ERP And CRM Security concern: Is SaaS hosting less or more secured than Hosting By Myself ?

In the years gone by most people would have opted for hosting their enterprise resource planning (ERP) and customer relationship management (CRM) systems on-premise. Their argument for doing this was that hosting on-premise was more secure. However, today, that argument is not so clear-cut. SaaS providers now offer top-notch security too.

This leaves many businesses with some confusion. The question that is top of mind at this point is whether your ERP and CRM is more or less secured when it is hosted by a SaaS provider, in comparison to when you host it by yourself. It is an important question to answer because the safety of your company’s data is imperative.

Every business wants to ensure that their data and information is safe from hackers, is securely backed-up, and is not vulnerable to viruses and malware. To help you ensure that your ERP and CRM systems are defended, we take a look at the security you get when you use a SaaS provider versus the security you get when hosting by yourself. This will help you to decide which option is best for you.

Why Is Security Important?

Before we dive into the ins and outs of security on Saas and on-premise solutions, let us take a quick look at the importance of security. Although we’re quite sure we don’t have to spend a lot of time convincing you that it is imperative.

Both your ERP and CRM systems are filled with confidential data and information. They hold insights into your organization’s finances, employees, processes, customers, and much more. This makes them attractive targets for malicious actors wanting to steal this information.

Should these systems not be properly secured, there will be several catastrophic consequences to face. First and foremost, you will likely lose a lot of money to a security breach. If this doesn’t end up putting you out of business, then the damage caused to your company’s reputation due to the breach in security might.

On the other hand, if the security issue is about losing files to viruses or due to a lack of proper back-ups, then you’ll have to face the repercussions of losing a massive amount of irreplaceable information. This may cripple your business, which is why you must put time and effort into security.

Saas Vs On-premise Security: Factors To Consider

When it comes to choosing between SaaS and On-premise, in terms of security alone, there are various factors that need to be kept in mind. We’ll take a look at these factors below, to help you gain a clearer picture of both SaaS and on-premise security for your ERP and CRM.

Security Measures

One of the most significant draw-ins of going for a Saas solution is that no matter the size of your company, they give you high-grade safety, the same as they would for a large corporation. By opting for a Saas solution, you get this security along with it.

This means that your software is protected in various ways. For example, firewalls, access controls, antivirus software, and systems that prevent intrusion could all be part of the security that you get when you use a Saas solution. In addition, the facilities in which Saas providers host their software is likely to be extremely secure, providing an extra layer of protection for your company and its critical data.

On the other hand, when you opt for the on-premise option, your ERP and CRM software may not be as guarded. All security measures need to be handled by your organization.

In most cases, when it comes to ensuring the safety of software, without expert help, people think that a simple antivirus is enough to protect them. The truth is that antivirus is far from enough, and you will have to facilitate the implementation of high-grade security on your own, which can be difficult. Clearly, the level of safety measures is better with a Saas provider.

Patch Management

When it comes to updating software, Saas providers do it all for you since they often team up with software engineers or have teams of their own to take care of this. And, this is usually done as soon as updates become available. Consequently, this ensures that you are never vulnerable to attacks as a result of out of date software.

Conversely, if your software is hosted on-premise, all software updates have to be managed by you and your team. This can be difficult to do. Furthermore, each device in your office needs to be updated and that can be very time-consuming. It is also quite costly to ensure that you have the facilities, resources, and relevant staff to manage and carry out software updates on a regular basis.


A compelling argument in favor of Saas providers is the fact that they often have higher levels of expertise, which means that they are more capable of providing a stronger security solution.

With on-premise, you have to do security on your own, and you might not have the expertise (or you may not have access to anyone with the relevant knowledge and skills). Of course, it is fairly simple to figure out the basics like antiviruses, and it is not too difficult to implement policies like granting or denying access to people requesting to see your data.

However, if you want higher-grade security, you’ll need higher levels of expertise. And this is why many are now opting for Saas solutions. Saas providers follow best practices and ensure that you are protected on all fronts, as they often have data security specialists on their teams. You may not have these types of specialists in-house, and so an on-premise CRM and ERP system may be a bit riskier.

