In light of the recent hacking attack on one of the telecom operators, we would like to focus on data security in ERP.
Any modern business solution should have a built-in security system that helps protect your database and the information it contains from unauthorized access. It should also allow you to configure what authenticated users can do in the database, such as what data they can read and modify. Let’s take a look at how data security is implemented in Microsoft Dynamics 365 Business Central ERP.
User security
Before users can log in to Business Central, they must be authenticated as valid users who are authorized to access it. The authentication approach is dictated by the fact that Business Central is delivered as a cloud service, deployed entirely in Microsoft Azure data centers, and therefore accessed through the Microsoft tenant system. This means that a user can only access the ERP system if he or she has an account set up in Microsoft Entra ID (formerly known as Microsoft Azure Active Directory). Microsoft requires multi-factor authentication for such accounts.
Business Central Security and Permission Levels
The security system contains information about the permissions granted to each user who can access a particular database. This information includes the roles assigned to users and any permissions granted to individual users.
There are four levels of access to the data in Business Central:
- Database
- Company
- Item
- Record
The first level of security when you open Business Central is database security.
When you start Business Central and attempt to open the database, your credentials are verified. In Business Central, you can only open companies in the current database that you have access to. A database can contain several companies. Each company can use its tables and can also share tables with other companies. When you open a company in Business Central, your ability to access information is determined by the security system. Object-level security is a set of permissions for system objects (table, view form, report, program code) that make up a privilege set. Permission sets define the access that users have and the tasks that users can perform with objects in the database. Record-level security allows you to restrict user access to data in a table.
The accesses are view, create, delete, and edit.
You can also set up additional security in Business Central by creating security filters for table data. A security filter describes a set of records in a table that a user is allowed to access. For example, you can specify that a user can only read records that contain information about a specific customer. This means that the user cannot access records that contain information about other customers.
Cloud storage security
A storage tenant’s data is stored in an isolated database and is never mixed with other tenants’ data. This ensures complete data isolation for day-to-day use and backup/restore scenarios.
Business Central uses Azure SQL Database as the database technology for its environments. Azure SQL Database is a fully managed relational database service with built-in high availability, backup, and local and regional redundancy.
SQL Azure Database protects Business Central’s production and sandbox environments by automatically creating backups that are retained for 28 days. Administrators can use the Business Central Administration Centre to restore their environment to any point in the last 28 days.
Administrators can also use the Business Central Administration Centre to restore deleted workspaces or isolated environments within seven days of deletion.
In addition, Business Central uses encryption to protect customer data in the following ways:
– Data at rest is encrypted using Transparent Data Encryption (TDE) and backup encryption.
– Backups are always encrypted.
– All network traffic in the service is encrypted using standard encryption protocols.
It’s also worth noting that Microsoft has demonstrated its continued focus on security by announcing several new security features for its products, including new tools to help organizations protect data and detect and respond to security threats in the form of cyber-attacks.
It is important to remember that cloud security is a shared responsibility between the provider and the user. That’s why organizations need to choose a trusted cloud provider and implement best security practices.
To protect against cyber-attacks in the cloud environment, we recommend using the Zero Trust model, where every request to the company’s database is subject to verification. The Zero Trust model, combined with the security features of Microsoft Azure solutions, creates a cloud environment that is secure and invulnerable to cyber-attacks. It is important to note that Microsoft spends more than $1 billion a year on Azure security alone, and has approximately 3,500 specialists