Security

In today’s interconnected digital world, security is a critical concern. With the rise of online threats, a secure online environment is crucial to protect sensitive information and maintain the trust of customers.

Web security, or cybersecurity, refers to the practices and technologies designed to protect websites, networks, and data from unauthorized access, damage, and misuse.

Importance of Web Security

Protect Sensitive Information

The internet is a hub of data exchange. Web security helps protect sensitive data such as financial information, personal identification, and login credentials from unauthorized access. Web security measures, such as encryption and secure authentication protocols, prevent unauthorized access to sensitive data.

Maintain Customer Trust and Reputation

Security breaches can severely damage the reputation of a business or website. When customers lose trust in the security of a website, they are less likely to continue using it or sharing personal information. Strong web security builds trust and promotes a positive user experience.

Prevent Financial Loss

Cyber-attacks can lead to significant financial losses, from theft and fraud to the cost of mitigating damages and recovering compromised systems. Investing in strong web security is not just a protective measure but a financial safeguard.

Ensure Compliance with Regulations

Many industries require compliance with data protection laws, such as the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA) in the United States. Failure to secure user data adequately can lead to regulatory fines and penalties, making web security essential for legal compliance.

Stay Compliant with Standards

Finance industries have strict regulations regarding the handling of payment data and maintaining secure systems. Non-compliance can lead to legal action, fines, and operational shutdowns.

The Payment Card Industry Data Security Standard (PCI DSS) outlines specific security measures that must be followed to protect customer card information. Sana Commerce makes PCI compliance easier by offering integrated payment gateways that allow webstore owners to securely transmit customers’ credit card data.

Security Measures Used by Sana Commerce Cloud

Sana Commerce Cloud understands the importance of web security and implements effective security measures to help prevent cyber-attacks and protect valuable information. By implementing robust security measures that Sana Commerce Cloud provides, businesses and their customers can safeguard sensitive information, avoid costly incidents, and contribute to a safer internet for everyone.

Secure HTTPS Connection

Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP. It is the internet communication protocol that protects the integrity and confidentiality of data that is sent between the user's computer and the website that the user is connected to. Sana Commerce Cloud uses only a secure HTTPS connection: the entire Sana Commerce Cloud solution (Sana webstore and Sana Admin) runs over HTTPS, the Web service that is used to establish the connection between Sana and your ERP system must also run over HTTPS.

Secure Sana Admin and Webstore Accounts

Sana Admin accounts and webstore accounts of the customers are password-protected. Sana Commerce Cloud policy requires Sana Admin users and webstore customers to use strong passwords. It is critically important to have a secure and unique password. Moreover, Sana Commerce Cloud is protected against brute-force attacks.

Data Verification

Device verification on the login page of Sana Admin is a security measure that adds an extra layer of security, and also serves as a critical safeguard against unauthorized access, and cyber threats. Device verification ensures that only users with known devices are allowed to access Sana Admin, preventing unauthorized access to Sana Admin. This security measure enhances overall security and reduces the likelihood of cyberattacks or data breaches.

Two-Factor Authentication

Sana Commerce Cloud supports two-factor authentication (2FA) with a one-time password (OTP) for internal Sana Admin users and webstore customers. Two-factor authentication is an extra layer of security used to make sure that people trying to gain access to an online account are who they say they are. This provides a higher level of security than authentication methods based on single-factor authentication using only username and password.

In the digital world, where threats are constantly evolving, securing your Sana Commerce Cloud solutions is significantly important. By implementing measures like strong password protection, device verification, Captcha, cookie management, and two-factor authentication, you can create a safer shopping experience for your customers and protect your business from potential cyberattacks.

Combining these strategies forms a robust security framework that can adapt to new threats, giving both you and your customers peace of mind, keeping your Sana environment as safe as possible!

Captcha

Captcha tools are essential for protecting your Sana Admin and webstore from bots and malicious automated activities, increasing the security level of a webstore, and preventing spam attacks.

  • Google reCAPTCHA is used to differentiate between human users and bots. It requires users to complete simple challenges, such as clicking on images or ticking a checkbox. Google reCAPTCHA is easy for humans to solve but difficult for bots to bypass, reducing spam and protecting login forms, registration pages, and other vulnerable areas.

  • Friendly Captcha emphasizes privacy and user-friendliness. Instead of requiring users to solve puzzles, it uses a background cryptographic challenge that is solved by the user’s browser. Friendly Captcha is GDPR-compliant and provides a seamless experience for users while effectively blocking bots.

Cookiebar

Protecting personal information is essential because it is a fundamental human right. With privacy laws such as the General Data Protection Regulation (GDPR), informing users about the use of cookies and obtaining their consent has become mandatory.

  • A Sana webstore uses cookies for webstore functionality and analytics information to identify users and remember their preferences for the sole purpose of providing the service required by the user. You can use a Sana cookiebar to inform your webstore users about the cookies that are used in Sana Commerce Cloud.

  • Usercentrics is a consent management platform that is GDPR, CCPA, LGPD, and POPIA compliant. It offers a consent banner which is known as a cookiebar, and provides transparency for all cookie usage and tracking technologies on your website.