Twinfield, the most secure solution for your accounts
The security of data in the Cloud is a hot topic. Services are added on a continual basis: SaaS (Software as a Service) is becoming a commodity in the software market. Yet, as the number of players in the market increases, so does the uncertainty and debate surrounding the security of data in the Cloud. Businesses can secure their data in many different ways, but how can you ensure that you are completely protected against system failure, breaches of security and viruses? There are, after all, plenty of examples of where things have gone wrong. Here at Twinfield, we are frequently asked how the data we look after is secured. We therefore take pleasure in explaining this below.
Every three minutes, automated systems located in six different places around the globe measure the availability of our online software. In addition, Twinfield has developed a unique, bespoke Quality of Service (QoS) system that controls whether our solution is available as it should be. One of the criteria measured is our response time.
Twinfield controls different parts of the solution through an automated process that independently requests, inputs and adjusts data updates. Every 10 minutes, this process delivers a report. Should the speed of the system not to be considered sufficient, for example, then Twinfield will add capacity automatically.
Proprietary framework of standards consolidates the best available market certifications
Twinfield has developed its own proprietary framework of standards from the most highly regarded certifications globally, including ISO 27001, SAS70 and ISAE 3402. We have combined the most stringent requirements within these standards and continually test them. In this way, Twinfield can not only ensure that an update has been carried through, but also if it is a valid update. We have been developing and honing this method for over five years.
Fox IT is one of the world’s most progressive organisations in the field of innovative security and intelligence solutions, such as the security of state secrets and financial data. “Fox IT supports Twinfield in a number of areas such as the development and execution of the security policy,” explains Jeroen Herlaar, unit manager Cybercrime at Fox IT. He continues, “In a world where more and more activity is taking place online – business, personal and communication – data security is of utmost importance.” Encrypted Data
First and foremost, it is important that data is sent encrypted by means of a digital security certificate. Here at Twinfield, we use the digital certificate with the highest possible security level (Verisign Pro EV SSL-certificate) – also used by banks and government organisations. Twinfield online accounting is inherently secure: all traffic with the web service is secure and is handled in an HTTPS-environment.
As provider of an SaaS solution, it is essential that the web service is reviewed and audited by an external party. Twinfield is extensively re-audited every three months by BDO Audit & Assurance B.V. After each investigation, a stamp of quality is issued, proving that Twinfield meets all the requirements demanded of a professional and secure service provision. All parties with which Twinfield maintains a financial relationship are also checked on a regular basis.
In order to enable communication with third parties (such as the automatic processing of information and banking transactions), Twinfield has developed an entirely new IT environment. “Our island before you reach the coast,” says André Kwakernaat, CEO Twinfield. “This proprietary data centre ensures that no other external party has access to the Twinfield system. Banks upload their files to this data centre; we automatically pull them off. We then carry out an extensive quality and integrity check and only process the data in Twinfield after these checks have been passed. It all happens extremely quickly, but also utterly securely. This functionality is unique – no other provider in this sector can offer it.”
Twinfield Colleagues and Employees
Twinfield is also highly discerning when it comes to our own staff. Only a few employees have access to the system. Code that is in development is extensively reviewed and tested by a colleague in a different development team – thereby guaranteeing the integrity and quality of the finally developed code.
Employees with programming access to the Twinfield system have undertaken an extensive audit and signed a Code of Conduct. Twinfield staff only get access to client details after the client has given their permission.
And further: only with an SMS-code generated by the client itself and only from the Twinfield head office in Hoevelaken (never from any other location), can Twinfield employees gain access to client details.
Back Up Copies
Twinfield works not only with daily back up files, but even makes a copy of changes on an hourly basis. In addition, a complete back up copy of the accounts is sent daily, weekly, monthly and annually, through a secure connection to a data centre at a separate location. This back up copy is a file locked using an advanced AES encryption key.
Back up tapes are of course, not used. These have been proven to be untrustworthy as a storage device. Twinfield uses a direct disk-to-disk system with guaranteed availability.
Data centres have sprung up all over in recent years, since the increase in the move toward cloud-based software solutions. Twinfield has developed a particular infrastructure, in which the availability of the web service does not depend on any one data centre. Twinfield has multiple operational data centres. One of these continually measures the security of the system. In addition, Twinfield does not depend on a third party host. Twinfield hosts its own solutions and manages and maintains the necessary data connectivity itself. To do this, Twinfield uses the expertise of the leading specialists in their field. Again, particular attention is paid to security; the infrastructure is built from multiple layers, where specialists have access to one layer only. A particular quality of Twinfield is that there is always a supervisor looking on online. If, for example, a user installs untrustworthy or even malignant software, then browser access to the Twinfield system is denied. These controls take place at both data- and network level, guaranteeing privacy at all times. Many parties with an online accounting solution will look at the web server log-files to see which actions have been carried out on any given platform. The controls within Twinfield are carried out directly and guarantee maximum security for both users and their data.
The storage of data is a sensitive issue. Twinfield stores all user data in the E.E.A., the European Economic Area. In doing so, Twinfield can guarantee that the data is not accessible to governments, for example. When data is stored in the US, for example, the US government has viewing rights to that data (as a result of the so-called Patriot Act). An undesirable situation. Yet still there are plenty of parties in the market who cannot guarantee European data storage. At Twinfield, it is even part of the audit we undergo with BDO Audit & Assurance BV.
Of course, there are providers offering ‘free accounting’…
But are you willing to accept the associated risks?
Cloud computing is a success. And rightly so, because all you need to exchange details is a live internet connection. Systems are available 24×7 from any location and costs are low. However, in recent years there have also been examples of where the security of cloud-based services has been compromised. Often, these examples included sensitive information that should not have been publicly available.
Twinfield advises users of any online software solution to ask their provider detailed questions about how their data will be protected and kept secure. Only by treating cloud-based data with due care, can we ensure that cloud computing remains the success story it is.