Security in the Cloud given the recent Sony breach?

Dan Ryan's Profile

My company is already in the cloud with a few apps and are looking to go there with ERP. However, this recent Sony breach has us wondering about security (again). What do SaaS ERP vendors have to say when security breaches like the Sony event occur?

And, separately, in particular, what does NetSuite do to protect my company's data when it's on your systems?

Answers

Member's Profile

Since the Sony breach - we've gotten some questions on whether this breach will impact cloud computing adoption? While the Sony breach is garnering substantial press attention it’s important to recognize that data security issues are not something that are unique to cloud. In fact, on-premise systems risk security breaches every day, and many on-premise breaches may simply not make the headlines given they’re at small companies. Many mid-size organizations have no dedicated tenured security personnel at all, or very limited personnel, to secure their on-premise data. However, with the growth of cloud computing it’s important for cloud vendors to pay close attention to data security and commit to the highest standard of data custodianship.

What is NetSuite doing about its own security in light of the Sony breach?
o NetSuite continuously updates its security based on new threat intelligence, and has a dedicated organization to monitor and manage it. It’s important to recognize NetSuite is audited continuously to the latest rigorous security standards.
o NetSuite knows, and has always known that providing customers top level security is critical to our customers and to our company’s success. Therefore, NetSuite has focused on security as job one since the formation of the company. In fact, we hired our current chief security architect as one of our first four employees to ensure that we maintained best security practices from the inception of the company.
o NetSuite’s multi-million dollar security investment, team tenure, and 10+ year security experience is likely much more than other smaller pure cloud ERP vendor’s investments, as well as likely more than that of mid-size businesses who are running their own on-premise ERP systems.

Here are some other considerations around selecting cloud services:
o Closely examine vendor’s investment in security, dedicated employees, security certifications (such as PCI DSS), and the tenure of security organization. Understand what the vendor’s historical track record has been.
o Do your diligence. Make sure you know who you vendor is, that they are transparent, tenured and well-funded.
o Know that all cloud vendors are not equal and each one must be scrutinized individually. You get what you pay for, and businesses face a choice in some cases choosing between a 1 year track record versus a 10+ year track record with the focus and commitment of a publicly traded company. You also choose between one or two, or a couple of part time security personnel versus a dedicated, tenured security team. So it’s important to ask the right questions and listen to the responses.
o At NetSuite, we believe cloud security needs to be done right. Done right, a cloud vendor’s security investment, expertise and focus will typically exceed that of an internal on-premise deployment.

Hope that helps and let us know if we can answer any further questions on this topic.

Ranga Bodla

To comment, and for full access, login or register
Member's Profile

I firmly believe that even many of the very large companies i have been a part of are probably quite vulnerable - because they don't do IT for a living. 99% of companies do IT with as little money and resource as possible so they can build widgets or do whatever their main business is. Of course for some Cloud companies that's just empty words. As a buyer of cloud services you really need to understand what your vendor is doing on that front to gain comfort. And any vendor worth their salt will be more than happy to have you talk to their security team.

To comment, and for full access, login or register