Application security starts with strong encryption, role-based access, and robust password policies. NetSuite adds layers of additional protection, including multi-factor authentication, IP-address-based restrictions, and an application-only option that limits access to the underlying database. In addition, NetSuite assists with compliance, via certifications, tools and advisory services that empower you to support the controls that are appropriate for your industry and geography. NetSuite application and operational security blocks unauthorized network and service connections while allowing customers convenient access to NetSuite from anywhere, with complete confidence. NetSuite’s round-the-clock monitoring and dedicated and tenured security team backed by advanced tools, controls and policies ensures the strongest operational data center security.
NetSuite Application and Operational Security Features:
- Encryption: Transmission of user credentials, as well as all data exchanged, are encrypted with an industry-standard protocol and cipher suite. NetSuite supports custom attribute encryption and provides encryption APIs. NetSuite uses token-based application authentication and multi-factor end-user authentication.
- Role-Level Access: End users can be assigned roles with specific permissions and restrictions to see only the data, and use only the features, required for their jobs. NetSuite provides a complete audit trail, tracking transactions by user login details and applying a timestamp to each change.
- Multi-Factor Authentication (MFA): MFA is another layer of securing user access to your NetSuite account. In addition to a username and password, a role can be configured with an additional layer of protection where users provide a verification code. The verification code can be obtained from an authenticator app.
- Password Policies: Customers have granular password configuration options, ranging from the length of the passwords to the password expiration policy. They can set up strict rules to ensure that new passwords vary from prior passwords and that passwords are complex enough to include a combination of numbers, letters and special characters.
- Continuous Monitoring: NetSuite employs both network- and server-based Intrusion Detection Systems to identify malicious traffic attempting to access its systems. Security alerts and logs are sent to a security information and event management system for monitoring, and response actions, when required, are executed by an experienced, in-house security team.
- Separation of Duties: In addition to mandatory employee background checks at all levels of the organization, Oracle NetSuite follows the principle of least authority that is the employees are given only those privileges necessary to do their jobs.
- Dedicated Security Team: Oracle NetSuite employs a global security team dedicated to enforcing security policies, monitoring alerts and investigating any anomalous system behavior, including unauthorized connection attempts and malicious software. Near-real-time monitoring is in place with a 24×7 worldwide incident response capability. All access to production systems is approved and regularly reviewed by the security team.
- Performance Audits: Periodic audits ensure that personnel performance, procedural compliance, equipment serviceability, updated authorization records and key inventory rounds meet or exceed industry standards.
- Privacy Certifications: Oracle NetSuite performs reviews and annual audits, conducts privacy risk management and oversees remediations, oversees privacy by design in technology and processes has a third-party vendor management program to ensure that the suppliers adhere to the privacy regulations, and is committed to maintaining and improving its privacy information management and data protection programs.