Ds Data Center Factsheet Emea

Download as pdf or txt
Download as pdf or txt
You are on page 1of 5

Enterprise-Class Data Management,

Security, Performance and Availability

NetSuite Data Centre

Oracle NetSuite currently operates


geographically distinct data centres across
Data Centre Locations
North America, Europe, and Asia-Pacific. Each
North America
data centre has a counterpart that provides
• Seattle
data mirroring, disaster recovery and failover
capabilities in its region in case any data centre • Santa Clara
becomes non-operational. The NetSuite service • Phoenix
is natively multi-tenant and leverages cloud • Chicago
infrastructure designed around multiple layers • Boston
of redundancy. • Ashburn

Europe
• London
• Dublin
• Frankfurt
• Amsterdam

Asia-Pacific
• Sydney
• Melbourne

www.netsuite.co.uk
NetSuite Data Centre Infrastructure • Scalability: NetSuite supports over 24,000
Data Management customers with over 1.5 billion application
• Redundancy: Many layers in the NetSuite requests per day and more than six petabytes
system contain multiple levels of redundancy. of data under management. The system
This design allows uninterrupted service has been designed to accommodate routine
because redundant systems automatically surges and spikes in usage, and to scale
assume processing in the event that one or upward smoothly to address increased
more elements fail. transaction volume.
• Disaster Recovery (DR): Within each region, Application Security
data is replicated and synchronised between • Encryption: Transmission of user credentials,
data centres. Semi-annual DR exercises ensure as well as all data in the resultant connection,
that systems and processes are in place, as well are encrypted with industry standard protocol
as to assess and enhance the competency of all and cipher suite. NetSuite supports Custom
personnel key to the successful implementation Attribute encryption and provides encryption
of DR activities. Data centres use archival media APIs. NetSuite uses token-based application
backups, which supports customer-initiated authentication and multi-factor
data restores for up to a year. end-user authentication.

© Oracle | Terms of Use and Privacy Page 2


• Role-Level Access and Idle Disconnect: Operational Security
Each end user can be assigned a specific role • Continuous Monitoring: NetSuite employs
with permissions that are specific only to his or both network and server-based Intrusion
her own job. There is a complete audit trail that Detection Systems (IDS) to identify malicious
tracks changes to each transaction by the user traffic attempting to access its servers and
login details and a timestamp. networks. Security alerts and logs are sent to a
• IP Address Restrictions: Customers can restrict Security Information and Event Management
access to a NetSuite account from specific (SIEM) system for monitoring and response
computers and/or locations, which is valuable actions by a dedicated security team.
for those who are concerned not only about • Separation of Duties: In addition to mandatory
who is able to access their NetSuite account but employee background checks at all levels of
from where they access it as well. This feature the operations organisation, job responsibilities
significantly reduces the risk of unauthorised are separated. The Principle of Least Authority
third parties accessing a user’s account. (POLA) is followed and employees are given
• Robust Password Policies: Customers have only those privileges that are necessary to do
granular password configuration options, their duties.
ranging from the length of the passwords to • Physical Access: All data centres maintain
the password expiration policy. They can set stringent physical security policies and controls
up strict policies to ensure that new passwords including photo IDs, proximity access cards,
vary from prior passwords and that passwords biometrics, single person entry portals and
are complex enough to include a combination alarmed perimeters.
of numbers, letters and special characters. • Dedicated Security Team: Oracle NetSuite
Accounts are also locked out after several employs a global security team dedicated to
unsuccessful attempts. For customers who enforcing security policies, monitoring alerts
desire a higher level of access control, there and investigating any anomalous system
is a multi-factor authentication option using behaviour including unauthorised connection
text SMS, one-time passwords (OTP) and attempts and malicious software. Near
backup codes. In addition to entering their real-time monitoring is in place with a 24x7
own passwords, users must possess TOTP- worldwide incident response capability. All
compatible devices to receive the random access to production is approved and regularly
one-time passwords. These cryptographically reviewed by the security team.
robust passwords prevent key loggers,
shoulder surfers, phishers and password
crackers from accessing a user’s account.

