I wonder if there will be a bigger outrage if companies like Salesforce and Oracle are involved. Non-US companies might be a tad alarmed if their ERP provider is cooperating with PRISM.
Since Microsoft is explicitly mentioned I wonder if the access includes their SMB-ERP stuff.
From the reports I would be surprised if non-hosted ERP stuff was ever easily targeted. Hosted stuff is a bit of a different story.
ideally if you are paranoid, you should run things in-house and firewalled. If you are less so, I will point out I help run a British-registered hosting company for an open source ERP (the company can be found at http://www.efficito.com).
Everyone wants to talk about how the cloud will change ERP and while I am involved in a startup that is operating in this space, I have to say that it is extremely important for users to know that they give up a lot of control over security when they make that choice. We do our best but we cannot compare to a well-run internal installation.
But those companies are both American, aren't they? Regardless, I feel like the ceiling for outrage and/or concern has reached its ceiling, at least among foreign governments who can at least do a semblance of something about it, since it's way more important which companies are used the most than the nations from which the companies in question originate, and the NSA has the data of all the most popular internet companies in the world.
Since Microsoft is explicitly mentioned I wonder if the access includes their SMB-ERP stuff.