Sage Intacct both enforces strict security measures for all hosted resources and enables your business to deploy scalable yet consistent information controls internally. Cybersecurity and proper data hygiene are mission-critical factors in cloud ERP implementations, where a single misconfiguration can repeat across multiple networks and expose the data of thousands or even millions. No modern system exists as an island and must be secured against this kind of accidental (or purposeful) exposure, but the good news is that when the right steps are taken, cloud-based solutions are even better protected than on-premise software.
In this blog, the collective security measures available with Sage Intacct will be outlined comprehensively and be used to demonstrate the level of support, protection and peace of mind users will be able to leverage on both ends:
Born in the Cloud: A Secure Foundation for Sage Intacct
No discussion of cloud ERP should exclude a conversation on the advantages and disadvantages inherent when migrating from legacy software to more modern systems, and how to maximize the potential of the former while mitigating the risks of the latter. When done right, you will gain all the benefits of cloud-based models which extensively outweigh those of on-premise solutions before cybersecurity is even considered.
Sage Intacct stands out among many other SaaS accounting and ERP systems by maintaining strict security and compliance policies, and for communicating these transparently with users. In addition, Sage Group plc performs consistent checks against potential vulnerabilities in their systems, including:
- Annual penetration testing
- Regular vulnerability assessments
- Security audits and reviews
Physical Data Center Security
Sage Group’s commitment to security with their cloud ERP begins at the physical level. Sage Intacct utilizes state-of-the-art data centers, and access to these facilities is strictly limited to authorized personnel based on job responsibilities, which is regularly reviewed and audited. They also employ stringent physical controls onsite to prevent unauthorized access – natural disasters – that could compromise data integrity, including:
- Biometric authentications
- 24/7 onsite security personnel
- CCTV video surveillance
- Man-traps and other physical entry barriers
- Environmental controls
Third-Party Risk and Compliance Assessment
Sage Intacct is kept up-to-date with the latest – and most pressing – cybersecurity and data privacy regulations to ensure information is consistently secured and enable compliance for users. Sage’s systems and data centers have been and continue to be audited by certified professionals to validate their security according to market-leading standards, including:
- SOC 1 Type II / SOC 2 Type II
- ISO 27001
- PCI DSS
- HIPAA
- ISAE 3402 / ISAE 3000
- GDPR
Role-Based Permissions and Access Control
For local security settings and protocols, your designated admin users in Sage Intacct are able to establish strict levels of permission controls that help prevent unauthorized access to data stored in or connected to your cloud environment. These range from simple capabilities like managing user licenses to complex and modular restrictions such as limiting what data a user can or cannot see. Here are some of the top examples:
- Role-based access control (RBAC) to enforce the principle of least privilege
- Strong password policies, including complexity requirements and regular password changes
- Multi-factor authentication (MFA) for an additional layer of user security
- Regular access reviews to ensure appropriate user permissions
- IP address filters that can be applied to limit login attempts from unknown devices
- Session Timeout rules that enforce logouts after periods of inactivity or suspicious activity
Monitoring and Incident Response
Sage’s in-house teams keep a close eye on individual applications of Sage Intacct and their server storage, hosting-side endpoints and more, with dedicated resources assigned to protecting all segments of the cloud-hosted environment and its connections. The internal solutions and support operations to fulfill this include:
- 24/7 monitoring of all systems and network activities
- Automated alerts for potential security events
- A dedicated security team to investigate and respond to incidents
- Regular security log reviews and analysis
Workflow and Approval Processes
Specific transaction approvals are tied to workflows that automatically submit the report to the appropriate user based on their admin-defined permissions as an approver. This process can be configured at the administrator level for various methods to speed up the steps while ensuring full audit trails. Here are some examples:
- Configurable approval processes for various transaction types (AP bills, purchases, expense reports, journal entries, etc.)
- Ability to set approval thresholds based on amount, frequency, and transaction type
- Automatic routing of transactions to appropriate approvers
- Full visibility into the approval process for finance teams
Smart Rules and Data Integrity
Workflow actions, data inputs and role-based permissions controls can be configured around “smart rules” that automate and streamline approvals or blocks on transactions that do not meet the preconfigured requirements. If a user triggers the smart rule’s criteria, the system will display a message indicating where the error originates from. Other automated data controls include:
- Automated checks to ensure required fields are filled
- Validation of data input against predefined criteria
- Alerts for users when data does not meet specified requirements
- Customizable rules to align with organization-specific needs
Data Encryption and Transmission Security
All data managed on the Sage side is encrypted at multiple layers to prevent any information from being exposed when passing between connections or unauthorized access. Here are some examples of the encryption types applied in Sage Intacct:
- Data at rest: All customer data is encrypted using industry-standard algorithms
- Data in transit: SSL/TLS encryption secures all communication between users and the Sage Intacct application
- Database-level encryption: Sensitive data columns within databases are additionally encrypted
Backup and Disaster Recovery
At the data center level, all files are backed up every few hours and stored safely in the event that something happens to any server or the entire facility, such as a natural disaster including earthquakes or wildfires. The Sage team will work to recover and restore your data within 24 hours. Here are some of the steps taken to ensure your Sage Intacct data integrity:
- Automated daily backups of all customer data
- Encrypted backup files stored in secure, off-site locations
- Regular testing of backup and restore processes
- A fully documented and tested disaster recovery plan with defined recovery time objectives (RTO) and recovery point objectives (RPO)
Artificial Intelligence and Outlier Detection
Before generative AI took the world by storm with the spread of OpenAI’s ChatGPT, Sage Group plc had been introducing artificial intelligence and machine learning capabilities into Sage Intacct. Some of these power features for data validation and error detection, among other uses, allowing you to save significant amounts of time catching mistakes, reconciling inaccuracies and ensuring that your reports are not compromised in any way. Other examples include:
- Automatic flagging of unusual transactions or entries
- AI-powered analysis to identify patterns and outliers
- Alerts for approvers when reviewing potentially problematic entries
- Continuous learning to improve detection accuracy over time
Managing Security in Your Sage Intacct Implementation
There are many security capabilities available with your Sage Intacct software from the get-go, but like every other SaaS solution, there are still shared local cybersecurity and maintenance responsibilities. However, leveraging role-based permissions and other access control features in-house will help you make sure you are protected on all sides. Ensure that your system admins and managers follow these steps to preserve your data integrity in Intacct:
- Managing user access and permissions within their organization
- Implementing and enforcing strong password policies
- Monitoring and reviewing system activity logs
- Promptly reporting any suspected security issues
- Configuring approval workflows and thresholds appropriate for their business needs
- Regularly reviewing and updating role-based permissions
Sage Intacct Security – Watch the Video to Learn More
See What Else Sage ERP Can Do with SWK Technologies
SWK Technologies is a Diamond value-added reseller (VAR) of Sage ERP, Sage Certified Gold Development Partner, Strategic Hosting Provider and an otherwise longtime partner and consultant for Sage software with decades of experience helping thousands of businesses across different industries successfully tailor their Sage solutions for their needs. Get in touch with our team of experts today and learn more about what Sage Intacct can do firsthand.
Contact SWK here to learn more about security and other capabilities of Sage Intacct, and see if this modern cloud ERP is the right fit for your business.