Service Availability and Backups

We can’t ignore the fact that server failures often occur, and when they do, they put organizations at risk. If you are hosting your CRM or ERP system on an on-premise server, and that server fails, you may be at risk of losing access to all the information and data for a long period of time. This will be detrimental to your business. What’s worse is that if your data is not backed up, you may lose it forever.

While this may not be a security breach, it is still an issue of security. If your ERP or CRM system is hosted by a Saas provider, however, it is unlikely that such an issue would arise. This is because Saas providers have servers that are more fault-tolerant, and they have backup plans for when servers do fail.

In most cases, if a Saas provider’s server fails, your CRM and ERP systems will be moved to secondary servers, and will thus still be available to you. In fact, it is unlikely that you will even notice that the servers were down.

Summing Up Thus Far

Until now, it may seem as though Saas providers are the way to go. They are better at providing stronger security measures, they ensure your systems are always updated and that servers crashing are not an issue, and they are likely to have more security expertise than most people within your organization.

These are factors that are worth keeping in mind when you’re deciding whether you should use an on-premise or a Saas solution. However, as you will see in the following section, not everything is negative when it comes to the on-premise solution. In fact, there are a variety of ways in which it may actually be better.

On-Premise Security

As you may have noticed above, there are quite a few areas in which on-premise solutions fall short (in terms of security). But, as we mentioned, they have many advantages too. Let’s take a look at some of the security advantages of going the on-premise route.


One of the most common arguments for on-premise solutions is that you do not have to put your data and information in the hands of a third party. When you use a Saas provider you are trusting them to keep your most valuable information safe. Many organizations do not feel comfortable with doing that.

By opting for on-premise solutions, you don’t have to worry about third parties at all, as everything is hosted and managed by your organization alone.


From a security standpoint, another advantage of using an on-premise solution is that there is much more clarity in a lot of areas since everything is controlled from within your organization. There is clarity about the design of the solution, and this means that you know how it is structured and how it works, which will lead to much fewer mistakes that could put the security of your systems at risk.

Furthermore, there is clarity about roles and responsibilities for taking care of the systems. Since you host on-premise, you are 100% responsible for all security requirements and there are no grey areas where you may wonder “should I be doing this, or is it the responsibility of the Saas provider?”. This way, you know exactly what to train and prepare your staff for and your security can be very strong.

Finally, in regards to clarity, you can decide on which aspects of security needs to be implemented, since you are in control. You won’t have to settle for accepting things you don’t need or don’t want, which can often happen if a provider does not have a good understanding of how your company works and what it does.

Since you know your company best, you’ll have the highest level of clarity, to decide on what tools are best for you.

Customer Satisfaction

Possibly one of the most convincing advantages of using an on-premise solution is that your customers will prefer it. In the same way that you may not want to trust your critical data and information in the hands of a third party, your customers probably don’t want that either.

So, if your CRM is being hosted by a Saas provider, your customers may not be happy with that as they might feel secure with their information being in the hands of a Saas provider they know nothing about.

By putting in a little extra effort to host on-premise (and ensure that your on-premise security is as strong as it can be) you will likely have more loyal customers. You’ll also be able to charge customers a bit more for offering them this type of security.

Which Option Should I Choose?

As you can see, there are pros and cons to both on-premise and Saas solutions, when it comes to security. And, if you look around and do some research into the debate, you’ll see that there is a wide range of opinions as to which one is better for security too. The truth is that there is no real answer to the question of which you should choose.

Really, the answer depends on what your organization’s security needs are, and also what your organization’s hosting needs are (to read more about on-premise vs Saas solution hosting, read our blog post here).

Here are some additional factors to consider when you’re making your decision:

  • How bad are the security threats in your region?

  • How sensitive is your data and information? Would it be absolutely detrimental if a hacker got a hold of it or if it was ruined by viruses and malware?

  • Can your organization afford to spend time, money, and manpower on building a security system on-premise?

These questions will help you decide which route to take. Both on-premise and saas solutions are good options. You simply have to consider which set of pros and cons you prefer to deal with.

Final Thoughts

Choosing between a Saas solution and an on-premise solution for your ERP and CRM doesn’t need to be complicated and stressful. Really it is as simple as deciding what your organization is able to do for itself and what it needs to outsource. Either way, Dolibarr has got you covered since we offer both an on-premise and a Saas solution for your ERM and CRM.

Author: Laurent Destailleur - aka Eldy