ERP Solutions

Security for SaaS ERP Solutions

Workday is a trusted partner for companies looking to improve their governance and compliance capabilities. Workday enables this trust through a comprehensive approach to data security and SAS 70 certification. Using key design, development, and data center processes, Workday is architected to protect physical access to data and support the ability to audit all application data changes.

Traditional enterprise applications offer multiple and separate access control systems—one for end users, one for database reporting, one for integrating systems, etc. This results in customers being forced to make a significant investment in duplicated maintenance, which increases the risk of a security breach. Changes to data are either audited with low level database logs or not audited at all. On-premise software vendors simply aren't compelled to document and verify all their development and delivery processes.

Workday takes a different approach to solving these problems, delivering a cohesive approach to security that reduces security risk to the enterprise, increases visibility to useful data, and eliminates duplicate security schemes. All Workday solutions include:

•    Secured access at all levels of Workday's solutions. Workday′s business services are secured at multiple levels and architected to reduce security risk at all points in the system.
•    Secured data center. Workday leases space in top-tier data centers that comply with stringent security standards.
•    Secured network access. Access is permitted only over secure connections (Secure Socket Layer (SSL) version 3 or Transport Layer Security (the successor to SSL)).
•    Secured applications. No direct database access is allowed. All access is routed through the business logic either from individual users or external systems and requires either delegated authentication or a secure Workday-maintained user name and password.
•    Secured database. All attribute values in the database and backups are uniquely encrypted with a customer specific key, so the database is intelligible only to Workday applications with the appropriate key.
•    Embedded Auditing. Workday tracks all changes to business data at an application level, meaning customers receive useful data, not the low-level database logs found in traditional enterprise application. This application audit information is the basis for audit and compliance reporting found throughout the Workday system.
•    SAS 70 Type II. An independent accounting firm performs SAS 70 Type II audits on a regular basis. A SAS 70 report describes the controls a service provider has in place when hosting or processing data belonging to another organization. Workday will continue to complete SAS 70 Type II audits on a regular basis.

Does your on-premise vendor give you this level of insight into and assurance about their development processes?

Written by :

kristine H