We implement the tools, technologies, and best cyber security practices to protect our systems, devices, and data, wherever they sit. We use comprehensive security monitoring tools, develop code securely from day one, and test our approach regularly with targeted security testing. We securely manage our customers' personal data, just as we do when it comes to security.
Encryption of customer data in transit
Traffic to and from Sage websites and applications is encrypted using the latest recommended versions of the internationally recognized Transport Layer Security (TLS) protocol. TLS is widely used to protect sensitive data, such as usernames, passwords and private data as it flows across the internet. TLS ensures the confidentiality, privacy and integrity of your data by using strong encryption.
Encryption of customer data at rest
Your data is always encrypted when stored in Sage databases within the cloud. This means that if someone were to take disk drives from a data center, they would be unable to read the data. This is called "encryption at rest". Our products use an advanced type of encryption to encrypt disks, databases and individual files, giving you the best level of protection available.
Finding and fixing security problems
Sage proactively monitors for any vulnerabilities in our software that could be exploited by a cyberattacker. If you have concerns about a potential data breach related to Sage products or if you have found a suspected vulnerability in a product, please contact our 24/7 Cyber Defense Operations team via email: [email protected].
All Sage code is subject to reviews, where code is independently checked and scanned for flaws or vulnerabilities. Sage also follows the guidelines set out in the Open Web Application Security Project (OWASP) Top Ten. This is internationally recognized research conducted on the top ten most important security risks that affect software and web applications. Sage product developers are regularly trained in security to ensure they have all the skills they need to meet our standards.
Continuous security testing
Alongside a range of offensive security techniques, all products are subject to a penetration testing cycle. Any vulnerabilities are corrected in line with industry best practices. Find more information about penetration testing and offensive security at Sage.
24/7 security monitoring
Sage has sophisticated security monitoring systems across devices, products and our corporate IT network infrastructure. Every production environment is continuously monitored for potentially malicious activity by the Sage Cyber Defense Operations Team.
2-Factor Authentication (2FA)
All Sage Business Cloud products support 2FA and we strongly recommend that all of our customers enable this. Using 2FA significantly reduces the risk of unauthorized access to your data. Find out how to set up 2FA.