© Oracle | Terms of Use and Privacy Page 3


• Data Centre Performance Audits: There are • Privacy Certifications: Oracle Corporate
auditing controls appropriate for SOC 1 Type II, (Oracle EMEA Ltd) has obtained EU/EEA-
SOC 2 Type II, ISO 27001 and PCI compliance. wide authorisation from the European
NetSuite has implemented a comprehensive data protection authorities for its Binding
risk management process modeled after Corporate Rules for Processors (BCR-p). This
the National Institute of Standards and helps our customers address their privacy
Technology’s (NIST) special publication 800-30 and security requirements under the EU
and the ISO 27000 series of standards. Periodic General Data Protection Regulation (GDPR)
audits are carried out to help ensure that and other European data protection laws
personnel performance, procedural compliance, and regulations in the EU/EEA, the UK and
equipment serviceability, updated authorisation Switzerland (“European Data Protection Law”).
records and key inventory rounds meet or See the Privacy Code for Processing Personal
exceed industry standards. Information of Customer Individuals (Oracle
• Security Certifications: Oracle NetSuite issues Processor Code).
reports upon the completion of periodic SOC 1 Oracle NetSuite provides Product Feature
Type II and SOC 2 Type II audits and is certified Guidance documents that describe how the
for PCI DSS and ISO 27001:2013. service functionality is designed to assist
¤ Oracle NetSuite has defined its Information customers with their EU GDPR requirements.
Security Management System in accordance Oracle NetSuite has extended the ISO
with NIST 800-53 and ISO 27000 27001 Information Security Management
series standards. System to include the ISO 27018 control set,
demonstrating protection and adequacy for
¤ Independent third-party auditors prepare processing Personal Information as a Public
and conduct SOC 1 Type II and SOC 2 Cloud Hosting Provider. Oracle NetSuite
Type II audits. A SOC 1 Type II audit report performs reviews and annual audits, conducts
is essential to meeting the reporting privacy risk management and oversees
requirements on the effectiveness of internal remediations, has a third-party vendor
controls over financial reporting of Section management programme to ensure that the
404 of the Sarbanes-Oxley Act. SOC 2 Type suppliers adhere to the privacy regulations,
II reports on controls that directly relate to the oversees privacy by design in technology and
security, availability and confidentiality trust processes, and is committed to maintaining and
services criteria at a service organisation. improving its privacy information management
¤ PCI DSS is a security standard designed and data protection programmes.
to ensure that companies are processing,
storing and transmitting payment card
information in a secure environment. A PCI
Qualified Security Assessor (QSA) issues an
Attestation of Compliance (AOC) to NetSuite.

© Oracle | Terms of Use and Privacy Page 4


Performance Availability
• Scalable Application Architecture: The NetSuite • Service Level Commitment (SLC): An
application runs on a three-tiered architecture SLC guarantees a 99.7% uptime (outside
supported by additional specialised services. All scheduled service windows) for the NetSuite
tiers are highly scalable and support multi-data production application for all customers. A
centre deployment. credit is available if NetSuite does not deliver
• Performance Team: NetSuite invests heavily its application services with 99.7% uptime.
in performance at every layer. This includes A publicly available status page is provided
a dedicated performance team of developers to display system status at all times that
and database engineers whose sole purpose is includes quantitative current and historic
to proactively verify application performance uptime metrics as well as up-to-the-minute
benchmarks and tune the application for announcements during disruptions.
maximum performance. • World-Class Hosting Operations Team: A
• High-Performance Databases: The NetSuite global team of dedicated operations personnel
application runs on high-performance proactively monitors the health of the entire
database server hardware with multiple cores system with industry leading alert and trend-
and maximum RAM configuration. NetSuite based tools designed to identify and resolve
production database servers run exclusively events before they impact the live site. This
on solid state storage ensuring the fastest team provides 24x7 coverage to respond to any
possible database I/O performance available incident with automated recovery procedures.
in the industry. • Dedicated Event Response Team: A global
• Performance Monitoring Tool: The NetSuite cloud event response team is dedicated to
Application Performance Management (APM) expediting responses and resolutions while
tool provides a comprehensive performance establishing communications and regular
dashboard that allows users to easily and updates during service-impacting events. This
quickly drill down and investigate the root team is active 24x7 from multiple
cause of a site’s performance issues. By worldwide locations.
capturing critical performance data and quickly • Network Design: The network was built to meet
identifying, analysing and fixing the problem or exceed commercial telecommunications
areas, customers can optimise performance, standards worldwide for availability, integrity
improve user experience and maintain and confidentiality. The network design ensures
critical transactions. reliable connectivity and maximum uptime with
no single-point data transmission bottlenecks
to or from the data centre. Finally, NetSuite uses
a content delivery network (CDN) to enhance
network reliability and help protect against
denial-of-service attacks.

To find out more, contact NetSuite on [email protected]

United Kingdom | Phone: +44 (0)1628 774400 | www.netsuite.co.uk

© Oracle | Terms of Use and Privacy

You might also like