ERP testing is the undervalued backbone of your digital immune system

A lock representing security overtop a computer keyboard : digital immune system

This year brings me a 20-year career anniversary in software test automation, since beginning my first role in software engineering. As I look back at my own journey, it’s prompted me to reflect on the growth in the field.

In the years since starting out, I have seen the process of building test automation from the ground up. The industry has completely transformed from traditional waterfall methodology to Agile to DevOps, and beyond. As for right now, it’s in a whirlwind of change.

The main thing on my mind this month? Three words: digital immune systems (DIS). We’re seeing a rise in usage of this term, driven in response to an unprecedented escalation in the scale and variability of cyber threats. But in terms of implementing one successfully, there’s a whole lot of work to do.

What is DIS? And how does it fit in a business?

Gartner recently defined DIS as a combination of “practices and technologies for software design, development, operations and analytics to mitigate business risks.”

And that’s just it – just as the human immune system fights pathogens, DIS protects applications against cyber attacks, viruses, malware, phishing, ransomware, collapses, freezes and security breaches.

It’s been shown that with a well-designed DIS, businesses can prevent cyber attacks, detect unauthorized access and respond quickly to any potential threats. But it takes various components to hit the sweet spot, and they include strict security testing, firewalls, antivirus software, intrusion detection systems and robust access orchestration control (more on that in a moment).

Gartner researchers split these into six key pillars of a successful DIS which cover observability, AI-augmented testing, chaos engineering, auto-remediation, site reliability engineering (SRE) and software supply chain security.

For businesses to incorporate these six pillars into their software ecosystem, what we’ve seen is that they first must have a good handle on how their ERP environment is configured. It’s impossible to protect what you don’t know exists.

A good place to start is thoroughly mapping your packaged app, including integrations, add-ons and connected apps, as these points of contact between applications are often entry points for defects and are also prone to breakage when updates occur.

What’s clear is that paying special attention to these areas and end-to-end testing them frequently is essential to ensure they are functioning properly. That’s the surefire way to put a stopper to an unexpected threat.

A healthy DIS comes down to ERP testing

Simply put, ERP testing is the backbone of a healthy DIS. It’s how you find and fix issues that could open your ecosystem to breaches. Enterprises can no longer afford to treat comprehensive ERP testing as an extra, add-on or afterthought.

Even back in 2017, the Equifax case was a prime example of poor testing leading directly to a breach. 147 million people’s Social Security numbers, birthdates and more private data were lost. The hack to this top-three credit reporting agency was caused by a vulnerability in a web application framework which the company failed to patch and test in a timely manner.

Today the same applies – by getting behind on patch updates and upgrades, it opens up a system for attack, and enacting updates becomes impossible without a thorough testing plan.

Say you’ve recently migrated to Oracle Cloud or Workday. Your system is now updating three or four times per year, respectively. Are you 100 percent aware of all security configuration changes that are occurring after each of those updates? Can your current team and budget maintain your ecosystem at the speed of its evolution?

It’s testing that is the bulwark of protection and the method by which leaders confirm their overall DIS and access control systems are effective.

Access control orchestration – the process of delineating and managing points of access in your ERP system – is also a major aspect of this maintenance. Today’s internet-facing ERPs consist of numerous third-party tools, interlayered functions and external data sources. They are manned by workforces and partners that span the globe and so leadership teams must be proactive in configuring access rights and permission settings in order to keep business processes and internal data safe.

Beyond Security: get immunity to business continuity failures

These evolutions in DIS are not only implicating cybersecurity; DIS protects business continuity, too. Gartner estimated recently that ERP system downtime costs an average of $300,000 per hour. Ouch. The past 20 years have seen several massive companies with huge budgets and expensive leadership teams experience ERP failures that created share price drops, reputation damage and business continuity disruptions.

Citibank, for example, faced an embarrassing mishap when a banker sent $900m to the wrong company, and was then sued on top of the error. The mistake was attributed to a software error.

So, what’s the core of a healthy ERP? How can failures be avoided? To be a broken record, folks, it’s testing, and – even better – it’s automated testing.

With the rate of development necessary to keep ERP environments secure in an ever-changing marketplace, manual testing can struggle to keep pace. Practically, choosing a no-code testing platform built out for your specific app ensures that tests are specific and flexible enough to fully cover your needs, without leaving gaps.

When it comes to implementing these solutions, keeping careful track of what’s being tested in a cohesive plan remains key. After each update, stay on top of security configuration changes that occur by reading advisory notes concerning the update, utilizing pre-built test cases and streamlining testing processes with automation wherever possible.

It surely is a whirlwind of change. Threats to your security have evolved, but so has technology advanced to meet them. My advice – establish a cohesive testing protocol that underpins a healthy DIS and your team, and bottom line, will thank you.

This blog is sponsored by Opkey.