SCS Cloud

NetSuite Security: 8 Ways NetSuite Protects Data | SCS Cloud

Written by SCS Cloud | Jul 25, 2018

     One of the beauties of NetSuite is its ability to scale with any size organization, along with adding features (applications) that integrate seamlessly for a single, cloud-based computing solution. Plus, NetSuite security is taken seriously. 

     NetSuite's virtually endless capabilities mean virtually endless data. It houses everything  including customer contact information, sales data, inventory numbers, and even internal processes such as company finances and HR documents. With all that data, it's normal to wonder about NetSuite security and whether or not everything is actually safe. 

     NetSuite encourages custom development and has made its code open source since its inception. For some, that raises security concerns about applications developed outside of NetSuite’s offices.

     Fortunately, securely using NetSuite, in conjunction with nearly limitless applications is super simple and totally secure. Here are the top ways NetSuite's security works. 

NetSuite Security: Application-Based Features

     In the days of software stored on each device, one still had to have administrative privileges to download new software or executable files to the computer. Now that software can be cloud-based and it's more secure than ever, but it still utilizes some familiar security features. 

     Here are the top ways NetSuite's security keeps everything secure. 

1. Role-Based Access Control (RBAC)

     One of the best NetSuite security features is role-based access control (RBAC). RBAC control means you can grant certain users specific permissions to add applications or access certain data. This ensures each NetSuite user is only accessing data directly related to their job and keeps them from installing an unverified third-party connector. 

2. Idle Disconnect

     If NetSuite is inactive for a certain period of time, it automatically locks to prevent unauthorized access from a user login or device. This means if an employee leaves NetSuite up on their computer and walks away for a few hours, it won't stay open and provide the opportunity for an unauthorized user to access NetSuite on their device. 

3. IP Address Restrictions 

     IP address restriction provides even further user-level safety, allowing you to prevent logins from any unauthorized location (such as Iran or China). It's easy to configure so only certain computers or locations can use NetSuite. 

4. 256-Bit Encryption

     NetSuite comes with 256-bit encryption — which is the same level of encryption online banks use! — for every activity from logging in to accessing data. This means all of the data passed through NetSuite is as secure as an online bank transaction. 

5. Secure Password Standards

     A huge advantage of using either a NetSuite-approved SuiteApp or custom development by a NetSuite official provider is the security of a single NetSuite login. NetSuite passwords meet or exceed industry best practices for password security, including:

  • Minimum password lengths
  • Required password complexity, including a combination of numbers, letters, and special characters
  • Time-based password expirations
  • Password variance requirements, so users don't repeat prior passwords
  • Automatic lockout after unsuccessful login attempts

     Additionally, NetSuite can be configured to support multi-factor authentication (such as a physical token), and users can be educated about password security, to prevent the unauthorized divulgence of passwords and/or repetition of passwords (setting internal unique password policies).

6. Contained Access Levels & Activity Tracing

     NetSuite's security features include contained access levels, so users can only access the application, not the underlying database.

     NetSuite also has a built-in audit trail, which has many internal uses, including the ability to trace any unauthorized, unplanned, or suspicious-looking activity anywhere within your NetSuite suite of applications.

7. Automatic NetSuite Software Updates 

     As a cloud-based software application, NetSuite also automatically updates. Failure to update software has led to some of the biggest security breaches of all time.

     One can learn from the mistakes of others. For example, the Equifax data breach of 2017, which resulted in compromised personal information for 143 million people, was caused by the exploit of a bug in an Apache Struts web-application software, which had been patched months prior to the breach!

     In 2013, a data breach at Target Stores, Inc resulted in compromised debit and credit card information for more than 40 million people — a breach reportedly caused by the remote access of an HVAC vendor!

     Since NetSuite automatically updates, and vendor portals can be strictly controlled through user-specific profiles, NetSuite's security features address these exact types of security concerns.

8. Authorized NetSuite Applications 

     One huge potential for a security breach is third-party applications. Virtually anyone can customize or develop an application for NetSuite, and not all of them are created equal when it comes to security. Throughout the NetSuite integration process, or even through daily use, you might be tempted to install just about any third-party application, but it's important to think twice before doing so. 

     In addition to the security of NetSuite itself, NetSuite maintains a list of authorized applications. 

     Make sure you're using only authorized NetSuite applications, which you can find on SuiteApp. These applications go through a thorough vetting process, so businesses can rest assured anything on SuiteApps will securely integrate with NetSuite.  

NetSuite Security Best Practices 

     While NetSuite comes with the built-in security features mentioned above, the largest vulnerability will always be the people using it. NetSuite's standard security can only do so much — it's still necessary to properly train all NetSuite users on cybersecurity. Here are a few quick ways to make sure each user is operating NetSuite as safely as possible: 

  • Employee Training - properly train all employees on cybersecurity threats such as phishing and other types of cybercrime. Also, make sure they understand the basics of NetSuite and can easily navigate the software. 
  • Only integrate approved third-party apps - With endless NetSuite integrations out there, it's a little too easy for just about anyone to connect a vulnerable third-party app. Make sure you only download approved third-party apps from SuiteApp or use a trusted developer (ideally from an official NetSuite Solution Provider) to customize one. 
  • Utilize Role-Based Access Control - take advantage of NetSuite's RBAC, which restricts user permission so they can only access what they need to. 

How Secure is NetSuite? 

     NetSuite is very secure software. In addition to 256-bit encryption, high-level password requirements, and role-based access control, NetSuite meets many high-level security standards including: 

  • SOC 1 Type II - this is an audit report prepared by third-party auditors to show customers what NetSuite's internal controls and security are when it comes to financial reporting. 
  • SOC 2 Type II - Also prepared by third-party auditors, this report covers the design and operating effectiveness of NetSuite in relation to user security, availability, confidentiality, and privacy. In simple terms, it tells you how NetSuite protects customer data. 
  • PCI DSS - NetSuite provides 3D credit card authentication. This feature is optional, but it offers a high level of protection against credit card fraud. If you choose to use this service, customers will need to create passwords for their credit cards. 
  • ISO 27001 - this is an internationally-recognized standard with a list of security standards required to build a strong information security management system (ISMS). NetSuite meets the requirements necessary to be ISO 27001 certified, meaning the software is highly qualified to securely maintain customer information. 

SCS Cloud: Your NetSuite Certified Team

     At SCS Cloud we value our client’s data security. That’s one of the reasons we utilize NetSuite’s cutting-edge cloud-computing solutions. Our team of NetSuite experts is highly-qualified to handle everything from NetSuite consulting to NetSuite Implementation and even custom NetSuite development

     Contact us today for a free consultation!