Security

The first thing that my father, a small business owner, wanted to know about Xero was its security.

Security, and also privacy, is the biggest things to get right when building an online software product. We believe that Xero is a mission-critical business information system – mission critical because your financial data is sacred and important. And it’s imperative for us to make sure your financial data is both secure and private from outside attackers.

Integrated into our core software framework is a security system that permeates through our entire system. The security model is structured in layers as follows:

privacy » sandboxing » authentication » segmentation » authorisation

Each of these steps aids in reducing the attack surface, and making it almost impossible to infiltrate our system and compromise data integrity and privacy:

Privacy: All access to Xero runs through a secure link which enables full encryption of all communication between the browser and our servers. To know you’re browsing a secure site, just check the padlock at either the bottom right of your browser, or in the address bar.

Sandboxing: Sandboxing is a technique to reduce the attack surface and prevent attackers from gaining access to the lower layers of our system.

Authentication: All access to Xero requires authentication through our membership system. All web pages in the Xero system require secure access – there are no parts of the system that are open to the public.

Segmentation: Our database is designed utilising a multi-tenanted architecture. This means that the data for each individual organisation is separated from the data of every other organisation. No other Xero customer can access your data through Xero – our architecture doesn’t allow it and cannot be manipulated in any way to allow it.

Authorisation: Our membership system has been designed to make full use of role-based security. Each user has a role within an organisation and each page is tailored specifically to that role so that each user is restricted to see and do what you want them to see and do.

That’s a basic outline of what we do to protect you and your data. So what can you do? Choose a strong password and don’t put it on a sticky note attached to your monitor!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Xero scoops Company of the Year at annual Hi-Tech Awards

I’m proud to announce that on Friday night, Xero was awarded Hi-Tech Company of the Year at the annual Hi-Tech Awards gala dinner. The event was attended by more than 700 guests and held at TSB Arena in Wellington, New Zealand. Xero took out tough competition from other finalists in the category, including ARANZ Geo, Serko and ...

Xero ranked #1 Forbes Most Innovative Growth Company 2015

We’re extremely proud to announce that once again Xero has placed top on the Forbes 100 Most Innovative Growth Companies list. This is our second straight year in the number one spot. The Forbes list recognises firms that investors expect to be innovative both now and in the future. It’s wonderful for Xero’s current innovation ...