Security

The first thing that my father, a small business owner, wanted to know about Xero was its security.

Security, and also privacy, is the biggest things to get right when building an online software product. We believe that Xero is a mission-critical business information system – mission critical because your financial data is sacred and important. And it’s imperative for us to make sure your financial data is both secure and private from outside attackers.

Integrated into our core software framework is a security system that permeates through our entire system. The security model is structured in layers as follows:

privacy » sandboxing » authentication » segmentation » authorisation

Each of these steps aids in reducing the attack surface, and making it almost impossible to infiltrate our system and compromise data integrity and privacy:

Privacy: All access to Xero runs through a secure link which enables full encryption of all communication between the browser and our servers. To know you’re browsing a secure site, just check the padlock at either the bottom right of your browser, or in the address bar.

Sandboxing: Sandboxing is a technique to reduce the attack surface and prevent attackers from gaining access to the lower layers of our system.

Authentication: All access to Xero requires authentication through our membership system. All web pages in the Xero system require secure access – there are no parts of the system that are open to the public.

Segmentation: Our database is designed utilising a multi-tenanted architecture. This means that the data for each individual organisation is separated from the data of every other organisation. No other Xero customer can access your data through Xero – our architecture doesn’t allow it and cannot be manipulated in any way to allow it.

Authorisation: Our membership system has been designed to make full use of role-based security. Each user has a role within an organisation and each page is tailored specifically to that role so that each user is restricted to see and do what you want them to see and do.

That’s a basic outline of what we do to protect you and your data. So what can you do? Choose a strong password and don’t put it on a sticky note attached to your monitor!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Payroll for South Dakota, Wyoming, Washington

Following up on the continued momentum from the last release of New Hampshire — we’re excited to announce Payroll in Xero availability for South Dakota, Wyoming and Washington. Over 100,000 small businesses in South Dakota, Wyoming and Washington employ at least one employee. Xero is truly excited to provide an accounting and payroll solution that ...

The new look Xero Android app

We’re pleased to announce the biggest release since the native version of our Xero Android app. Every pixel of the dated Android 4.x ‘Holo’ look is gone! Xero now follows Google’s ‘Material’ design guidelines. We’ve revisited every single screen with an eye on consistency and #beautiful design. We think you’ll find it a vast improvement. ...