For many CIOs and CTOs running Microsoft Dynamics GP, the conversation about modernization is no longer theoretical, and the phrase on everyone’s lips is “Cloud ERP Security”.
It’s operational.
With 2029 on the horizon, leadership teams are being asked to evaluate what comes next, and increasingly, that conversation leads to the cloud.
But alongside that opportunity comes a familiar set of concerns:
- Is cloud ERP actually secure?
- Are we giving up control over our systems?
- Will subscription pricing become unpredictable over time?
These are not objections to dismiss.
They are the right questions to ask.
Moving from an on-premises ERP like GP to a cloud platform such as Microsoft Dynamics 365 Business Central is not just a technology shift.
It’s a transformation of the governance, security, and financial models.
With these questions in mind, let’s turn to the bigger context: is taking on cloud ERP truly about risk – or about reallocating responsibility?
When executives ask whether cloud ERP is “worth the risk,” the more accurate question is:
Where does the responsibility for risk sit today – and where should it sit in the future?
In on-premises environments like Microsoft Dynamics GP, your organization is responsible for:
- Infrastructure security
- Patch management
- Backup and disaster recovery
- System availability
- Compliance readiness
In a cloud model powered by Microsoft, much of that responsibility shifts to a provider operating at a global scale.
This doesn’t remove control.
It’s a reallocation of operational burden, from internal IT teams to enterprise-grade infrastructure.
With this mind shift, security remains at the forefront. Is cloud ERP secure?
The short answer: yes, but not automatically.
Platforms like Microsoft Dynamics 365 Business Central are built on Microsoft Azure, which provides enterprise-grade protection through its Microsoft Azure security infrastructure:
- Global data centers with physical and network security
- Continuous monitoring and threat detection
- Built-in encryption at rest and in transit
- Compliance with international standards (ISO, SOC, GDPR, and more), supported by Microsoft compliance and certification standards
For most mid-market and enterprise organizations, replicating this level of security internally is not realistic.
However, cloud security still depends on how the system is configured and governed.
Key areas that remain your responsibility:
- User access and identity management
- Role-based permissions
- Data governance policies
- Monitoring and audit processes
Cloud ERP is secure by design and effective with strong governance.
Identity Is the New Security Perimeter
In cloud environments, the traditional network perimeter disappears.
Security shifts to identity.
Using Microsoft Entra ID, organizations can enforce:
- Multi-factor authentication (MFA)
- Conditional access policies
- Device and location-based restrictions
- Centralized identity governance
This creates a more dynamic and controllable security model than traditional on-premises systems.
But it also introduces a new leadership requirement:
Identity strategy is now core to ERP security.
Security isn’t the only concern – control also matters. Can we still control updates in the cloud?
One of the most common concerns among GP users is loss of control over system changes.
In on-premises environments, upgrades are:
- Infrequent
- Highly customized
- Often delayed due to cost and complexity
In the cloud, updates in Microsoft Dynamics 365 Business Central follow a different model.
Microsoft provides:
- Scheduled release waves (typically twice per year), aligned with the Dynamics 365 release wave schedule
- Advance visibility into upcoming changes
- Sandbox environments for testing
- Configurable update windows
This allows organizations to:
- Validate updates before production deployment
- Train users ahead of changes
- Reduce disruption through smaller, incremental improvements
The result isn’t less control, but more predictable control.
Subscription vs CapEx: The Financial Shift
For many executives, the move to cloud ERP raises an equally important question:
How does the financial model change?
With Microsoft Dynamics GP, costs are typically:
- Upfront license purchases (CapEx)
- Infrastructure investments
- Ongoing maintenance and upgrade costs
With Microsoft Dynamics 365 Business Central, the model shifts to:
- Subscription-based pricing (OpEx)
- Per-user licensing
- Bundled infrastructure and platform services
Is Subscription Pricing Predictable?
In most cases, yes.
Subscription pricing is:
- Tied to user count and license type
- Scalable with organizational growth
- Easier to forecast based on hiring plans
This creates financial alignment between ERP cost and business activity.
However, predictability depends on governance.
Organizations must manage:
- License allocation and usage
- Role-based licensing tiers
- Expansion of environments or integrations
Without oversight, costs can drift.
With governance in place, they remain highly controllable.
Hidden Costs vs Visible Costs
One of the most important shifts in moving to cloud ERP is cost transparency.
