Security

The first thing that my father, a small business owner, wanted to know about Xero was its security.

Security, and also privacy, is the biggest things to get right when building an online software product. We believe that Xero is a mission-critical business information system – mission critical because your financial data is sacred and important. And it’s imperative for us to make sure your financial data is both secure and private from outside attackers.

Integrated into our core software framework is a security system that permeates through our entire system. The security model is structured in layers as follows:

privacy » sandboxing » authentication » segmentation » authorisation

Each of these steps aids in reducing the attack surface, and making it almost impossible to infiltrate our system and compromise data integrity and privacy:

Privacy: All access to Xero runs through a secure link which enables full encryption of all communication between the browser and our servers. To know you’re browsing a secure site, just check the padlock at either the bottom right of your browser, or in the address bar.

Sandboxing: Sandboxing is a technique to reduce the attack surface and prevent attackers from gaining access to the lower layers of our system.

Authentication: All access to Xero requires authentication through our membership system. All web pages in the Xero system require secure access – there are no parts of the system that are open to the public.

Segmentation: Our database is designed utilising a multi-tenanted architecture. This means that the data for each individual organisation is separated from the data of every other organisation. No other Xero customer can access your data through Xero – our architecture doesn’t allow it and cannot be manipulated in any way to allow it.

Authorisation: Our membership system has been designed to make full use of role-based security. Each user has a role within an organisation and each page is tailored specifically to that role so that each user is restricted to see and do what you want them to see and do.

That’s a basic outline of what we do to protect you and your data. So what can you do? Choose a strong password and don’t put it on a sticky note attached to your monitor!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Traveling the world with Xero

As a young Kiwi, it’s a rite of passage to leave the comforts of home to live and work overseas. Many ditch their jobs, say goodbye to friends and family and jump on a 30-hour flight to the other side of the world. They’ve got nothing but a heavy suitcase, a two-year visa and a ...

Xero Tax now available

At the February roadshow I announced Xero Tax. It’s a standalone configuration of our Australian tax lodgement solution. It’s perfect for anyone who isn’t yet ready to implement our full Practice Management solution. Bookkeepers, sole practitioners and smaller accounting practices now have a simple tax solution. Xero Tax is now available. It’s an ideal starting ...