The value of organisational data - sensitive customer information, intellectual property, financial records, and operational insights – and the insights they bring is immense. Yet, the very same qualities that make data so invaluable also make it enticing to cybercriminals seeking unauthorised access, exploitation or ransom. To get their hands on these rich rewards, they’ve become highly skilled at exploiting vulnerabilities, devising ever intricate and sophisticated approaches to penetrate even the most fortified of defences. And the consequences of a data breach? They are severe and only getting worse every year.
When it comes to selecting new technology, the ability to safeguard sensitive information is a key concern for C-suite executives. Given that cloud ERPs house plenty of sensitive information, their security credentials should be well examined before committing to a vendor. NetSuite, as a leading cloud ERP platform, places a strong emphasis on data security and privacy to address these concerns, and in this article, we lay out the key data protection and privacy capabilities and how they provide a multi-layered approach to safeguarding sensitive information.
Product security
NetSuite offers a host of advanced functionality to help customers manage and control their data privacy settings and protect their data from inside and outside threats. This includes strong encryption, role-based access controls, robust password policies and more. NetSuite empowers organisations with tools to manage and control their data privacy settings.
Data encryption
NetSuite employs industry standard protocol and cipher suite encryption mechanisms to protect your data at rest and in transit. This means that even if unauthorised access occurs, the encrypted data remains unintelligible and unusable without the right decryption key. Unauthorised users will have extreme difficulties intercepting sensitive information.
Role-based access control
NetSuite enforces fine-grained access controls based on the Principle of Least Authority (POLA), which states that employees are only given the privileges necessary to do their jobs.
Administrators can define roles and allocate permissions to users according to their job responsibilities. This role-based access control system guarantees that users are granted access solely to the data and features essential for their respective roles, mitigating the potential for unauthorised access.
User authentication
NetSuite supports multi-factor authentication (MFA) by requiring users to provide multiple forms of identification before accessing the system. Again, this is a feature that adds an extra layer of security, ensuring that only authorised individuals can access critical information.
IP restrictions
For further user-level safety, administrators can define IP address restrictions to prevent logins from any unauthorised geographic locations.
Idle disconnect
To prevent unauthorised access due to user inactivity or an unattended device, NetSuite automatically locks after a defined period. So, if an employee leaves NetSuite running on their computer and steps away for an extended period, it won't remain open, reducing the risk of unauthorised access on their device.
Password policies
Password attacks - when a hacker attempts to steal a password - rank among the most prevalent data breach methods. NetSuite offers granular password configuration options such as password length and expiration policies. Users can set up strict rules to ensure that new passwords differ from prior passwords and that they are complex enough to include a combination of numbers, letters and special characters. The system also enforces account lockouts after repeated unsuccessful login attempts.
State-of-the-art data centres
NetSuite's data centres are equipped with advanced security measures, including firewalls, intrusion detection systems, and multi-layered authentication protocols. This ensures that your organisation's data remains shielded from external threats.
Data recovery and threat investigation
Despite best efforts, breaches can still happen. In these circumstances, NetSuite offers several features to aid in the investigation and recovery processes.
Audit trails
Should suspicious or unauthorised activities occur, NetSuite keeps a comprehensive audit trail that meticulously logs all actions associated with data access, alterations, and removal to aid in the investigation process.
Data backup and recovery
In the event of unforeseen incidents, such as data loss or system failures, NetSuite offers secure data backup and recovery solutions. This ensures that organisational data is retrievable and intact, minimising downtime and business disruption.
Operational security
Continuous monitoring for threats
For continuous monitoring and real-time threat detection, NetSuite employs network and server-based Intrusion Detection Systems (IDS) to identify malicious traffic attempting to access its servers and networks. From there, alerts and logs are sent to a Security Information and Event Management (SIEM) system for monitoring and response actions by a dedicated security team. This means suspicious activities are promptly identified and addressed, minimising the risk of data breaches and unauthorised access.
Regular security updates
Many of the biggest security breaches stem from failing to upgrade software. The NetSuite platform is consistently updated to address emerging security vulnerabilities. These updates are often automatic, reducing the window of opportunity for potential cyberattacks.
Compliance and data governance
NetSuite's commitment to maintaining the highest standards of data protection and privacy is demonstrated via compliant with various industry standards and regulations, including:
- SOC 1 Type II: Third-party auditors assess NetSuite's internal controls and security for financial reporting.
- SOC 2 Type II: Third-party auditors evaluate NetSuite's design and effectiveness in securing user data, including security, availability, confidentiality, and privacy.
- PCI DSS: NetSuite offers optional 3D credit card authentication for high-level protection against credit card fraud, requiring customer password creation.
- ISO 27001: NetSuite is ISO 27001 certified, meeting international security standards for a robust information security management system, ensuring secure customer data handling.
For cross-border organisations, NetSuite's global efforts are complemented by local compliance adherence to ensure data privacy laws and regulations specific to different regions are respected and upheld.
Data is the lifeblood of organisations but it’s also a prime and profitable target for malicious actors. NetSuite's unwavering commitment to data protection and privacy offers C-suite executives the assurance that their organisation's critical information is in safe hands. This makes embracing NetSuite more than just a strategic decision for business growth, it's a responsible choice that places data security at the forefront of your organisation's priorities.
Dive deeper into NetSuite’s security capabilities with a data sheet covering NetSuite Data Centres.
Experts in Cloud ERP
As leading NetSuite providers in ANZ, Annexa are experts in business systems and integrations. To chat about your own business requirements, please reach out to sales@annexa.com.au
Annexa is a leading NetSuite partner with extensive experience designing and implementing comprehensive and customised business systems, including payroll solutions, financial management, warehouse management and ecommerce solutions.
