Security by design
Data security and protection is the most basic building block of information systems. As complexity increases and data access is from multiple channels, systems and devices, Entersoft Business Suite incorporates multiple levels of data access control, which are constantly expanding and adapting to technological and institutional developments, through a powerful framework used by the full range of applications from wherever they run (on premises, on cloud, via browsers or mobile devices & tablets).
Passcodes policySimple-strong code, parametric rules of code complexity, change code frequency-code duration (in days), immediate change at the next login. The Entersoft framework uses the DES algorithm to encrypt passwords.
Access channelsDefinition of channel from which a user can be excluded e.g. from the internet or other subnet or from specific IPs.
LDAP certificationLightweight Directory Access Protocol, for exploitation from the company’s domain server.
Two factor authenticationThe requirement for confirmation of two-factor-authentication for access to Desktop applications or WebApi or eCommerce etc. can be activated per user. It can even be set that for the same user TFA is activated only for Web Apps and not Desktop applications. To configure TFA on mobile, use either Microsoft Authenticator or Google Authenticator.
User account inactivationAfter repeated failed login attempts, the user may be disabled, for re-checking.
“Read-only” userWith a single click, without additional actions for prohibition of access privileges, it can be determined that the user cannot save, but only display information.
User menusA "rough" way of restricting users to specific functions that concern them (mainly for reasons of simplicity and understanding and not because there is a guarantee of their exclusion from everything else) is to define a specific menu per user, instead of the rich application menu.
GDPR procedures embedded in the system
- Procedure for document Data protection policy
- Procedure for announcement of scope of using or handling personal data
- Procedure for sending a campaign and obtaining a consent to use personal data
- Procedures for accepting, changing or anonymization of personal data
- Data protection system against unauthorized users (Role Based Security)
- Field Level Security system so that the readability of "sensitive" fields can be adjusted only by roles related to the scopes defined
- Special classification of fields for this purpose (GDPR), to be recognized, protected, and controlled massively under processing scope (Field Set Security Grouping - FSSG)
- History of field changes (Audit trail & reporting) as well as logging of data publishing (exports, print reports, copy to clipboard, etc.) for easy detection of possible leaks
- Optional Database encryption - available in MS SQL Server 2016
- Ability to “mask” the content of "sensitive" fields at user interface level (e.g. name as *****, phone as 210 ***** 50 and so on.
- In multinational installations, possibility to hide personal data not concerning a company (in DBs with a common list of contacts), especially for group companies outside the EU (so GDPR object).
The system records and documents
- Insert, Delete, Modify into entities and fields
- Execution of procedures
- Execution of views & reports of any kind
- Sign-in / Sign-out users
- Version upgrades
Track changesRegarding the fields, the system provides for recording the history (user, date, previous value) of value changes of the commonly "sensitive" fields, but you can choose this "track changes" property for any other field (ability necessary also in case of adding fields and tables at a customization level). Access to this information is ready within the entity management screens (for specific entity control), but also in bulk control views with criteria targeted to help identify problems.
Messages while processes executedSome (time consuming) processes extract information during their execution, for the time, the results, the terminal, etc. for evaluation by the IT department. Such processes are the Stock Valuation, the periodical Closings, the various recalculations and so on.
Events logThe system keeps a detailed history of the execution of a wide range of "events" such as user sign-in, sign-out, deletion of records, approvals of credit overruns, backup, server restart, S/W version upgrades, recalculation tasks, official printings etc., for which it provides all the necessary information to investigate potential problems.
Audit trail at Entersoft Cloud Apps
- Every login within an application of the subscription is encrypted, archived, and stored for later review by the Subscription Administrator.
- For a rolling period of 90 days, Entersoft Cloud Store keeps detailed track and provides insights about the use, the errors and the quota consumption, if any.