ERP security had traditionally focused on vulnerability testing for ERP applications, whether hosted on-premise or in the cloud. Given the sensitive nature of ERP transactions, frequently checking applications, databases, and servers for vulnerabilities through routine assessments had long been considered best practice