information about product stocks. In the following years, system is developed on listing of materials. Material Requirements Planning (MRP) systems including part requirements or product planning as per the main production plan came out in 1970s. Following this development in 1980s, it is met with production resources planning (MRP II) that enables best usage of production process by synchronizing production needs and materials as being a new software (Aydoğan 2008). MRP II was a system including logistics management, project management, finance, human resources, and engineering. Finally, ERP systems evaluates functions that were previously handled separately in institutions in an interconnected way for fulfilling corporate purposes and by benefiting from this, it aims to make efficiency relating with all kinds of resources, labor, materials, money and machinery in the institutions reach to the utmost level. With a different approach, ERP systems enable for information being obtained from company data that are stored in a common area to be transmitted to the correct authorities in a correct way (Loh and Koh 2004). Reasons for development of ERP system can be summarized as stated below; Physically dispersed production operations, International distribution chains, Requirement to open to international markets (as a result of strategy for improving internal market strength by being heard of in international markets due to local markets becoming saturated), Timely Production (JIT) supply system, High competition, Variable global market conditions, Expansion of global entrepreneurship with the globalization, Lean approach in management organizations. When the requirement arising due to these reasons is supported with developments in information technologies, ERP has come out. As 3 3 Development of ERP System 235 it is known, client/server distributes design and information to physical points through a net and store them in different computers, and connections are provided within this dispersed database system with electronic communication technology and graphic user interfaces. In this way without looking at any user program and physical status of database, global data can be reached and distributed data system can be used like a single unit. Historical development of ERP Systems can be seen in a more clear and precise way on Table 1. Historical development of ERP systems (Sumner 2005). System Type Time Purpose Target Point Order Point Systems 1960s Prediction and stock management by using past data Stock systems supporting high amount of production environments, costs Material Requirements Planning (MRP) 1970s Planning of production and material processes on request basis with respect to quantity and time Production integration and planning Production Resources Planning (MRPII) 1980s Application and monitoring of production plans at workshop level with capacity planning Integration of all production resources, detailed cost reports and quality Enterprise Resource Planning (ERP) 1990s Integration of all divisions in an enterprise by including customer and supply dimensions Integration of production, supply and customer data Enterprise Resource Planning II (ERP II) From 2000s till today Integration of Customer Relations Management (CRM), Supply Chain Management, Electronic Commerce (E-Commerce) systems Integration of all functions of enterprise and all stakeholders with internet technology Fundamental Features of ERP System Features of ERP software answering to requirements of different sectors can be generally listed as below (Braggs 2005); It is a standard software package that targets all the sectors and that can be privatized during its instalment. When compared with other software ERP software has a more convenient structure for privatization. Because this standard software, target sector of which has not been defined, can be privatized during the instalment as per private requirements of institution. ERP is more of an application software than a database management Table 1. 4 Usage of Enterprise Resource Planning (ERP) in Turkey and Information Safety 236 software, middle ware or an operating system. It is an integrated database that both stores main data and the data relating with work processes. It provides solution proposals about basic work processes. It has a high level of functional structure due to its aiming to support various corporate functions. ERP software are designed throughout the world to provide solutions as being independent from countries and regions. ERP software realizes functions such as accounting processes that show variations from country to country, issuance of documents with private forms (bids, invoices etc.) and human resources management in accordance with country-based requirements. Fundamental ERP product software aims at all sectors and not just some of the sectors due to its comprising adequate functionality for usage at global scale. Another feature that differentiates ERP software from others is that ERP software supports repeating and continuous work processes such as supply management, order management and payment processes. Components of ERP System ERP operates various software components (modules) that handle various business activities of enterprise under a single database. Most important feature of ERP systems is to have a modular structure that is composed of components. ERP components (modules) are system elements that make important contributions to operational functions. ERP component of each section operates by considering quality procedures and instructions which are required to be implemented within the process, forms that are filled in, and sub-processes being developed within work process. Components make connections between different operational steps with the aim to form work flow chain, to control information flow from one section to another, and to provide enterprise to the customers and suppliers (Ross and Vitale 2000). Feature of ERP enabling it to be modular ensures assembly of components harmonizing with corporate requirements within institutional bodies and for desired functions to be used at desired times. Although components can be established as being independent from one another, they all realize their functions in an integrated structure with each other. 