Due to the stringent security measures in Acumatica, your critical business data is safer in your Cloud ERP than it is on your personal computers or servers. This cybersecurity comes at significantly less expense than it would take to deploy similar measures in your own on-premises systems because it is included with your Acumatica Cloud ERP subscription.
Private Cloud Hosting for Acumatica Users
Even with all of the native security controls included already with a SaaS subscription, Acumatica still offers users the opportunity for private cloud hosting onsite or with a third-party provider, such as Secure Cloud Services. The benefit of this included a more personalized level of support along with closer oversight over your data - which may be required for certain regulatory compliance standards.
Private hosting for Acumatica Cloud ERP is not limited to enterprises, and many SMBs can enjoy the advantages of keeping the resources they need in-house while relying on a service partner for IT and cybersecurity management. You are able to keep all of the onsite hardware you already invested in while leveraging the benefits of a hybrid cloud, including being able to integrate your additional solutions like CRM and payroll software seamlessly.
Managed Security and Support Services for Acumatica Cloud ERP
Hosting your Acumatica instance in a private cloud with a provider allows that partner to also deliver more direct managed IT and security services than with a SaaS publisher. You can tailor your services to get the best of both worlds, with native security on the backend augmented by proactive cybersecurity monitoring carried out by your service provider. Working with a cloud MSP will also help you to manage the scalability of your hosted IT infrastructure, and overall personalize your ERP ecosystem to your unique pain points.
What Is Included with Security in Acumatica?
Security in Acumatica implements industry best practices as well as cutting-edge proactive protection technology, including AI-driven threat hunting protocols. To get an in-depth look at everything that Acumatica offers for security, please contact us for access to the Acumatica Information Security and Acumatica Security Advantages PDFs, or review our summary below:
- Data security
Acumatica physically secures your data from remote or in-person intrusion through multiple measures. Acumatica support staff remotely accessing your database must connect directly through the Acumatica office network or its VPN, which uses secure protocols TLS 1.2 or IPSEC. These controls provide a clear audit log for support activity. Of course, all Acumatica database access is controlled by your company; Acumatica cannot access your data without your permission.
In addition, Acumatica personnel must undergo a strict screening process and annual security training to ensure that everyone in the building meets security requirements. Anyone needing access to Acumatica’s physical servers must be cleared through access control mechanisms and, for extra security, CCTV monitors all activity in Acumatica facilities and areas where information assets reside.
- Security audit compliance
The Acumatica Cloud xRP platform, AWS, and Azure have all passed strict compliance and security audits, including GDPR protections, international best practices standards such as SSAE and ISO IEC 27001:2013, and SOC 1 Type II and SOC 2 Type II compliance audits.
SOC (Service Organization Controls) compliance audits review whether a service provider, such as Acumatica Cloud ERP, can maintain control of financial information. The SOC 1 Type II and SOC 2 Type II audits review risks, controls, security, confidentiality, and availability associated with outsourcing services.
Successful SOC 1 and SOC 2 audits have demonstrated that security in Acumatica meets compliance requirements for financial institutions and other organizations mandated to maintain end-to-end control over data and applications (contact us for access to these documents).
- External access protocols
Considering how easy it is to use Acumatica’s comprehensive mobility tools, you will be pleased to know that the Cloud ERP maintains strict security controls to external network connections and wireless networks. This includes full security controls for mobile device users and remote workers, as well as fully segmented networks within Acumatica that restrict access to information captured in specific security zones.
Third-party providers that work with Acumatica are required to undergo a security approval process and are consistently monitored for compliance with information security and service delivery requirements. Third parties must sign non-disclosure agreements, and all shared information must go through formal data exchange agreement processes.
In Acumatica Cloud ERP, you can build external applications into the product.
- Encryption controls
Data and media housed in Acumatica is tagged by sensitivity and all sensitive data and media processed or transmitted by Acumatica uses encryption to maintain integrity and confidentiality. This applies to data at rest and in transit. On sensitive fields, such as credit card numbers, social security numbers, names, and rates of pay, controls for security in Acumatica automatically encrypt the data, which protects your business in case a backup of yours is lost or stolen. You can designate any field in Acumatica to be encrypted.
In addition, all calculations, validations, and reports in Acumatica are processed on Acumatica’s servers, instead of on the user’s computer or in the web browser. This protects your business from intruders trying to learn how your system works, and it better protects your data.
- Password fortification
Security in Acumatica requires that each user holds their own unique login credentials and that their security permissions are limited to what their role allows. Your business can set requirements for password complexity and change frequency. You can also set up one-time passwords (OTPs) for better multifactor authentication (MFA). Role access is templated and fully customizable on your end.
The best way to implement MFA in Acumatica ERP is to take advantage of Acumatica’s single sign-on (SSO) capabilities. Currently, Acumatica ERP supports SSO with the following multifactor authentication providers:
Since Acumatica allows for unlimited users, none of this requires additional user licenses (like it would if you were using any other ERP).
