Security Management Issues for Open Source ERP in the NGN Environment

Introduction

Development of free and open source (FOS) technologies in enterprise resource planning (ERP) has gained a strong momentum in the past few years and resulted in a number of mature solutions that had been successfully applied in practice¹. Among numerous advantages of FOS ERP, the most obvious are the absence of expenses for software purchase and installation, reduction of operational expenses and efficient customization/upgrade according to specific enterprise needs.

Security is an integral part of any software development. Key aspects that affect the degree of software dependability include the expertise to develop a secure product, quality of development tools, the level of testing carried out before releasing the product and the matured practices followed throughout the development cycle (Vadalasetty, 2003).

Communication requirements of the enterprise market differ for the small office/home office (SOHO), small and medium enterprise (SME), large enterprise and international corporation. However, advances in networking technologies create a new opportunity for all of them to become more efficient and competitive by interconnecting sites, deploying collaborative applications, increasing remote access of telecommuters and mobile users, and integrating heterogeneous telecommunication services over the same network (Stojanovic & Acimovic-Raspopovic, 2009).

The future telecommunications infrastructure will be built upon the concept of next generation network (NGN). NGN refers to an architecture of telecommunication core and access networks, which assumes transport of all information and services over a common network, typically built around the Internet Protocol (IP). In the NGN environment, many access networks may exist using various wired or wireless technologies. New service providers could enter and exit the market every day. There is a strong need for end-to-end quality of service (QoS) provisioning, according to specific user requirements. Besides, support of generalized mobility is required, which is defined as “the ability for the user or other mobile entities to communicate and access services irrespective of changes of the location or technical environment” (International Telecommunication Union – Telecommunication Standardization Sector [ITU-T], 2004, p.2). Finally, an essential feature of NGN should be the disappearing distinction between users and the network. Deployment of IP services should be based on virtual networks that divide the transport network into multiple self-managed subsystems. Under such circumstances, service providers need to define appropriate strategies quickly to address the business market, increase revenue, stay competitive, and increase market share (Mordelet, Festraets, & Wang, 2006).

This chapter aims to provide a critical evaluation of security issues and potential solutions related to the use of FOS ERP in a highly dynamic and heterogeneous NGN environment. We first present a brief state of the art with respect to technologies, features and applicability of the existing security solutions for ERP systems. Second, we address security issues in FOS ERP systems. Further, we consider research directions concerning NGN infrastructure security, with a particular focus to the importance of building advanced security management systems.

The objective of our research is to address the following open questions:

• •

  Are FOS ERP tools more or less vulnerable than the commercial ones?

• •

  Are security problems posing limitations to the applicability area of FOS ERP?

• •

  How can services that are provided through a heterogeneous NGN environment be secured?

• •

  What is the role of security management system, and which principles should be applied for designing such a system?