5 5 Components of ERP System 237 While there are various and numerous components in ERP software, basic components are shown in Fig. 1. Components in ERP software ERP Software in Turkey In a research being conducted in Turkey, it was revealed that corporate application software market of Turkey (ERP) has reached to a volume of 301,64 million dollars in 2016. Corporate application software market has achieved an annual growth rate of 12.3 percent. Our country which is confronted with negative influences of events such as unsuccessful coup attempts and terror attacks has a growing corporate application software market despite these. For the years of 2017 -2021 annual compound growth rate of this market (CAGR) is expected to be 5.4 percent. Major factors accelerating corporate application software investments in year 2016 are stated to be various decisions that are taken as relating with invoice (e-invoice) and e-accounting investments, budget constraints, efficiency increase and digital transformation. According to a research that is conducted in our country, below data relating with corporate application software come to the forefront. In the production sector it is expected for process manufacturing sub-sector to show biggest growth with annual compound growth expectation (CAGR) of 6.6 percent. This is followed with retail sector and discrete Fig. 1. 6 Usage of Enterprise Resource Planning (ERP) in Turkey and Information Safety 238 manufacturing sub-sector of production industry with a growth expectation of 6.2 percent. In 2016, corporate resource management (ERP) software had the biggest share of 54.8 percent in Turkish corporate application software market and throughout the year it generated license and maintenance (L&M) revenue of 165.26 million dollars. While SAP, being the global leader in this sector, became the biggest ERP supplier in Turkey with a share of 42.2 percent in the market in year 2016, LO- GO ranked as the second one with a share of 23.3 percent. Microsoft remained in third row with a share of 8.4 percent. In 2016, 96.2 percent of total ERP expenditures in Turkey is provided by first ten producers. Production companies were among biggest ERP consumers in Turkey and purchasing of 84.91 million dollars constituting 28.2 percent of total market is realized by them. ERP Systems Foreign ERP Providers SAP: The company with German origin is the most rooted company in ERP sector. It was founded in 1972 and with a market share of %25 it is the global leader in ERP market. SAP is also the leader in Turkish market. Its share in this market is % 36.3 and its user numbers is 15.000. It is being preferred by nearly 230 companies. In the first 500 companies of Turkey, as ERP, SAP has been preferred with biggest ratio. ORACLE: ORACLE, which is mainly known for their database solutions, also has ERP package which is defined as “Oracle E-Business Suit”. While Oracle ranks in second row in global scale in ERP market, Peoplesoft (JD Edwards), which ranks in the third row has made a serious attempt against SAP by purchasing the company and their software. Works to combine Oracle and Peoplesoft software are still continued. In Turkey, they have nearly 200 installations. MBS (Microsoft Dynamics): Software giant Microsoft has taken its place in ERP market recently with their company purchasing strategy and they have attained nearly %5 market share in global scale. Packages that are active in Turkey are Axapta and Navision under the heading of Microsoft Dynamics. In 7 7.1 7 ERP Systems 239 terms of markets, they target at SMB (Small and Medium Size Business) market. Solutions in Turkey are implemented by various local companies which are solution partners. IFS (Industrial and Financial Systems): IFS which is a Swedish originated ERP is composed of more than 60 business applications including solutions such as those relating with e-commerce, finance, maintenance, human resources, supply chain management, customer relations management, service management and engineering as expanding step by step by being installed in a short time at enterprises with different scales with the component architecture it has got. Their authorized office provides services relating with sales and marketing, localization, implementation, adaptations that are private for customers, training and consultancy services in Turkey. IFS applications are used by more than 2.000 users in more than 50 companies in Turkish market since 1995 as including companies traded at Istanbul Stock Exchange Market. IAS (Industrial Application Software): The company which is established in Germany by a Turkish entrepreneur (Hakan Karabiber) in 1989, has brought software development and R&D studies to Turkey afterwards and has entered the Turkish market. IAS, which has more than 50 customers in Turkey, is emphasizing its technological superiority