<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=523033&amp;fmt=gif">

NetSuite Security and Controls, Part 5: Integrations and Interfaces

When discussing integrations and interfaces, the focus is on the control environment within NetSuite. It is important to understand all of the boundary systems that feed into NetSuite and ensure that data is coming into NetSuite completely and accurately. There are a number of security considerations that arise at this point.

In facilitating these integrations, it is often necessary to have an integration account that allows the API to connect and then use that account to write data into the NetSuite account. These accounts, therefore, must be carefully managed and monitored. It is essential to understand the permissions the integration account has and ensure that end users cannot log into that account, particularly if the integration account is given administrative rights. In that case, it may be wiser to provide a tailored role to those accounts that will limit access to only the privileges needed rather than granting complete administrator capabilities.

It is not always possible to limit access to all integration accounts, so controlling and monitoring these accounts should be implemented. For example, if these accounts could be made into web-services-only accounts, it is best to make sure end users cannot see or log into them.

Additionally, an IPaaS solution, such as Workato or Dell Boomi, might help with API management and monitoring interfaces.

An auditor will be asking specific questions regarding integrations and system monitoring. For instance, an auditor may question whether the batch jobs that facilitate these interfaces and integrations are running accurately. An auditor might also ask if connections are monitored for failures, whether any alerts are being reported and addressed, or whether the system is self-healing.

These security concerns with integrations and interfaces must be considered to understand the nature of all the data sources that come into NetSuite.

The real issue in all this is to ensure that complete and accurate data is received while minimizing access risk in NetSuite.