Most of you must have wondered whether ERPNext is a secure application. We even think twice before putting our personal data online today. An ERP software is used for storing sensitive financial data, and it's bound to evoke a feeling of insecurity when using a cloud based ERP.
The realm of computer security has many unknowns and as such, even the most secure systems get compromised. However, it would be foolish to keep known security holes open for attack. So, let me enlist some of the steps we have taken to ensure your data's security.
We do not store passwords in plain text
i.e. All passwords are encrypted and cannot be read/recovered by anyone. How does this work? Wikipedia: Cryptographic Hash Functions
Authentication is secured using SSL (https)
Even the sub-domain login pages use secured authentication. Our SSL certificate is provided by RapidSSL.
Transparency during support activity
Since we host your data, we have access to it. Don't worry! We acknowledge your concern and thus, our system is configured, such that we cannot login to your application without informing you via email. This ensures high transparency while ensuring a quick and smooth support process.
Daily Backups
Another aspect of security is the ability to recover your data in case of a disaster. We take daily backup of your database and store it on Amazon S3, a widely used secure cloud storage service. However, as an added safety measure, we recommend that you take manual backups of your database via Tools > Download Backup. You will be emailed a link to the backup file, which remains active for 24 hours.
Our application is not perfect. But it is better than ever. We are actively looking out for security holes to plug. Our development and release process have taken a more responsible direction. And we have a small and trustworthy team.
We love to discuss ideas. Please drop in a comment or two.
The best software is one which solves your problems with the least possible pain. We hope you have a good time using our application.