with new version of CANIAS that is developed with Java, as enabling for the whole ERP to operate through the web in recent years. Although it is stated in foreign ERP classification, as it is developed in Turkey, it also has advantages of local ERPs. ABAS: ABAS, which is established in Germany, Karlsruhe in 1980, provides ERP and e-business solutions in 28 languages to more than 2100 customers and more than 45.000 users throughout the world. Training, consultancy, adaptation and project management services are provided by 50 business partners and nearly 580 qualified personnel of ABAS throughout the world. ABAS Business Software solutions can operate in Linux, Unix and Windows platforms. In nearly %80 of installations that are made until today, Linux has been preferred. Usage of Enterprise Resource Planning (ERP) in Turkey and Information Safety 240 Turkey ERP Providers NETSIS: It is among the leading ERP producers in the sector, successful projects of which are rapidly increasing in number. Local software company, centre of which is located in Izmir, is providing services with 40 solution partners today by developing solutions that comply with modern and international criteria. With their mission to export software from Turkey to the world, they are marketing their software technologies which they develop at R&D base in Urla at their offices in Azerbaijan, Egypt, Ukraine, and Iran as of today. LOGO: Logo, being the leading company in Turkish software sector, continues their expansion which they have gained in the market with the accounting package since year 1984 with Unity which is the product they have produced in ERP area. Logo, which also exports software abroad, has released their product “Unity on Demand” with Java support recently to the market. Logo, which is an important software exporter, currently operates in 17 countries. UYUMSOFT: One of the leading ERP companies in our country is Uyumsoft. Uyumsoft, which provides solutions to many companies among first 500 companies in our country, has directed their attention to Europe as well and they realize software exports to the markets of England, Azerbaijan, Albania and Iran. WORKCUBE: WorkCube is a comprehensive e-business application software that enables for company employees, customers, and all business partners ranging from suppliers to service providers under as single and solid platform. WorkCube, being a fully web based corporate software, provides a platform to the corporations where they can carry out all their business, collaboration and communication activities through a common database from A to Z. WorkCube can be considered as a complex resultant of corporate software solutions that are defined with different categories and descriptions in the past and today. In this respect, WorkCube contains all functions in solutions such as ERP, MRP, CRM, HR, SCM, CMS, LMS, B2B, B2C, and Project Management and it offers them for usage of corporations in an integrated way with each other. Workcube which is developed and launched to the market by Workcube E-İş Sistemleri A.Ş., is the only web-based software that provides the greatest number of functions over a common database until today. SET SOFTWARE: It is the leading institu- 7.2 7 ERP Systems 241 tion in the sector that operates since 1993 relating with ERP, CRM, MRP, IFRS, Financial software requirements of local corporations and foreign capital corporations and institutions with medium and overmedium sizes. As being a software company that produces %100 unique solutions for corporations on project basis, their main product being SET B’LACK ERP software is successfully used in various different sectors. TEKNOSOL: It is one of the leading ERP software companies in our country. With their V-Era ERP Project, they provide solutions to their distinguished customer portfolio ranging from pharmaceuticals to cosmetics, from textile to paint sector, from packaging industry to automotive, and to glass and porcelain sectors. In line with different service approach of Teknosol, with the services they provide before the project, during and after project applications, V-Era ERP, has strengthened its place among the projects that are mostly preferred in the sector. LOGIN SOFTWARE: Login Software offers Privatized Corporate Management Information Technologies System Solutions since year 1989. They provide services to medium and large-scale clients which they have determined as their target client mass, with the products which they have developed themselves. Differences that cause our solution to be differentiated from others are flexibility, reliability and production capabilities. Due to the reason that our Login Integrated ERP Solution can be comprehensively privatized by our software team, this has been the most important reason for positive opinions of our business partners about us. Capabilities of program regarding production operations respond to the requirements of companies making production on order basis in our country in confidence. Our Product Configuration logic, equivalents of which do not exceed a few not only in our country but also in the world, has brought the success which many software companies could not achieve. Definition of Information and Information Safety Before making the definition of information safety, it is required to define information in a clear and understandable way. Information is data collection being recorded on paper or in digital environments as being understandable and transmittable or they are real and imaginary 8 Usage of Enterprise Resource Planning (ERP) in Turkey