As you might expect, GCC uses Microsoft Dynamics 365 Business Central to run its own internal accounting system and key operational services. One area of potential concern for everyone using cloud IT services is how to secure and protect access. This is obviously very important when you’re talking about your own accounting system and core financial data.
GCC have four types of core users that need access to the finance system data to perform a mixture of data processing tasks – basically to read, edit, create and delete data.
The good news is that Microsoft Dynamics 365 Business Central can be deployed alongside Microsoft Azure security services to provide a very secure and yet flexible solution. GCC has the following user roles deployed
- Finance Director. Darren is our head of finance and performs month and year end routines whilst generally keeping an eye on all things financial. Darren also heads up the business applications side of GCC. The security concern with Darren is that he sometimes works from home as well as the office so he can’t be limited by only using an office-based desktop PC. Darren also uses multiple Office 365 accounts and sometimes logs into client sites (along with test, demo and development sites) so it’s not practical for Darren to use two factor authentication. In Darren’s case, to improve security, we’ve locked down his Microsoft portal where he accesses the Business Central application, so that he can only access the finance system from authorised GCC physical devices (laptop) This means that if his login credentials become somehow compromised then they would also have to steal his laptop and as soon as we know the login details have been compromised or that the laptop has gone, we can kill the access account, thus achieving two factor authentication (something you have and something you know).
- Book-keeper. Ness runs the day to day order and purchase processing along with the banking and stock control (amongst a multitude of other jobs, so Ness needs to be efficient!) Ness is office based and works Monday-Friday. So for security, Ness can log in to the GCC Dynamics 365 Business Central system from her desktop PC (or a GCC laptop if this breaks) The restriction in this case is that she can only access the accounting system when she is physically in the office in Gloucester. When she goes home in the evening she can’t access the system from any device (not even with a GCC laptop) even though Business Central is a global cloud service. So Ness has to be in a given location and know her username and password (something you know and somewhere you are).
- The Head Honcho. Chris is the MD and doesn’t need to process data but he does want access to the data. Chris will sometimes want to drill in to a report, and go from sales to a specific customer account, to a particular invoice and line item. He might also want to interrogate the P&L and sometimes process data, so is a full Business Central license user. Chris also works from the main GCC operational hubs in Gloucester and London (Tower Bridge) and from home and from various other sites (some people says he just sits around in coffee shops all day!). In this case, Chris can access the account from anywhere and any device but has two factor authentication deployed. Indeed Chris uses his laptop and the Business Central mobile app on his iPhone - he needs his username and password and also needs his mobile phone to authenticate and no-one has ever managed to prise his mobile phone from him yet (something you know and something you have).
- Head of Sales. Mark is head of sales and he just wants to see Key Performance Indicators (KPIs) around sales turnover, gross margins and credit control. Mark doesn’t need access to the Business Central accounting system, so a Team license is fine for viewing data. Mark uses Power BI to view reports and dashboards that report on the Business Central data in scheduled report refresh, near real time. Nevertheless, to keep the data secure, Mark uses two factor authentication to access these reports even though he doesn’t have a full user license for Business Central. Because Mark also is mobile and working from multiple locations, (and some say he also spends a lot of time in coffee shops, apart from when he’s on the golf course obviously) he uses a user name and password along with his mobile phone to access the reports and keep them secure (something you know and something you have).
So, all in all, even though GCC uses a global cloud-based finance system, user access and data is very secure. This blend of Microsoft enterprise security services with Microsoft Dynamics 365 Business Central is recommended.
For more information about the Microsoft Dynamics 365 suite of applications, click HERE.