- Frequent data backups
Backups are one of the most difficult things to manage as a small to midsized business owner. Digital backups can drive up costs for cloud storage, tape backups can become easily corrupted and can take days or weeks to restore from. Adding more complexity and cost, today’s fast-paced businesses require near-constant transaction backups because even restoring a day’s worth of transactions can cause significant business downtime. Many businesses turn to backup appliances like Datto to accomplish this, adding IT costs to strained budgets.
Acumatica backs up transactions every 15 minutes and performs full nightly backups including off-site replication for true data security. In addition, Acumatica executes monthly backup testing, ensures business continuity by replicating to multiple secure global locations, and permits you to create your own snapshots of your data for offline storage on your own equipment.
- Layered security
Security in Acumatica delivers enterprise-class antivirus, firewalls for customer data, and browser-based protection that supports Zero Trust security methodologies because ERP data is never stored in the browser or on the computer / device. Source code in Acumatica is fully protected too: only accessible by individuals with a legitimate business need for the data, with sensitive information fully removed during testing processes.
To secure remote work for teams working from home or travelling across the globe, Acumatica provides the multifactor authentication methods we mentioned above, plus the ability to limit user access based on physical location or IP address to stop phishing attacks.
- Patching and updates
Acumatica has an entire team dedicated to applying patches and updates nearly instantly to their solutions. The Acumatica Cloud xRP platform is based on AWS and Microsoft Azure, which also have entire teams dedicated to rapidly patching and updating their systems.
This level of security is known as “full stack” security because it covers everything from your data to the virtual machines housing that data and the cloud infrastructure and hardware housing the virtual machines. Maintaining this level of compliance and security is extremely difficult with on-premises solutions because multiple updates and patches must be applied frequently to different equipment and software programs. Without Acumatica, IT experts can feel like they are constantly “putting out fires.”
- Active “threat hunting” protocols
Security in Acumatica includes fully featured intrusion detection systems that use AI to actively monitor the Acumatica platform and related environments for suspicious or malicious criminal activity. Modern cybercriminals use a wide range of tactics to gain access to their victims’ systems and these cutting-edge tactics can often go undetected by traditional antivirus or endpoint detection (EDR) security solutions.
Though these threats frequently impact small to midsized business owners, companies of this size rarely have the IT budget and resources to combat this activity with high-tech security options like Managed Detection and Response. The fact that Acumatica takes care of this level of security for your Acumatica ERP is an incredible security boost and cost saver.
Legacy On-Premises ERP Software Hit with Ransomware
Why does security in Acumatica focus on so many layers of protocols? Because they understand that organizations do not have to be large or in a sensitive industry to become the target of ransomware or another form of cyberattack.
In fact, the US government issued a Terrorism Advisory bulletin in May 2021 stating that all “business owners should consider the safety and security of customers, employees, facilities, infrastructure, and cyber networks.” Acumatica’s serious approach to security helps make comprehensive safety a priority, effortlessly, for organizations of all sizes.
Acumatica provided peace of mind to a non-profit organization, Mozaic, when its secure solution kept operating despite a ransomware attack. Just before a broader Acumatica Cloud ERP implementation go live, Mozaic was hit with a ransomware attack:
“Then ransomware hit our legacy on-premises system. We were down for about two weeks; we couldn’t use our Internet or anything. Arc of Yates [a business subsidiary] had been on Acumatica since 2018. That could still run, so we could still run a portion of our business.” — Tammy Raub, CFO, Mozaic (quoted in Diginomica)
“It spread throughout all three counties; all the computers and servers except for one Active Directory server, one file server and our backup, which we had unplugged the week before,” Mozaic’s CFO Tammy Raub said. “It was a nightmare of a time for the whole agency. We were down for two weeks without Internet.”
Raub took on the role of head of IT and quickly assembled a team to wipe 500 computers. “It took a few weeks to get everything back up,” she said.
Only one program was untouched: Acumatica ERP. Hosted in the cloud, the software was secure.
“There was absolutely no effect at all on Acumatica; it was just a matter of not having the Internet so (anyone needing it) just worked from home,” Raub said.
Security in Acumatica Helps Your Company Avoid Ransomware
In today’s threat landscape, there is no foolproof way to guarantee against ransomware or other cyberattacks, but most ransomware can be prevented by having adequate security protocols in place, such as the ones listed above.
Your Acumatica Cloud ERP subscription includes maximum security for your ERP data and gives you the freedom to focus on growing your business while knowing that security in Acumatica is working hard in the background to keep your business safe from ransomware.
Learn More About Cybersecurity in Acumatica
Whether you decide to host your EPR on-premise or in a public or private cloud, Acumatica offers many ways to secure your data natively and plenty of opportunities to extend your greater cybersecurity capabilities. Reach out to the experts at Secure Cloud Services to discover how your mission-critical assets and data can be protected in Acumatica.
Contact SCS here to learn more about enforcing security in Acumatica and how to host your system in a private cloud with Secure Cloud Services.