Security in NetSuite Cloud

Today’s cloud-based enterprise solutions are designed to support any company, regardless of their size. What makes this possible is elastic multi-tenant architecture allowing companies to use infrastructure and cloud services based on their size and needs. Companies can thus grow their business with the confidence that they can tap into bigger share of the infrastructure without having to worry about investments in hardware, software, security, backups, disaster recovery or other related expenses.

One of the major concerns regarding cloud-based solutions revolves around security. It’s natural to think that if you have your data and equipment in your possession, then it’s less likely to be compromised. However, recent studies and surveys show that cloud-based enterprise solutions today are far more secure then on-premise systems.

For NetSuite, a leading cloud-based enterprise solution provider, world-class security is essential to maintaining consumer trust and market leadership. NetSuite takes advantage of their multi-tenant architecture to roll-out patches and security updates across their whole customer base, making sure each customer has most upto date security updates. Additionally, because of advances in virtualization and hardware, it’s nearly impossible to penetrate different security layers and hardware abstraction levels to get to physical servers in a cloud infrastructure.

The reality is that businesses are far more vulnerable to internal threats and employee-related security breaches than security lapses and compromises in cloud environment. Relaxed security policies can compromise any system regardless of whether it’s located on-premise or in the cloud.

NetSuite Cloud Security Levels

NetSuite understands security challenges very well and addresses key security issues on four different levels, earning the highest industry standards and peer recognized certifications. NetSuite has met a host of audit and security standards including SSAE 16 (SOC 1), PCI-DSS and US-EU Safe Harbor framework. In addition, NetSuite has modeled its security and risk management processes according to National Institute of Standards and Technology (NIST) and ISO 27000 series of standards. So consumers can rest assured that their data is secure in the NetSuite Cloud.       

NetSuite addresses security under four major categories:

• Physical Network Security

• Datacenter Security

• Database Security

• Application Security

Figure 1: NetSuite Cloud Security Levels

Physical Network Security

NetSuite monitors their network proactively round the clock through the usage of intrusion detection systems.

As part of this effort, they perform third party scans and penetration tests which has enabled us to earn some of the industry’s highest certifications of network security such as the International Information Systems Security Certification Consortium’s certification.

Highlights:

• Continuous Security Monitoring through numerous intrusion detection systems (IDS)

• Third party scans and penetration tests

• 100% International Information Systems Security Certification Consortium (ISC2) CISSP-certified

• US Bureau of Industry and Security, Department of Commerce Export Encryption Compliant

Data Center Security

NetSuite Cloud data center is located in a 24 hour armed guarded facility. In addition, there are 24 hour surveillance cameras to monitor personal activities, and access points. There is also a process to ensure all entry and exit procedures are followed correctly all the time.

Furthermore, NetSuite guarantees a Managed Physical Access to the data center. In this regard, they use biometric identification system in addition to the latest in Photo ID proximity access cards. NetSuite also employs Single-person portals and T-DAR man traps to prevent tailgating and piggy-backing. All the perimeter doors are alarmed and monitored. All exterior entry doors/windows constructed of UL rated ballistic protection materials.

Finally, NetSuite follows the Principal of least authority (POLA) to give employees only those privileges that are necessary to perform their duties when it comes to segregation of duties and enforcement of privileges.

Highlights:

• Fully Guarded Premises

  • On-premise security guard monitor all alarms, personal activities, access points,
    and shipping/receiving

  • Ensure all entry and exit procedures are followed correctly

• Managed Physical Access

  • Photo ID proximity access cards and biometric identification system

  • Single-person portals and T-DAR man traps prevent tailgating

  • All perimeter doors are alarmed and monitored. All exterior entry doors/windows
    constructed of UL rated ballistic protection materials

• Separation of Duties

  • Principal of least authority (POLA) is followed giving employees only those privileges
    that are necessary to perform their duties

Database Security

No user ever gets direct access to NetSuite database. In fact there are three layers that separate data from the NetSuite application and the NS application is the only way a user with the appropriate privileges can access the data they are allowed to. NetSuite also employs the use of virtualized views for development, operations, etc. and when it comes to transferring sensitive data such as credit card numbers for example, NetSuite employs “One Way Hash” encryption.

Highlights:

• No direct access to database

• 3 layers separate data from the NetSuite application

• Virtualized views for development, operations, etc.

• One way hash encryption for sensitive data such as CC

Application Security

NetSuite enforces this through a variety of techniques – first by controlling access to the application via strict roles and privileges, auditing activities of users, providing your administrators the ability to ensure that your users access your NetSuite instance from IP addresses you recognize. In addition, NetSuite provides strong 128-bit encryption for all data as it enters or leaves the NetSuite application.

Finally, NetSuite also provides you with the ability to enforce a two-factor authentication system should you want to add further security to your user login sequence.

Highlights:

• Role-Level Access and Idle Disconnect

• Full Audit Logging

• Availability for Searching and Reporting

• Strong 128-Bit Encryption

• Application-Only Access

• IP Address Restrictions

• Strong Password Policies

• Two-factor Authentication

We hope this article was helpful in answering your concerns around cloud security. If you have any questions or would like some advice on cloud-based enterprise solutions and NetSuite, don’t hesitate to contact us.

About the Author

Hussain Zaidi, is a Chief Technology Officer at Business Solution Partners. He advises clients on technology, solution design and process optimizations. He also manages business development, marketing & sales. Hussain has extensive experience in ERP, CRM, Retail, E-Commerce, Payment Processing, SEO and online marketing. He focuses on cloud based business solutions including NetSuite, Adaptive Insights, and Microsoft Dynamics CRM Online.

Follow Hussain Zaidi: