Our vision is to provide our customers with great security and data breach protection designed into our products from day one.
We ensure the integrity of your data.
Secure code, encryption, firewalls, penetration testing, state-of-the-art threat detection, and seamless data back-ups—at Sage, we are committed to maintaining the confidentiality, integrity, and availability of your data, as well as business systems.
The cloud enables you to run a successful business in the digital world and safeguard against cyber criminals, with all your data backed up and accessible from any device, at any time.
Sage Business Cloud ensures that our global security team and state-of-the-art security capabilities are protecting your data 24/7, so you can focus on running your business.
Sage security process begins before a line of code is ever written and is integrated through the complete lifecycle of product development. We use the highest industry standards for secure coding and all our products receive robust security testing.
We collaborate with security researchers worldwide and strongly believe in Responsible Vulnerability Disclosure. Read our Responsible Disclosure Policy and our Bug Bounty Program for more information.
Products can either compel 2FA for all users or let customers control their own authentication requirements for their users.
Products can request additional authentication prior to any sensitive or high-risk activity and not just at the time of login.
We recognize that our products need to provide options for our customers to balance security with a high-quality user experience.
Yes, we have ISO27001 and SOC2 certifications across Sage Business Cloud products.
State-of-the-art monitoring systems are used across Sage networks and cloud services to detect common types of attacks. Each production environment is constantly monitored for any potential malicious activity by the Sage 24/7 Cyber Defence Operations Team.
All Sage codes are subject to code reviews performed by people who did not write them. Sage also follows the guidelines set in the Open Web Application Security Project (OWASP) Top Ten. This is an internationally recognized research body in the top ten most important security risks affecting software and web applications. Sage product engineers are trained in security to ensure they have all the skills they need to meet our stringent standards.
Absolutely – alongside a range of offensive security techniques. All products are subject to a penetration testing cycle and any vulnerabilities are handled in line with industry best practices. Find more information about penetration testing and offensive security at Sage.
Yes. Our services use the latest versions of a technology called Transport Layer Security, also known as TLS. You can click on the padlock symbol on any web browser to confirm this. This protects your data when transmitted over the internet and is called "encryption-in-transit."
Your data is always encrypted while stored in Sage databases in the cloud. This means that, if someone were to take disk drives from a data center, they would still be unable to read the data. This is called "encryption-at-rest."
2-factor authentication adds extra security to your Sage account. With 2-factor authentication, you'll need to enter a one-time code after your enter your email address and password to log in.
You can set up 2-factor authentication in Account Management. Select 2-factor authentication to start setup. You'll need a mobile device or phone to complete 2-factor authentication.
For more information about 2-factor authentication, go to our support article.
If you would like to report a security concern or have any security questions regarding Sage cloud products or services, please contact us.
Give Feedback