NetSuite Integrations: Custom Built vs. Out-Of-The-Box Solutions
You’ve implemented NetSuite to gain all the benefits of a cloud-based ERP platform—and there are many. But what if you need additional functionality?...
Today’s cloud-based enterprise solutions are designed to support any company, regardless of their size. What makes this possible is elastic multi-tenant architecture allowing companies to use infrastructure and cloud services based on their size and needs. Companies can thus grow their business with the confidence that they can tap into bigger share of the infrastructure without having to worry about investments in hardware, software, security, backups, disaster recovery or other related expenses.
One of the major concerns regarding cloud-based solutions revolves around security. It’s natural to think that if you have your data and equipment in your possession, then it’s less likely to be compromised. However, recent studies and surveys show that cloud-based enterprise solutions today are far more secure then on-premise systems.
For NetSuite, a leading cloud-based enterprise solution provider, world-class security is essential to maintaining consumer trust and market leadership. NetSuite takes advantage of their multi-tenant architecture to roll-out patches and security updates across their whole customer base, making sure each customer has most upto date security updates. Additionally, because of advances in virtualization and hardware, it’s nearly impossible to penetrate different security layers and hardware abstraction levels to get to physical servers in a cloud infrastructure.
The reality is that businesses are far more vulnerable to internal threats and employee-related security breaches than security lapses and compromises in cloud environment. Relaxed security policies can compromise any system regardless of whether it’s located on-premise or in the cloud.
NetSuite understands security challenges very well and addresses key security issues on four different levels, earning the highest industry standards and peer recognized certifications. NetSuite has met a host of audit and security standards including SSAE 16 (SOC 1), PCI-DSS and US-EU Safe Harbor framework. In addition, NetSuite has modeled its security and risk management processes according to National Institute of Standards and Technology (NIST) and ISO 27000 series of standards. So consumers can rest assured that their data is secure in the NetSuite Cloud.
NetSuite addresses security under four major categories:
Physical Network Security
Datacenter Security
Database Security
Application Security
Figure 1: NetSuite Cloud Security Levels
NetSuite monitors their network proactively round the clock through the usage of intrusion detection systems.
As part of this effort, they perform third party scans and penetration tests which has enabled us to earn some of the industry’s highest certifications of network security such as the International Information Systems Security Certification Consortium’s certification.
Highlights:
Continuous Security Monitoring through numerous intrusion detection systems (IDS)
Third party scans and penetration tests
100% International Information Systems Security Certification Consortium (ISC2) CISSP-certified
US Bureau of Industry and Security, Department of Commerce Export Encryption Compliant
NetSuite Cloud data center is located in a 24 hour armed guarded facility. In addition, there are 24 hour surveillance cameras to monitor personal activities, and access points. There is also a process to ensure all entry and exit procedures are followed correctly all the time.
Furthermore, NetSuite guarantees a Managed Physical Access to the data center. In this regard, they use biometric identification system in addition to the latest in Photo ID proximity access cards. NetSuite also employs Single-person portals and T-DAR man traps to prevent tailgating and piggy-backing. All the perimeter doors are alarmed and monitored. All exterior entry doors/windows constructed of UL rated ballistic protection materials.
Finally, NetSuite follows the Principal of least authority (POLA) to give employees only those privileges that are necessary to perform their duties when it comes to segregation of duties and enforcement of privileges.
Highlights:
On-premise security guard monitor all alarms, personal activities, access points,
and shipping/receiving
Ensure all entry and exit procedures are followed correctly
Photo ID proximity access cards and biometric identification system
Single-person portals and T-DAR man traps prevent tailgating
All perimeter doors are alarmed and monitored. All exterior entry doors/windows
constructed of UL rated ballistic protection materials
Principal of least authority (POLA) is followed giving employees only those privileges
that are necessary to perform their duties
No user ever gets direct access to NetSuite database. In fact there are three layers that separate data from the NetSuite application and the NS application is the only way a user with the appropriate privileges can access the data they are allowed to. NetSuite also employs the use of virtualized views for development, operations, etc. and when it comes to transferring sensitive data such as credit card numbers for example, NetSuite employs “One Way Hash” encryption.
Highlights:
No direct access to database
3 layers separate data from the NetSuite application
Virtualized views for development, operations, etc.
One way hash encryption for sensitive data such as CC
NetSuite enforces this through a variety of techniques – first by controlling access to the application via strict roles and privileges, auditing activities of users, providing your administrators the ability to ensure that your users access your NetSuite instance from IP addresses you recognize. In addition, NetSuite provides strong 128-bit encryption for all data as it enters or leaves the NetSuite application.
Finally, NetSuite also provides you with the ability to enforce a two-factor authentication system should you want to add further security to your user login sequence.
Highlights:
Role-Level Access and Idle Disconnect
Full Audit Logging
Availability for Searching and Reporting
Strong 128-Bit Encryption
Application-Only Access
IP Address Restrictions
Strong Password Policies
Two-factor Authentication
We hope this article was helpful in answering your concerns around cloud security. If you have any questions or would like some advice on cloud-based enterprise solutions and NetSuite, don’t hesitate to contact us.
Hussain Zaidi, is a Chief Technology Officer at Business Solution Partners. He advises clients on technology, solution design and process optimizations. He also manages business development, marketing & sales. Hussain has extensive experience in ERP, CRM, Retail, E-Commerce, Payment Processing, SEO and online marketing. He focuses on cloud based business solutions including NetSuite, Adaptive Insights, and Microsoft Dynamics CRM Online.
You’ve implemented NetSuite to gain all the benefits of a cloud-based ERP platform—and there are many. But what if you need additional functionality?...
NetSuite recently introduced a new Learning Cloud Support Pass (LCS) option aimed at allowing all employees at an organization to take advantage of...
Services firms are not that different than product based firms. The primary difference is that the product they sell is time. While this product is...