A few years ago, probably as less as five, there was only path to take when it came to implementing an ERP software in your organization- on-premise installations. Web based ERP systems that enable real time transactions between various stakeholders in an organization have existed since 2000 when Gartner, in a publication titled “ERP Is Dead—Long Live ERP II” famously christened the next wave of ERP’s as ERP II.
However, it was not until 2014 or 2015 that partially or fully cloud based ERP’s started becoming popular in what Gartner (who else?) described as “Postmodern ERP”. Legacy and highly customized, monolithic ERP systems, Gartner predicted, should soon be replaced by an amalgam of cloud based and on-premise applications that are less rigid. According to Gartner, every company should define their own postmodern ERP strategy based on their requirements. While a bank may decide that their core ERP should be behind their firewall and therefore remain on-premises, a contracting firm may opt to host their core ERP set up on the cloud and keep only a few supplementary modules in-house.
Most ERP vendors provide a choice between On-Premise and SaaS- This is generally where your dilemma starts. Much has been written about why you should choose one over the other and what are the key benefits of each model. However, most articles serve to confuse the reader rather than demystifying the process of selection.
“ ‘On-Premise’ is simple enough to grasp. Cloud on the other hand is still somewhat of a mystery area for most given its myriad forms”.
Though cloud-based technology has penetrated almost every facet of our lives, people still think of it as somewhat fancy. And then there are the Luddite doomsayers who don’t lose an opportunity to point out the data security risks of cloud hosting and how cloud providers will control the Earth one day. Some of these concerns are not entirely unfounded depending on who your cloud provider is, but for most part cloud tech has reached a certain level of maturity that should give people more confidence about hosting their data on a third-party server.
While at the outset SaaS looks a more attractive option because of its subscription fee model as opposed to paying a huge sum of money upfront, there are several factors you need to consider before deciding. Chief among those factors is the number of employees who will be the end users of your new ERP system. SaaS typically works better for a small enterprise with say 10-15 users for periods of time shorter than 3 years. Anything more and “On Premise” starts making more sense as the calculation below shows you.
*TCO Comparison for 20 users over 5 years.
*SaaS pricing includes subscription, implementation and training charges
*On Premise pricing includes one-time subscription, base server cost, implementation and training, mean IT administration cost and AMC
SaaS: If you are looking at a multitenant SaaS hosted model then you will have to bear a few points in mind. It affords lower upfront costs, ease of access, lower IT administration costs but it also means your company financials, client and project related information, employee records etc. will be slightly more vulnerable to third party exposure. However major cloud vendors today have excellent security protocols and this concern is becoming increasingly overrated. Multitenant SaaS models are out of the box and not flexible when it comes to customizations.
On-Premise: Since you use your own servers and software, your data is considered more secure than it is with a third-party SaaS vendor. However, this is not to say your systems are not vulnerable to hacking and malware attacks. Therefore, there is a considerable cost incurred on IT administration. On the plus side the system is customizable and integration friendly and ERP vendors generally tend to value their on-premise customers a tad more than their SaaS ones. This leads to better service levels.
Opex vs Capex: Because of the high upfront cost, On-premise ERP’s are considered capital expenditure whereas SaaS based ones are Operational expenditure. Capital expenditures are big-ticket purchases that will have ongoing use. Because Capex costs can be recovered over time through depreciation, companies ordinarily budget for these purchases separately. Opex purchases are short-term purchases that are consumed and accounted for in the period which they were purchased.
Either way, whether you choose to have your ERP set up in-house or you go the cloud way, the most important question you must ask is “How secure is my data”?
ERP’s are often complex, business critical applications and house business critical data like employee records, financial data, legal and contractual data etc. While on-premise ERP installations have traditionally been the way to go with most companies that trend has seen a shift in the last few years. Cloud pioneers like Oracle and ERP giants like SAP have been getting their clients to migrate to the cloud and we see a clear and strategic focus from these companies towards an entirely cloud based future.
Having said that, the cloud is not a ‘one-size fits all’ concept. The deployment methodology differs for each organization based on their real-world needs.
Infrastructure as a Service (IaaS)- This model is becoming increasingly popular. Here organizations deploy their ERP’s on services like AWS or Azure and run them pretty much like an on-premise application except that its hosted with a service provider. Your agreement with the service provider will determine who will have control over the security and administration of the ERP. The responsibility could also be a shared one.
Software as a Service (SaaS)- The popular choice for SME’s with 10 users or lesser – This is a subscription-based system where the ERP application on the cloud is accessed by your users. Some examples of cloud friendly ERP’s in the real estate/construction sector are SAP S/4 HANA, NetSuite, In4Suite®, Oracle Cloud etc.
Platform as a Service- The PaaS model is used when you want to extend the features of a SaaS based ERP system. By using PaaS custom functionalities can be built on your SaaS apps. In other words, customization limitations of your SaaS ERP can be overcome using software and hardware provided as a service by the PaaS provider. Azure, AWS and Heroku are some of the providers. Once again most popular real estate ERP’s like SAP S/4 HANA, Ariba, NetSuite and In4Suite® are customization friendly. However, customizations can bring in its own set of woes with respect to security vulnerabilities. The more you customize your ERP by extending its original functionalities the more you are opening the system up to potential attacks. Fortunately, these can be mitigated to a large extent by employing security best practices like close monitoring, updated software, ERP vulnerability assessments etc.
Hybrid Cloud: This is another form of cloud that is becoming increasingly popular. It is an environment that combines both public and private clouds by allowing data sharing between them. The main advantage of this system is when there is an overload on processing or computing power enterprises can seamlessly scale and augment their on-premise infrastructure with power from the public cloud thereby handling overflows efficiently. At the same time data security is maintained by restricting third party data centers from accessing critical data. Essentially you get best of both worlds- access to unlimited computing resources without compromising on business-critical data, which sits safely behind the firewall on your premises. This form of cloud computing is finding favor with a lot of companies mainly because they don’t have to incur huge capital expenditure to handle short term demand spikes. They just pay as they go for the extra resources used from the public cloud provider and at the same time maintain low data exposure.
On the other hand, the security risks in an on-premise set up should never be underestimated. Since your in-house IT team is wholly responsible for day-to-day security and administration of your ERP system, it is of prime importance that you invest in making your IT team best-in-class. In fact, studies have shown that on-premise ERP’s are more vulnerable to hacker and malware attacks due to various factors ranging from non-adherence to ITsec policies to obsolete software to an IT workforce that is unskilled to handle the complex security requirements of a vast ERP system.
If cost is a factor while deploying an ERP, then on-premise ERP’s may end up burning a hole in your pocket. This is mainly because the cost of management and administration of the system falls on you. In addition, an on-premise ERP requires in-house hardware, software licenses and the cost of ongoing maintenance not to mention the cost of repair when one of these components fail.
In conclusion, moving to the cloud is all about studying and understanding the security risks and how you can share the responsibility for addressing those risks with the service provider. It is also about the long game. If you have a large number of end users and are planning to invest in a solid ERP system which you do not plan to change at least for the next 5 years, then you should go for an on-premise or a hybrid cloud set up. If you are an SME with just 10-15 end users, then any of the cloud models suggested above will work better for you provided you understand how security risks can be handled effectively.