We implement the tools and technologies to protect our systems, devices, and data, wherever they sit. We use comprehensive security monitoring tools, develop code securely from the outset, and regularly test our approach with targeted security testing. Just as we do the right thing when processing our customers' personal data, we do the right thing when it comes to security.
Encryption of customer data in transit
Traffic to and from Sage websites and applications is encrypted using the latest recommended versions of the internationally recognised Transport Layer Security (TLS) protocol. TLS is widely used to protect sensitive data, such as usernames, passwords and private data as it flows across the internet. TLS ensures the confidentiality, privacy and integrity of data by using strong encryption.
Encryption of customer data at rest
Your data is encrypted while stored in Sage databases within the cloud. This means that if someone were to take disk drives from a data centre, they would be unable to read the data. This is called 'encryption at rest'. Our products use an advanced type of encryption to encrypt disks, databases, and individual files, giving you the best level of protection available.
Finding and fixing security problems
Sage proactively monitors for vulnerabilities in our software which could be exploited by a cyber attacker. If you have concerns about a potential data breach related to Sage products, or if you have found a suspected vulnerability in a product, contact our 24/7 Cyber Defence Operations team via email: [email protected].
All Sage code is subject to reviews, where code is independently checked and scanned for flaws or vulnerabilities. Sage also follows the guidelines set out in the Open Web Application Security Project (OWASP) Top Ten. This is internationally recognised research conducted on the top ten most important security risks that are affecting software and web applications. Sage product developers are regularly trained in security to ensure they have all the skills they need to meet our standards.
Continuous security testing
Alongside a range of offensive security techniques, all products are subject to a penetration testing cycle. Any vulnerabilities are corrected in line with industry best practise. Find more information about penetration testing and offensive security at Sage.
24/7 security monitoring
Sage has sophisticated security monitoring systems across devices, products, and our corporate IT network infrastructure. Every production environment is monitored continually 24/7 for potentially malicious activity by the Sage Cyber Defence Operations Team.
2-Factor Authentication (2FA)
All Sage Business Cloud products support 2FA - we strongly advise our customers to enable it. Using 2FA significantly reduces the risk of unauthorised access to your data. Find out how to set up 2FA.