How Microsoft Dynamics NAV Secures Wealth Management in the Cloud

Maxime Wattel - June 02, 2016

Microsoft Dynamics NAV, like most other ERP solutions, was originally developed for on-premise deployment. With these systems moving to the Cloud, key financial and business information is moving offsite, and it is only natural that organisations be concerned about the security of sensitive data.Cloud or On-Premise, which is more secure?

The security of any system depends on the physical infrastructure and security protocol, and important considerations in determining the security of any data centre, on-premise or Cloud-based, include:

  • Whether the physical data centre is equipped with redundant heating ventilation, HVAC systems and fire prevention
  • What physical security measures have been put in place to keep out intruders
  • The level of security protocol that is being followed. This includes data isolation, firewalls, secure access control, data encryption and disaster recovery solutions

The reality is that professional Cloud-providers often employ data centres that implement more stringent security protocols than most on-premise deployments can deliver.

Download our FREE Cloud vs On-Premise eBook now to learn more about the security of these two solutions.

Microsoft Dynamics Azure

When deploying our software solutions as Cloud-based applications, Elysys makes use of Microsoft Azure datacenters to ensure the highest level of data security and maximum uptime.

By making use of Microsoft Azure, Elysys is able to provide businesses with top-notch data security and privacy built into their solution, through multiple safeguards that protect customer and enterprise data. These security practices and technologies include identity and access management, data encryption, secure networks, threat management and compliance with best practices in Cloud security.

Identity and Access Management

Azure Active Directory helps ensure that only authorized users can access your environments, data, and applications, and provides multi-factor authentication for highly secure sign-in.

SSL certificates are one of the ways by which Azure authenticates and secures data communication between company appliances (on-premise or mobile devices) and Cloud servers. An SSL, or public key certificate, usually just called a certificate, is a digitally-signed statement that binds the value of a public key to the identity of the company, device, or service that holds the corresponding private key. One of the main benefits of certificates is that hosts no longer have to maintain a set of passwords for individual subjects who need to be authenticated as a prerequisite to access. Instead, the host merely establishes trust in a certificate issuer. If something is wrong with the certificate, the connection will be rejected.

Once a certificate has been authenticated and connection has been established the system uses Windows Communication Foundation (WCF) transport-level security (TLS) over the TCP/IP protocol to encrypt the messages.

Microsoft Azure Data Encryption

Azure Cloud-based applications utilise industry-standard protocols to encrypt data as it travels between an organisation’s devices and Microsoft datacentres, and crosses within datacentres.

The encryption method used is so-called public-key cryptography, also known as asymmetric cryptography. This cryptographic algorithm requires two separate keys, one of which is secret (or private) and one of which is public. Although different, the two parts of this key pair are mathematically linked. The public key is used to encrypt messages, whereas the private key is used to decrypt ciphertext.

public key encryption model
 

The public key is made public and available to everyone. If a person e.g. Bob wants to send an encrypted message to e.g. Alice, then Bob will use Alice’s public key to encrypt the message. As Alice is the only person that has the private key she is the only one who can encrypt the message.

One can think of encryption as locking something valuable into a box with two locks. With public key one can open first lock but not the second. With the private key, one can open the first and the second lock.

Microsoft Azure Secure Networks

Azure datacentre’s infrastructure is based on security practices and technologies that connect virtual machines (company PC’s, laptops, mobile devices) to each other and to on-premises datacentres, while blocking access to any device that does not pass authorisation checks. Azure Virtual Networks extend your organisation’s on-premises network to the Cloud by creating a site-to-site virtual private network (VPN).

Threat management

Microsoft Azure services and virtual machines are protected from threats by employing multiple layers of constantly evolving safeguards:

  • Microsoft Anti-malware
  • Microsoft intrusion detection
  • Denial-of-service (DDoS) attack prevention
  • Penetration testing
  • Data analytics
  • Machine learning

Compliance

Microsoft Azure Cloud services comply with international and industry-specific compliance standards and participate in rigorous third-party audits that verify their security controls. The service also boasts adoption of the world’s first code of practice for cloud privacy, ISO/IEC 27018.

From Challenge to Opportunity with Microsoft Dynamics NAV

Cloud-based software solutions create new challenges for the financial industry such as security risks associated with a particular Cloud-service and the underlying infrastructure that has been deployed. By making use of secure solutions such as Microsoft Azure’s Cloud-services, small to mid-sized financial organisations have access to all the benefits of Cloud, without compromising the security and privacy of their financial data.

Cloud-based vs On-Premise ebook for Wealth Management