By Michelle Starkey
October is National Cybersecurity Awareness Month, which means it’s the perfect time to pause and think about how you can protect your business from hacks, breaches, theft and other cyberattacks. With cybersecurity a top concern for many technology users and companies, we’re devoting today’s post to exploring cybersecurity through the lens of the Sage Intacct platform.
In last month’s blog post, which took a deep dive into Sage Intacct’s “Buy with Confidence Guarantee,” we reviewed some of the promises the company makes — and keeps — as part of its service level agreement (SLA), including its focus on delivering unmatched uptime, communication and support to its clients. In the spirit of staying cyber safe, today’s article will give you a first-hand look at the security practices and protections Sage Intacct puts in place on the back end of its platform.
Before we dive in, it’s important to note that back-end security measures don’t replace the power of a well-educated and highly aware user base. To learn more about how your employees can stay cyber safe at an individual level, please sign up for our “30 Tips in 30 Days” cybersecurity series.
What Protections Are in Place?
Everything about the software-as-a-service (SaaS) model is based on trust. Without lifetime software licenses, companies like Sage Intacct understand they need to provide their customers with the same experience every single month, knowing that one slip-up could spell disaster for future business. With your company’s highly confidential business information on the line, Sage Intacct takes security seriously, taking proactive steps to protect every customer’s data. So how does Sage Intacct do it?
Application Security: Protecting Your Information From Outside Attacks
Sage Intacct is designed to provide the right information to the right users at the right time — and that includes keeping sensitive information out of the wrong hands as well. With the sheer amount of high-profile breaches that have stolen headlines over the past two years, it’s important to entrust your data to a vendor that has a strong history of application security.
Since 1998, Sage Intacct has worked to provide its customers with the highest levels of application security so that no unauthorized user finds their way into your company’s books. By leveraging the security features built into the Sage Intacct application, you can prevent outside attacks and help ensure the right people get the appropriate level of access to your Sage Intacct solution. Some of the platform’s key security features include:
- User Access Limitations: Not everyone in your organization needs administrator status. Sage Intacct is designed to allow different levels of access for different employees, which ensures they only see the information they’re supposed to.
- Multifactor Authentication: Every technology solution should require two-factor authentication at a minimum. Sage Intacct gives you the option of requiring two-step user verification every time one of your employees signs on through an unrecognized device.
- Password Changes: Sage Intacct enforces mandatory password changes and automatic session timeouts to allow for an additional layer of privacy and ensure your users’ passwords won’t get stale.
- IP Ranges: Sage Intacct protects your data by allowing administrators to limit what IP addresses are allowed into the software. This means that even if a password falls into the wrong hands, the wrong people won’t be able to log in to your system.
When it comes to security, your top priority is to ensure that sensitive data stays with the appropriate people. But Sage Intacct takes protection a step further by extending security to even the most granular data, safeguarding it from both cyber thieves and disaster. Built on the highly reliable Oracle database infrastructure, Sage Intacct is designed to ensure that you can access information at any time of the day, every day of the year. The software’s data-security measures include:
- Full, daily backups to multiple locations.
- Continuous backups of transaction data.
- Secure streaming of transaction data to a remote disaster recovery center.
Sage Intacct is designed to prevent unauthorized programs, systems and users from gaining access to or control of system processes, resources and data. The company is diligent about remaining compliant with regulatory requirements, industry standards and necessary audits, maintaining the highest levels of system and location security.
Audits and Certifications
To provide truly enterprise-ready software, vendors must complete multiple audits each year to prove they can protect your data. Sage Intacct has been in the business of handling financial data, easing transactions and simplifying accounting for companies of all sizes for nearly two decades, and understands how serious data protection is — especially in the wake of breaches. The company holds the following certifications:
- SSAE 18 SOC 1 Type 2: This audit is designed to prove that internal controls are in place and that customers can trust there are monitoring activities and evidence regarding the design and operational effectiveness of those controls. As a service provider that relies on its customers’ trust, Sage Intacct takes its SOC 1 reports seriously, receiving twice-annual SSAE 18 SOC 1 Type 2 audits. For more information on SOC 1, visit Wipfli’s SOC Examinations page.
- SOC 2 Type 2 Compliance: The American Institute of CPAs (AICPA) has established wide-ranging criteria for handling customer data grounded on five “trust service principles,” including security, availability, processing integrity, confidentiality and privacy. By receiving SOC 2 Type 2 certification, Sage Intacct has proven that our customers’ information security measures are aligned with the unique parameters of today’s cloud requirements.
- PCI DSS Level 1 Certification: The Payment Card Industry Data Security Standard (PCI DSS) is a set of security guidelines designed to ensure all companies that accept, process, store or transmit credit card information maintain a secure environment. A requirement for any company handling credit card information and cardholder data, Level 1 is the highest compliance level a provider can achieve.
- Privacy Shield Certification: In addition to SSAE 18 (SOC 1 Type 2) and PCI DSS certifications, Sage Intacct was also certified by Privacy Shield, a U.S.-E.U. and U.S.-Switzerland agreement administered by the United States Department of Commerce. This certification is built around the global requirements for companies, based on six core benefits (view the full text here).
In addition to taking steps to secure your data, Sage Intacct provides location-level security and adjusts its parameters to an evolving set of threats. These steps include:
- Tightly restricting access to production data, including biometric access controls.
- Hardening networks and firewalls.
- Tracking real-time activity logs.
- Automating security scanning and third-party white hat penetration testing.
- Reinforcing virus resistance through software architecture.
- Securing the Oracle database with advanced security.
- Employing a minimum 128-bit encryption for all data transmission.
Integration Protection Across the Sage Intacct Marketplace
As a best-of-breed software solution, Sage Intacct is built to integrate with other applications using application programming interfaces (APIs). However, companies must vet integrations extensively to prevent a rogue application from accessing too much of its data. Luckily, Sage Intacct has developed its own “marketplace” to help customers find products that work well with its solution.
Sage Intacct and Wipfli: Trusted Delivery From a Leader in the Accounting World
Finding a secure technology solution is only half the battle; you need a trusted partner to get you there. At Wipfli, we’ve been in the accounting business for nearly a century, and have continued to expand our technology solutions by hiring and acquiring team members with deep knowledge and a passion for serving our clients.
And beyond their technology needs, we also help our clients protect their businesses and customers from cybersecurity threats. Want to learn more about how you can stay cybersafe? Don’t forget to subscribe to our 30 Tips in 30 Days series. You can also read more about our work with Sage Intacct here or contact our team to discuss further.