How does Bi4Cloud work?
Bi4Cloud is a cloud based analytics and reporting solution. Under your control BI4Cloud extracts only the data required for reports from your accounting and ERP system and puts this into a private area on our servers for you to report on. These servers are hosted on Microsoft Azure.
Each of our client's data is completely separated from other client's data. Your data is NOT in a shared datastore. Although our technical support people can gain access to the data for support purposes it is only by client's invitation. Each organisation's information is stored in separate database files, the names of these files are obfuscated, the data encrypted and password protected.
Authentication ( login and passwords ) is performed by Auth0. Created passwords must contain complexity. Bi4Cloud does not have acces to your password and cannot impersonate you.
Safe from hackers
So if someone could break into the Azure data centre and find our BI4Cloud servers they would need to know of the databases and the password.
It’s very difficult for someone break into Azure's physical site. So it may be possible but it is very unlikley.
Contrast that to the security, both physical and electronic, of your server room or your PC?
Privacy and Integrity
Bi4Cloud is sent data from either the accounting vendors cloud servers or your servers under your setup and control. It only sends the information to run reports and analytics.
Bi4Cloud uses bank grade security including SSL and HTTPS so transfer of the data is encrypted. People can't eavesdrop. No-one can see your data as it's transported or your reports that are displayed on screen.
Because your data is stored encrypted if any part change is attempted in invalidates all the data. The data is read-only.
When connecting to a Cloud Accounting system data is transferred BCloud to Cloud.
With hosted accounting system your servers are not accessed from the outside world but rather the information is transferred out to the cloud from your server with a connector program you install and control. So there is no opportunity for people to hack into your server or on the BI cloud. Because there is no access into your server there is no way for an outsider to get a copy of your data.
Security scan by Synopsis
As part of Intuit QuickBooks apps.com our app is required to undergo an security scan.
This is destructive and performed on an image of the apps’ production server.
To retain our listing on Intuit QuickBooks Apps.com our app is required to undergo a yearly security scan that must be passed and the result of this is a report on vulnerabilities that must be rectified and then a emailed passed certification once the vulnerabilities rectification is complete. Only when the Scan has no vulnerabilities is a passed certification email provided.
The scan is done using the NIST 800-30 Revision 1 standard and severity assigned to each vulnerability is calculated against that standard.
This Technical Security Scan is an Intuit Requirement and subcontracted to Synopsys. https://www.synopsys.com/
Bi4Cloud has passed each of the vulnerability checks for the past 5 years.
If the hackers can't get into our system they cannot access your data.
Separate login for each user
If you have your own servers then you are responsible for their upkeep and their security. If they are not connected to the outside world then they are pretty secure however few organisations are islands these days.
It's likely you allow access to your support people or your accountant to review your books or users to work from home? If so then you may use a VPN connection. Do you have a separate password for every VPN or is the password shared ?
With Bi4Cloud every user's login and password and all the data traffic is secure - that is what the https:// in front of the URL provides. With BI4Cloud the connection between the user and the server is SSL / HTTPS and so traffic is secure and cannot be wire sharked or eves dropped.
So every user connection to BI4Cloud is a separate VPN and unless you have a valid login you can NOT get in.
"You are most likely to be murdered by someone you know" :-)
That's a true fact - google it.
The corollary to this is that more often than not the threat comes from within.
A disgruntled employee, someone planning to leave. A silly mistake overwriting your data.
On BI4Cloud the process of collecting data is password controlled and automated.
What can you do to improve your security?
1. Don't use a shared email address
If you have setup an email address for your BI4Cloud account how many people can see or share that email address? When you login to BI4Cloud you can reset the password and this reset is sent to that email address so anyone receiving it can gain access. Ensure the email address you use in bi4Cloud only goes to a specific person
2. Don't share BI4Cloud user accounts
If you share a login with others then they can see what you see. If some information is private and confidential they will see it. You are also breaching the conditions of use of BI4Cloud because our license is for each named user.
We want you to have each BI4Cloud user have their own user id and password. We make our subscription pricing value for money so each additional two (2) users can be added for about half the cost of your initial license. Pricing matrix here
3. Profile your users so they see only what they should
Each report and analysis chart is grouped. With our help you can setup users to only see the information groups that they should. For example they can be blocked from seeing General ledger or Payroll data and only see Sales. You can also control if they see sales margins and also if they only see their sales.
4. Never send a password via email
Emails travel the Internet in clear readable text and delivery is done by the data travelling from server to server until it reaches it's destination. A person with knowledge can see the email content. Never send a password or credit card in an email.
Instead use a point to point service ( SMS Text or Fax) or an encrypted chat service like Skype or ring the person on the phone and tell them.
5. Make passwords hard to guess
Do not use simple passwords that anyone can guess - e.g. "password", your last name, your business street.
Password complexity is controlled by Auth0.
6. Be careful and prudent on what reports you email
Our Bi4Cloud service allows you to set up reports and charts to email to others. This is a great time saver and very powerful.
Once set they can be left unattended and they will work automatically.
We suggest you should only send reports in this way to specific people you want to receive them. Not to shared emails, not to email lists.
We suggest that they be sent to business addresses and not private addresses. When a person leaves a company they will lose their business email but keep their private one. Because email is automatic you may be sending to a terminated business partner.
We also suggest you periodically check that the emails are being sent to who you intend and they are still valid.
If privacy and security is paramount or if you have concerns send reports by email then instead subscribe for additional users and give these people ( employee, business partners, suppliers and customers) their own account that can be locked down to what you want them to see.
Compare to what you are doing now
How secure is your email? It is likely it's all in clear with no encryption. Your ISP can see all of this - that is why you should never put passwords and credit card information in an email.
So you may say “Eek ! My data is spinning on the cloud servers” but the truth is it's likely safer there than at home or office. Only authorised people will see it and it is secure.
Is that any worse than Internet banking ?
Is it any worse that email on the cloud ?
And what if we go out of business ? Well if you choose to you can only pay month to month via credit card. So all the money is not spent up front and you can move away as you wish.