One of the beauties of NetSuite is its ability to scale with any size organization, along with adding features (applications) that integrate seamlessly for a single, cloud-based computing solution.
NetSuite encourages development and has made its code open source since its inception. For some, that raises security concerns about applications developed outside of NetSuite’s offices.
Fortunately, securely using NetSuite, in conjunction with nearly limitless applications is super simple and totally secure.
Here’s a quick guide for application security in Oracle + NetSuite.
Application Control Features
In the days of software stored on each device, one still had to have administrative privileges to download new software or executable files to the computer. Now that software can be cloud-based, it is more secure than ever, yet still utilizes some of the security features (such as administrative logins) that will feel familiar from the past.
Some of the software industry best practices for security, utilized by NetSuite include:
- Granting only certain users permission to add applications, with easily controlled user profile management.
- Location-based IP address restrictions (preventing logins from, say, Iran, or another unauthorized IP address location). Easy configuration also can allow for only specific IP addresses to login.
- Auto-locking for inactive applications, helping to prevent unauthorized access from a user login/device
- A 256-bit TLS encryption (provided by NetSuite) from user login to all subsequent data, which is the same level of encryption utilized by online banking.
- Contained access levels, so that users can only access the application, not the underlying database.
NetSuite also has a built-in audit trail, which has many internal uses, including the ability to trace any unauthorized, unplanned, or suspicious-looking activity, anywhere within your NetSuite suite of applications.
Keeping Things Official
In addition to the security of NetSuite itself, NetSuite maintains a list of authorized applications.
While virtually anyone can attempt to customize or develop an application for Oracle + NetSuite purposes, the SuiteApps list includes a vetting process. Businesses can rest assured that the SuiteApps maintained on the list securely integrate with NetSuite.
Another advantage of using either a NetSuite approved SuiteApp or custom development by a NetSuite official provider is the security of a single NetSuite login. NetSuite passwords meet or exceed industry best practices for password security, including:
- Minimum password lengths,
- Required password complexity, including a combination of numbers, letters and special characters,
- Time-based password expirations,
- Password variance requirements, so that users do not repeat prior passwords,
- Automatic lockout after unsuccessful login attempts.
Additionally, NetSuite can be configured to support multi-factor authentication (such as a physical token), and users can be educated about password security, to prevent the unauthorized divulgence of passwords and/or repetition of passwords (setting internal unique password policies).
Updates, Access and Other Important Measures
As a cloud-based software application, NetSuite also automatically updates. Failure to update software has led to some of the biggest security breaches of all time.
One can learn from the mistakes of others. For example, the Equifax data breach of 2017, which resulted in compromised personal information for 143 million people, was caused by the exploit of a bug in an Apache Struts web-application software, which had been patched months prior to the breach!
In 2013, a data breach at Target Stores, Inc resulted in compromised debit and credit card information for more than 40 million people -- a breach reportedly caused by the remote access of an HVAC vendor!
Since NetSuite automatically updates, and vendor portals can be strictly controlled through user-specific profiles, NetSuite has features which address these exact types of security concerns.
At SCS Cloud we value our client’s data security. That’s one of the reasons we utilize Oracle + NetSuite’s cutting-edge cloud-computing solutions.
Contact us to find out more.