Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security & Architecture

Published byCarl Pedersen Modified over 6 years ago

Similar presentations

Presentation on theme: "Security & Architecture"— Presentation transcript:

1 Security & Architecture
NetSuite’s Security & Architecture Kevin Brown © Copyright NetSuite Inc., All Rights Reserved.

2 Security and Architecture
Introduction Security Confidentiality Integrity Availability SLC (Service Level Commitment) Architecture Compliance FAQ’s

3 Security

4 Security: Confidentiality
Internet Firewalls Block unauthorized attempts to access our data center. Port scans are run regularly to identify any vulnerabilities within our network. 128-bit secure socket layer data encryption All data passed back and forth is encrypted Application-only Access System divided into layers that separate data from the application. Login gives access to the application layer…prevents malicious altering of data Role Level Access, Idle Disconnect and Account Lockout User has roles with access restrictions related to their job Detects idle connections and locks IE Window Two-Factor Authentication (Strong Authentication) Scheduled for phased release (9/07 – 11/07) One-time key entered to log into NetSuite IP Address Restriction Avail

5 Security: Integrity Data Integrity
We will not view or access records without the customer’s permission We do not store passwords (sha-256 encrypted version of password, so we have no access to your password) Passwords can now managed in the application Two Phase commit and our structure ensures Integrity Use Oracle DB capabilities (two phase commit) to ensure transactional integrity A completed transaction is put on two individual sets of RAID array (double redundancy) Redundant Array of Inexpensive Drives provides for increased data reliability What does all of this mean? When a transaction is submitted, if the page returns, the data is there

6 Security: Availability
Back-Up Nightly tape back-ups Remote archives of tape Hot Back-ups Disaster Recovery Currently we leverage Level(3)’s disaster recovery program and facilities Data restored from tape Redundancy Power Hardware Internet (We’ve got a back up!) Talk to upgraded DR avail

7 SLC Service Level Commitment (SLC) / Uptime
99.5% target uptime for each month First company to guarantee uptime Wait…We are the only company to guarantee uptime (at least in our market) Scheduled Maintenance Windows 5 hour period every Friday and Saturday starting at 10 p.m. Pacific Time Where possible targeted to local time URL for NetSuite monitoring

8 Architecture

9 Architecture Three-tier architecture Fault-tolerant session fail over
the data delivery layer the application layer the database layer Fault-tolerant session fail over if one server fails, your connection is seamlessly handed over to another server Redundancy Power Hardware Internet (we’ve got a back up) This level of Architecture means security!

10 Architecture Continued

11 Performance / Storage Performance High Performance/Usage companies
Load-Balancing ability to shift connections among servers to spread the load evenly Internet connection to the two major Internet backbone providers ensures that there are no data transmission bottlenecks to our data center High Performance/Usage companies Minimum GAAP and a fee for the server Numbers below are guidelines…check Sales Tools for details Tier Three GAAP $40,000 Server Fee $40,000 annually Tier Two GAAP $150,000 Server Fee $75,000 annually Tier One GAAP $225,000 Server Fee $100,000 annually Current Customers 10,000 transactions a day They do not own the hardware Does not ensure better application performance Still share application server (DB may respond better) Does provide more control

12 Compliance

13 Compliance: SAS 70 SAS 70 Report NDA required to release report
Type II report (vs. Type I report) Type II more detailed / thorough Results: No Material Exceptions were noted Areas Audited Systems Development and Change Management System Data Back up Procedures Logical Security Physical Security Environmental Security

14 Compliance: PCI PCI Compliant (Payment Card Industry)
Our Report on Compliance was accepted by both Ambiron TrustWave (highly respected PCI auditing service) and Visa Encrypted Credit Card View Users (except Administrator and Full Access) will not see unmasked credit card numbers except when entering a new Card Password requirements Certain Roles must change password every 90 days Seven (7) characters Sign release to be able to see un-encrypted cards To verify certification see Visa website

15 FAQ’s Who owns the data? The customer, they can export it through CSV (individual reports and full csv export), Web Services and ODBC. What happens if my ISP goes down? Call us and we’ll provide dial up instructions to reach our service (temporary solution). How Scalable is NS? We use load balancers to keep load consistent across the farm. We maintain the farm such that peak usage is within our acceptable range. The acceptable range is low enough to accommodate surges and spikes without performance degradation We also use our application so the appropriate level of management on the operations side can get visibility into future demand, therefore we have machines configured and ready to go before we need them. How often do we back up the data Nightly Where are the tapes stored The Tapes are archived at a remote location over 100 miles from the data center. Are Audit trails available? Yes, Login Audit trail and a Transaction Audit Trail.

Download ppt "Security & Architecture"

Similar presentations

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Welcome to the CardSaver VoIP Billing & Call Management Demonstration © 2004, Parwan Electronics Corporation.

Welcome to the CardSaver VoIP Billing & Call Management Demonstration © 2004, Parwan Electronics Corporation.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Lesson 1: Configuring Network Load Balancing

Lesson 1: Configuring Network Load Balancing
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Microsoft Load Balancing and Clustering. Outline Introduction Load balancing Clustering.

Microsoft Load Balancing and Clustering. Outline Introduction Load balancing Clustering.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
JVM Tehnologic Company profile & core business Founded: February 1992; –Core business: design and implementation of large software applications mainly.

JVM Tehnologic Company profile & core business Founded: February 1992; –Core business: design and implementation of large software applications mainly.
CRM On Demand Integration Capabilities Joerg Wallmueller CRM Sales.

CRM On Demand Integration Capabilities Joerg Wallmueller CRM Sales.
STEALTH Content Store for SharePoint using Windows Azure  Boosting your SharePoint to the MAX! Optimizing your Business behind the scenes

STEALTH Content Store for SharePoint using Windows Azure  Boosting your SharePoint to the MAX! "Optimizing your Business behind the scenes"
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Inventory Management & Administration System Tourism suite What is the PCI DSS? The PCI DSS 1.2.1 stands for Payment Card Industry Data Security Standard.

Inventory Management & Administration System Tourism suite What is the PCI DSS? The PCI DSS stands for Payment Card Industry Data Security Standard.
Concepts of Database Management Sixth Edition

Concepts of Database Management Sixth Edition
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Describe How Software and Network Security Can Keep Systems and Data Secure P3. M2 and D1 Unit 7.

Describe How Software and Network Security Can Keep Systems and Data Secure P3. M2 and D1 Unit 7.

Similar presentations

Ads by Google