Flexibility is one of the primary reasons why Oracle NetSuite is one of the most popular ERP solutions for emerging and growing companies and why it was named among G2.com’s Top 10 ERP Systems for Small Businesses. Much of this flexibility comes from how easy it is to customize NetSuite’s business logic.
At Fastpath, we want to help businesses make sure their applications are secure. As discussed in a previous blog, Custom Record Security in NetSuite, keeping your customizations secure should be top of mind whenever you develop custom code for any platform.
Tools like NetSuite’s SuiteCloud Development Framework make it easier to customize NetSuite code while also allowing developers to follow a more rigorous Software Development Lifecycle process (e.g., code reviews and version control), thus facilitating a more secure development environment.
This blog discusses how NetSuite’s SuiteCloud Development Framework can be leveraged to make developing customizations in NetSuite even easier:
- The SuiteCloud Development Platform and SuiteCloud Development Framework (SDF)
- SDF Architecture
- Features of SDF
- How Fastpath Can Help
The NetSuite SuiteCloud Platform and Development Framework: Tools that Extend Its Capabilities
NetSuite’s SuiteCloud Development Framework (SDF) is an Integrated Development Environment (IDE) and deployment mechanism included in the NetSuite SuiteCloud Development Platform. Developers can use SDF to access all SuiteCloud customization objects and SuiteScript APIs during development, testing, and rollout. SDF provides the foundation to support a company’s software development lifecycle (SDLC) from development to testing to deployment, giving developers tools for greater visibility into their NetSuite change management processes. SDF integrates with standard source control applications and lets developers validate their code before deployment.
How SDF’s Architecture Makes Customizing NetSuite Easier
In the past, NetSuite only allowed SuiteScript files to be downloaded from a NetSuite account so developers could work on them external to the application. SDF sits between the SuiteCloud Software Development Kit (SDK) and a NetSuite account, allowing developers to work on code locally using the SDK before deploying it.
One of the most significant advantages of using the SDF is that it allows many other customization types, such as custom fields, configurations, custom record types, and workflows, to be developed outside of NetSuite. Customizations created in SDF projects can be deployed to NetSuite accounts for internal distribution or SuiteApps for commercial distribution.
SDF represents NetSuite objects as XML, which makes it possible for development to be uncoupled from NetSuite. Developers can use SDF to download their NetSuite objects as XML definitions, work on them using a development environment outside of NetSuite, validate them against target NetSuite accounts, then deploy them to the development, sandbox, or production accounts. Upon deployment to the target account, the XML definitions are converted to custom NetSuite objects by SDF.
SDF supports the following custom objects:
- Lists, Records, and Fields
- Published Dashboards and Portlets
- Centers and Tabs
By making it easier and more flexible to manage customizations in the NetSuite environment, developers can take advantage of features and controls in SDF as part of the SuiteCloud platform, including:
- Automatically handling dependencies (and understanding the impact of changes on them) by identifying and validating them before deployment to target accounts.
- De-coupling from NetSuite, which enables developers can make changes using development and deployment tools in an external environment.
- Validating customizations against target accounts before deploying them directly to development or production accounts.
- Deployment and audit trail logs to indicate the objects being deployed and the deployment status.
- Flexible source control integration with most version control systems to ensure changes to customizations are tracked and that all files and objects required for a release can be accessed and releases can be rolled back if necessary.
- Facilitates collaboration in the cloud to manage source code updates more easily.
- Bundling with NetSuite; simply check the SuiteCloud tab on the Enable Features page to activate SDF.
How Fastpath Can Help with NetSuite Security
The SDF makes it much easier for companies using NetSuite to tailor the application’s business logic to their needs, from development through testing to final deployment. However, with that ease come security risks.
It is considered best practice to perform NetSuite SDF and system administrative user access reviews periodically. Fastpath’s products help you secure your NetSuite environment by identifying, mitigating, and preventing unauthorized user activity. The Fastpath Access Reviews module and Access Certifications module (which automates the entire user access review process) can help you determine who within your organization can make changes to customizations and move those changes into production.
In addition, changes made in SDF can have a far-reaching impact on your business; therefore, it is important to have a tool like Fastpath Audit Trail to track changes to the system and who is making them.
To understand more about the security of your NetSuite and other business-critical applications, watch this interview with Frank Vukovits, Certified Internal Auditor and Director of Strategic Partnerships at Fastpath. In this interview, Frank discusses what causes auditors the most concern and who should own the security functions inside the organization.