and Information Safety 242 products of ideas that are transmitted, recorded, or published either officially or non-officially in any from within the mind. Information is the upper level of information and data. Information can be briefly defined as “information to which meaning is attached”. If we realize the process to transform information into usable and beneficial activity, information takes the form of information. For example, if we think of phone numbers as data, a meaningful phone guide being formed from these telephone numbers is an information. It is an information when we recall a number we have seen in this phone guide and think that this number belongs to one of our friends and that we should have called this person for a long time. Bu defining information and by passing it through examination, evaluation, synthesizing, and finally decision-making process and by applying it, it is reached to information. Information safety is the total of efforts shown to establish a safe information processing platform in order to protect integrity of information by avoiding unauthorized accesses during storage and transport of data or information in electronic environment. Information safety bears the purposes of ensuring work continuity, minimization of losses in case of inevitable disasters, and protection of confidentiality, accessibility and integrity of resources, being building blocks of companies (Vural and Sağıroğlu 2008). With a different definition, in an environment where continuous access can be had to information, ensuring integrity of information from the sender to receiver in confidentiality, without being disrupted or changed and being obtained by others and their being transmitted in a safe way are defined as information safety. Purposes of information safety are 3 fundamental particulars stated below (Alsmadi et al. 2018): Confidentiality: Confidentiality can be defined as information’s being close to the access of unauthorized people. Another definition of confidentiality is avoidance of disclosure of information by unauthorized people. Integrity: Integrity is protection of content of information against threats of its being changed, erased or destroyed in some way by unauthorized people. Integrity is ensuring correctness and completeness of information. It is related with information content’s not being changed, erased or destroyed with regards to any of its parts. Availability: Availability is information’s being ready to be used at each time of of being needed. Even in case of any problem that arises, information’s being accessible 8 Definition of Information and Information Safety 243 is a requirement for its usability feature. This access should be within frame of user rights. As per availability principle, each user should be able to have access to information source within time slice when he is authorized. Information Safety at ERP In recent ten years’ time, as being seen in each other field, digital infrastructures have brought electronic transformations with them in commerce. Private sector has grasped digital developments beforehand and they have started to control business processes with big volumes with ERP systems. With the development of internet infrastructure, ERP systems began to be accessible from each place and from each device (Anonymous 2018). Nowadays especially cyber threats and their sources can be very heterogeneous and their targets can be various. Taking measures and being prepared before the attacks bears vital importance for avoiding social and economic damages (Canbek and Sağıroğlu 2006; Çetinkaya 2008). Cyber-attacks targeting Safety of ERP system form sort of threats. Usage of old version or non-supported software in enterprises create security weaknesses. Software companies launch new versions and new products as per security deficiencies of software and infrastructure problems. Enterprises allocate resources for updating and new versions and software companies prefer product modifications as traditional ERP upgrading is difficult (Başaran 2018). Researches show that %66 of companies do not use updated ERP products. Companies’ resisting against updates that cause additional costs give rise to serious security deficiencies. Those who will realize cyber-attacks especially examine the published updates and they determine the failures in previous versions with reverse engineering and they target at companies using software with low versions (Anonymous 2018). For a real safety of operational software, an integral approach should be followed. In ERP software safety, safety of operating system through which it operates, physical safety of server, net safety, final user safety and similar topics should be questioned. Updating of ERP that operates through an operating system that is not updated does not show that the system is secure. Customers using old 9 Usage of Enterprise Resource Planning (ERP) in Turkey and Information Safety 244 products are made subject to attacks realized towards these deficiencies in such cases. Worst example of this in industry is experienced with Windows XP operating system. According to the new researches that are made, ratio of those using Windows XP is %20. When ratio of operating systems used in enterprises is considered, it reaches up to %60. This situation creates serious security risks as operating systems are quite open to active and passive attacks (Başaran 2017). Inadequate reporting capabilities can cause external reporting again. Loss of data inspection is a particular which directly effects data safety. Reporting tools that