On-premises systems often carry hidden costs:
- Server maintenance
- Downtime risk
- Security tooling
- IT labor for patching and upgrades
Cloud ERP consolidates these into a visible, recurring model.
This doesn’t necessarily reduce total cost in every case.
But it does make measuring cost:
- More predictable
- Easier to align with value
- Simpler to justify at the executive level
Governance in the Cloud Era
Cloud ERP does not eliminate governance; it elevates it.
Executives must think beyond infrastructure and focus on:
- Access governance: Who can see and do what
- Data governance: How information is classified and protected
- Financial governance: How licensing and usage are controlled
- Operational governance: How updates and changes are managed
This is particularly important for organizations transitioning from legacy systems like Microsoft Dynamics GP, where governance may have evolved organically over time.
Cloud platforms provide the tools.
Leadership provides the discipline.
Compliance and Audit Readiness
For organizations in regulated industries, cloud ERP introduces an important advantage:
Built-in compliance capabilities.
With Microsoft Dynamics 365 Business Central and the broader Microsoft ecosystem, organizations can leverage:
- Audit trails and activity logging
- Role-based access controls
- Data retention policies
- Integration with compliance and security tools
This makes it easier to:
- Demonstrate control during audits
- Maintain consistent policies across systems
- Respond to regulatory requirements
The Balanced View: Control Without Complexity
It’s understandable to think cloud ERP reduces control, but that’s incomplete.
The change is in how control is exercised.
Instead of managing infrastructure manually, organizations define control through:
- Policies
- Identity frameworks
- Governance structures
- Monitoring systems
The result is often:
- Stronger security
- Greater visibility
- More predictable costs
- Reduced operational burden
Key Takeaways
- Cloud ERP shifts responsibility, not risk elimination.
- Security is strengthened through Microsoft Azure infrastructure and identity controls.
- Updates are structured, predictable, and testable.
- Subscription pricing is scalable and forecastable with governance.
- Cloud platforms improve transparency across both cost and compliance.
What Comes Next in This Series?
In our first article, we explored the strategic question many executives are asking: what does long-term ERP readiness look like as 2029 approaches, and how should leaders evaluate modernization beyond urgency alone?
This article addressed a core operational concern:
“Is cloud ERP secure, controllable, and financially viable?”
The next step is more strategic:
How do we decide when – and how – to move from GP to Business Central? In the next article, we’ll explore:
- Migration timing considerations
- Risk-aware transition strategies
- How to evaluate readiness for modernization
Because the decision is not just about technology.
It’s about aligning your ERP platform with where your business is going next.
Assess Your ERP Strategy with Confidence
If your organization is evaluating whether to remain on Microsoft Dynamics GP or transition to Microsoft Dynamics 365 Business Central, Liberty Grove Software can help you assess:
- Security and compliance posture
- Cost modeling and licensing strategy
- Governance readiness for cloud ERP
The goal is simple: make a clear, informed decision, without unnecessary risk.
You can also explore Microsoft Dynamics 365 Business Central solutions to better understand how a modern cloud ERP platform supports security, cost control, and governance.
Contact Liberty Grove Software today to schedule a personalized assessment and determine the best path to a secure, cost-effective cloud ERP future for your organization.
If you’d like to understand where your organization stands before enabling BC Copilot, let’s talk.
Schedule a BC Copilot Readiness Discussion
About Andrew Good
Andrew Good, CEO, Liberty Grove Software
Andrew Good, CEO of Liberty Grove Software, a leader in digital transformation, directs the company with strategic insights that deliver impactful results. With over two decades of expertise in Microsoft technologies, Andrew has guided businesses through digital transformation across manufacturing, finance, and healthcare.
Andrew’s extensive knowledge comes from personal experiences with various companies. His hands-on operational knowledge comes from Engineering, Maintenance, and operational roles at Unilever and Sony Music. Fourteen years of working with Microsoft Dynamics BC/NAV follows successful projects in ERP, Computerized Maintenance Management Systems (EAM), and quality systems.
His passion for technology is matched by his love for sailing, which inspires his leadership. Andrew parallels the precision of navigating the seas and the challenges of steering a successful company. Under his leadership, Liberty Grove Software thrives, offering tailored solutions to empower clients and optimize operations with innovative Microsoft-based systems.
