Carrying out a business risk assessment. I have a range of questions but will limit to this one just so I am aware and clear. If the data file for a company / entity in manager is obtained can any Manager desktop implementation of high enough version open and read in spite of Manager’s User Permissions?
Essentially will the user security in manager be ineffective in the case above?
There are no security or permissions in the Desktop version of Manager
If you use the Cloud or Server version, then you must make sure that any backups you make are in a secure location
That’s probably true of any system - if someone walks out the door with your data on a USB key, then it’s gone and probably unprotected
Thankfully only admins have the backup button
Yes, because user permissions are global preferences of the primary account, not of individual businesses.
So essentially the user security in manager will be ineffective and to be definitive, if somehow the somecompany.manager file is obtained from cloud or server the company is an “Open Book” to the holder - Correct?
Correct.
Yes understand - Just need to be clear and exact with our risk policy. Thank you.
Curiously enough I am currently busy this week with doing a Risk Assessment.
I will raise a couple of pointers here.
Backup should be encrypted in which case they can’t do anything with the database.
If someone gains access to the actual server(s) where the databases are stored, you have bigger problems than the security of the database.
What you need to add into Risk Assessment is impact of downtime and what you can do about that downtime - this is one of the main reasons why I went with the Server version - I have full control over the downtime as I look after the Server where my Manager system is hosted. With a cloud based system you have no control over downtime and its my experience that cloud goes down more often than your local server.
Also, what I liked about Manager on my server is that I could restrict IP addresses to just my accountant and I. Your risk assessment will need to address potential hackers logging into the system and what you can do to address that.
2 Likes
From my own experience, I never had this issue, in fact I think manager cloud is in the top 0.1% in terms of cloud uptime.
1 Like
All good points on risk assessment gentlemen … Typically full blown data centers uptime beats on premise but it depends on your processing or method of data access. Both have huge advantages but have found the swing point for some to be about ownership and control. On premise can out perform in some ways eg. LAN verses Internet speeds. Some people may already have it but next year we hope to move to 4Gb Internet speeds where the LAN standard for most local infrastructure to PCs is still at 1Gb.
@Ealfardan I was referring to cloud in general, not Manager Cloud specifically. Speaking as an IT technician, a website going down seems to happen a lot more often than an on premise server going down.
I opted to go for a dedicated server in a data hosting centre. Essentially I lease the hardware from them as well have the fireproof, theft proof security aspects. But I installed the VM’s running on that server, maintain the updates and manage all the software on there.
Usually the downtime is as result of upgrades, breaches or changes on the server, not so much the actual hardware itself.
4GB broadband! Wow, here in the UK, you are lucky if you get 20mb’s.