are resolved by new generation ERP systems, produce vital data for correct and safe operation of system. It is required for these data to be kept in a safe place outside live system after they are produced. Most dangerous command for a data system is updating. Biggest problem relating with incapable reporting tools is that they don’t reveal retrospective data control and that they don’t show changes in data that have changed in time. Retrospective updating of data can give rise to outcomes that are difficult to detect and recover. In an ERP system where data auditing is lost, requirements for external reporting arise. It is permitted especially for critical data to be transmitted outside with user friendly intermediary systems such as Access and Excel. Opening of data to another target necessitates not only the security of main system but also the security of lower target systems where data are opened. After data is transmitted outside, their being transported, copes and controlled give rise to serious security weaknesses. Reporting tools that are more secure, more capable and central should be preferred. In ERP system data should be classified according to their importance as per the declarations to be given by the enterprise. Data inspection and authorization should be improved and while they are transmitted out, organization of data according to their classes should be realized. But at this point importance should be given for security protocols to be transparent and applications that would avoid user works or make them become difficult should be eliminated. Sensitive balance between security and operability should be tested with site testings. Rightfully many enterprises focus on threats that may come from outside, physical security of data centers and final user security issues. However, for the enterprises the possibility of having a computer pirate attack from outside is lower than a technical person- 9 Information Safety at ERP 245 nel’s or system provider’s using access and change authorizations in a faulty way or with misuse from inside. Damages that can be given to enterprises by the employees of enterprises is considered to be much higher than the damages that can be caused by external threats. In ERP system for ensuring security, below stated 5 items can be considered as advises (Başaran 2017; 2018). Finding a secure ERP software: Software of most producers are secure. If there are any concerns relating with software that are privately developed for a company or which have very few users other than the said company, before software is purchased, it can be requested for testing to be done by an unbiased company regarding software security and performance and for the weaknesses found to be eliminated. Making a safe installation: If there are issues relating with safety of net architecture where ERP software will be established, safety of operating systems of servers where software will work, amendment of factory set user names and passwords, additional security options/modules provided by producer, particulars relating with their being activated should be handled with care. Providing training of those managing the software: Particulars such as determining which changes will be made how on ERP software, which users will have access to this software with which authorizations, what remote access conditions will be, how user actions and database movements will be monitored should be evaluated. Increasing user awareness: Improving consciousness of users against social engineering attacks such as Phishing attacks is the most effective measure to be taken against these attacks. Security issue should be absolutely included in user training. Continuous inspection of processes: Continuous monitoring of ERP software, users, and database and determining attackers or extraordinary movements being observed and realizing necessary interventions bear vital importance. ERP Information Safety Gaps In the report being published by Digital Shadows Ltd. and Onapsis Inc., researchers have stated that they have observed a visible increase in attacks made by hactivist groups, national state actors, and cyber offenders on ERP systems of SAP and Oracle (Montalbano 2018). With the 9.1 Usage of Enterprise Resource Planning (ERP) in Turkey and Information Safety 246 publishing of this report, relevant companies have published patches closing security deficiencies relating with their software. One of the biggest attacks experienced by SAP was realized in years 2013 and 2014 and due to a security gap, in 2013 and 2014 unauthorized access was had to data of USIS that provides services to state institutions and private sector in USA to question people’s past (Haberturk 2018). Attacks towards small scale companies and especially towards the producers are increasing. In these attacks, especially ERP systems have become attractive targets. Because these data include most important business data of a company. Besides, ERP systems also serve as a corporate data center that connects with other systems on store area, customers, suppliers, mobile workers and machines. As being a registry system for an enterprise, ERP data bear critical importance for tasks as including very confidential intellectual properties. For this reason, it is required for enterprises to attach special importance to ERP security, regardless of their being big or small sized. We can specify biggest five security threats confronted by your ERP system as below. 1: Patchless Software: In ERP software, updates and patches should be monitored and realized on time. The sad truth is that many ERP systems are being used without their patches being loaded. 