As a provider of Cloud ERP Software, Acumatica is acutely aware of the concerns customers have when it comes to using an external provider for hosting and data storage. In fact, because Acumatica was built from the ground up to exist in a hosted environment in the cloud, the solution was architected from the beginning with security in mind.
Any browser-based application must use strong data encryption techniques to ensure the safety of all data between the client browser and the server-based data store. It is the most fundamental step, and so it naturally beomes the first step to validate. Ensuring that at least 2048-bit SSL encryption is used in any session based browser application is critical.
But there are other issues to consider when thinking about data security and data privacy, many of which simply come down to best practices in data handling. This is especially true when looking at the weakest link in any information exchange involving human interaction: people.
Many of the most common breaches of data privacy and security come down to insufficient understanding by the people handling the data. Information systems security and techniques such as encryption can partially mitigate this factor, but every organization has a responsibility to train its people on the effective handling of private and sensitive data.
In fact, the majority of data privacy breaches come about as a result of insufficient consideration around to transmitting information over the internet.
The most secure systems cannot prevent careless actions on the part of a team. The answer to this necessary gap is a combination of training, regular audits, and constant reminders of the importance of protecting your data and your customers’ privacy through simple best practices: secure document shredding, clean desk policies, the implementation of screen savers with short time-outs, and password entry requirements upon resuming activity.
Of course, specific requirements and the sensitivity of the data being handled will dictate the level of security controls. Some may even go as far as utilizing thin client devices with no local data processing or storage capability, disabling USB ports and storage devices on PC’s, and so forth.
One example is the Dell Wyse CloudConnect thin client device, a USB-connected, dongle-sized device that plugs directly into any HDMI-compatible equipment and allows for remote management and locking, and even remotely disabling of the connected device in the event of fraudulent or unauthorized use. Even its built-in storage lot can be disabled, which prevents data from being copied to the device.
This is just one example of the variety of tools and processes available to help manage the security and accessibility of your data.