2: Poor Structuring: Our second most important security risk is related with adjusting and structuring your ERP system in a non-appropriate way. Most of the time, enterprises establish their systems without considering security or by considering it as little and they open the door for cyber-attacks. Deficiencies in a configuration can include problems relating with security gaps, open ports, access parameters the lock of which has been opened relating with identity information or private code security gaps relating with a system. 3: Old Web Interfaces: ERP Web applications should be continuously updated and software developments should be followed up. Regarding SQL injection and web-based attacks (XSS, XSRF) web page rules should be followed up. 4: Inadequate Access Controls: It is an important component of a good ERP safety to determine who can see and arrange data in the system. As these systems possess all or most of critical business data, not being able to manage access process appropriately causes a permanent security threat which the companies should always focus on.5: Complex Service Rejection Attacks: Usage of ERP security gaps in a 9 Information Safety at ERP 247 complex way causes an important threat for any enterprise based on ERP system as being the case for almost every enterprise. For this reason, real time monitoring is important. It is required for these five security risks to be monitored and to exhibit a proactive standing against security issues in general. Due to cybercrimes and reverse engineering developments, as ERP systems are important data stores, it is required for information security developments to be added to ERP software. Conclusions ERP systems where all kinds of information of companies such as those relating with warehouse, workplace, personnel, finance, distribution net are kept gain significant importance nowadays. Companies can even carry out their work flows and approval mechanism through these systems. In companies where it is inevitable to realize active time operations, accesses can be had through the wen and all the system becomes open to internet environment. These systems are administered by key users and most of the time users can cause security gaps without knowing to carry out their works in a fast way. While this situation is not desired by companies at all, in order to avoid it, continuous security training should be given to users. However, it is required for security protocols not to slow down work processes of users. Security of ERP systems is not only related with users. In situations relating with updating of operating system where system is installed, situation of hardware, updating of ERP system, risk is present not only for ERP but for all the systems. What should be primarily realized by companies here is to establish security stages other than ERP software in a successful way. In the end ERP is a software system as well and it should have routine security processes. Besides the fact that computer and internet usage increase each and every day and the benefits, gains, advantages and positive aspects of virtual world that influences, changes and directs our lives more as time passes, it should be considered that if attention is not paid, they could damage personal and corporate processing, cause efficiency decrease and big scale losses and even very serious local or global chaos. However, it is not possible to ensure information safety with technological measures. In enterprises information 10 Usage of Enterprise Resource Planning (ERP) in Turkey and Information Safety 248 safety should be part of business process and at each step measures should be taken to ensure safety. For this purpose, information safety policy should be established in enterprises and workers of enterprise and other relevant people should be informed about this subject. References Al-Mashari, M., Al-Mudimigh, A., & Zairi, M. Enterprise resource planning: A taxonomy of critical factors. European journal of operational research, 146(2), 352–364. 2003. Alsmadi, I., Burdwell, R., Aleroud, A., Wahbeh, A., Al-Qudah, M. A., & Al-Omari, A. Introduction to Information Security. In Practical Information Security (pp. 1–16). Springer, Cham. 2018. Anonymous, Security and threats in ERP. Https://Cpm.Com.Tr/Tr/Erp-Blog/Erpd e-Guvenlik-Ve-Tehditler. 2018. Avunduk, H., & Güleryüz, Ö. Enterprise Resource Planning (ERP) and an Analysis of the Effects to Managerial Decisions: A Qualitative Research in Textile Firm. Journal of Current Researches on Business and Economics, 8(1), 41–52. 2018. Aydoğan, E.. Enterprise Resource Planning, TSA Dergisi Yı l:2 S:2, Ağustos 2008, s.109. 2008 Başaran, A. Cyberspace Arion Press (In Turkish). 2017. Başaran, A. Http://Alperbasaran.Com/Kurumsal-Kaynak-Planlama-Yazilimi-Erp- Guvenligi/. 2018. Braggs, S. ERP: the state of the industry. Arc. Insights 12 ECL, New York. 2005. Canbek Gürol, Sağıroğlu Şeref, Bilgi, Bilgi Güvenliği Ve Süreçleri Üzerine Bir İnceleme, Politeknik Dergisi, Cilt: 9, Sayı:3, 2006, S. 165 4 Türkiye Bilişim Derneği, Bilişim Sistemleri Güvenliği El Kitabı, Sürüm 1.0, Ankara, Mayıs 2006, S. 3 (In Turkish). Çetinkaya, M. Implementation of Information Security Management System in Institutions. Akademik Bilişim 2008, Çanakkale Onsekiz Mart Üniversitesi, Çanakkale, 30 Ocak- 01 Şubat 2008, S. 511 (In Turkish). 2008. Demir, B. Information Security in the Accounting Information Systems. The Journal of Accounting and Finance, (26), 147–156. 2005. Erkan, Turan. Erman. ERP Enterprise Resource Planning. Ankara: Atılım Üniversitesi. (Turkish) Enterprise Resource Planning. 2008. Habertürk, e-sirketi-tehlikeye-soktu-2076352-ekonomi alıntı tarihi: 26 Temmuz 2018. 2018 11 11 References 249 İnal, İ. WEB based ERP for SME's: An evaluation of Turkey's ERP vendors, Msc Thesis. Balıkesir University Graduate School of Natural and Applied Sciences. 103 page. 2004. Keçek, G. & Yıldırım, E. Enterprise Resource Planning and The Importance For Company Electronic Journal of Social Sciences 8 :240–258. 2014. Laudon, C. K., & Laudon, P. J. Information Systems in the Enterprise, Managing the Digital Firm, 8/E. Prentice Hall. 2004. Loh TC, Koh SCL Critical elements for a successful enterprise resource planning implementation in small-and medium-sized enterprises. Int J Prod Res 42(17):3433–3455. 2004. Manettı J. How technology is transforming manufacturing. Production and Inventory Management Journal 42(1), 54–64. 2001. Montalbano, E. Onapsis Report Report: Cybercriminals target difficult-to-secure ERP systems with new attacks ecurity-threat-report 2018. Ross, J.W. and Vitale, M.R. The ERP revolution, surviving vs. Thriving. Information Systems Frontiers; special issue on The Future of Enterprise Resource Planning Systems 2(2), 233–241. 2000. Sumner, M., Enterprise resource planning, Upper Saddle River, New Jersey: Prentice-Hall. 2005. Usmanij, PA, Khosla R, Chu M-T Successful product or successful system? User satisfaction measurement of ERP software. J Intell Manuf 24(6):1131–1144. 2013. Vural, Y, Sağıroğlu Ş., A Review On Enterprise Information Security And Standards. Gazi Üniversitesi Mühendislik Mimarlık Fakültesi Dergisi, Cilt 23, No 2, Ankara, 2008, S. 509. 2008. Key Terms Enterprise Resource Planning ERP vendors Information security Security solution Information management systems Technology Business world Security Knowledge management systems 12 Usage of Enterprise Resource Planning (ERP) in Turkey and Information Safety 250 Questions for Further Study Describe Enterprise Resource Planning (ERP). What are the major deliverables? Compare Turkey ERP and international ERP system. What does information security in Enterprise Resource Planning? What is the security solution in ERP as well as directions for secure ERP systems? Exercises What are ERP systems? What are the benefits? What do you say? While information systems have benefits to businesses, there are problems in terms of security. What do you say? Discuss national or international ERP vendors? What are the advantages and disadvantages? What security measures should be in information systems. What should be considered in ERP systems especially in enterprises? Further Reading Perunthan, Sadikali Andikkad, et al. Keyword identification for an enterprise resource planning manager. U.S. Patent Application No 10/169,382, 2019. Clegg, Ben; WAN, Yi. Enterprise Resource Planning (ERP) Systems and Multi-Organizational Enterprise (MOE) Strategy. In: Business Transformations in the Era of Digitalization. IGI Global, 2019. p. 52–75. Shafi, K., Ahmad, U. S., Nawab, S., Bhatti, W. K., Shad, S. A., Hameed, Z., & Shoaib, F. Measuring Performance Through Enterprise Resource Planning System Implementation. IEEE Access, 7, 6691–6702. 2019. Fernandez, D., Zaino, Z., & Ahmad, H. An Investigation of Challenges in Enterprise Resource Planning (ERP) Implementation: The Case of Public Sector in Malaysia. International Journal of Supply Chain Management, 7(3), 113–117. 2018. Eker, M., & Eker, S. The Impact of Interaction Between Enterprise Resource Planning System and Management Control System on Firm Performance in The Turkish Manufacturing Sector. Business and Economics Research Journal, 9(1), 195–212. 2018. 13 14 15 15 Further Reading 251 Gonçalves, D., & Seruca, I. SEPA Files Transmission: Implementing Security Guarantees in Enterprise Resource Planning Systems. In ICEIS (1) (pp. 205–212). 2018. Usage of Enterprise Resource Planning (ERP) in Turkey and Information Safety 252

Chapter Preview



Organizations have always been dependent on communication, information, technology and their management. The development of information technology has sped up the importance of management information systems, which is an emerging discipline combining various aspects of informatics, information technology, and business management. Understanding the impact of information on today’s organizations requires technological and managerial views, which are both offered by management information systems.

Business management is not only about generating greater returns and using new technologies for developing businesses to reach future goals. Business management also means generating better revenue performance if plans are diligently followed.

It is part of business management to have an ear to the ground of global economic trends, changing environmental conditions and preferences, as well as the behavior of value chain partners. While, until now, business management and management information systems are mostly treated as independent fields, this publication takes an interest in the cooperation of the two. Its contributions focus on both research areas and practical approaches, in turn showing novelties in the area of enterprise and business management.

Main topics covered in this book are technology management, software engineering, knowledge management, innovation management and social media management.

This book adopts an international view, combines theory and practice, and is authored for researchers, lecturers, students as well as consultants and practitioners.