In today’s world cybersecurity is a very important issue for individuals and businesses. Multiple attacks by hackers have caused many cybercrime activities such as loss of personal data, identity theft, phishing, spoofing. Other malicious virus attacks that can be a threat to both individuals and organizations. In order to take preventive measures, IT professionals are constantly engaged in studying the best practices that can be used in order to provide maximum security for their computer networks. One of the most popular topics that is trending on news channels and social media is the recent WannaCry attack, which infected around 230,000 computers in around 150 countries. Computer systems security is one of the most critical aspects in IT, as the fear of cyber crime has been increasing and organizations are trying their best to prevent their data to be affected from such malicious attacks.
Odoo has always provided complete security for all their users, since there are a lot of users who use Odoo applications and their information will be very critical for their business. Some of the security practices done by Odoo on their hosted version called Odoo Online include:
Odoo Online include:
- Backup and disaster recovery: Odoo provides full backups for its instances up to 3 months. Odoo also has effective disaster management practices, with worst case scenario where the users can lose maximum 24 hours of work if data cannot be recovered and restores the last daily backup.
- Database security: Customer data is stored in a dedicated database, where data is not shared between clients. Data access control rules implement complete isolation between customer databases.
- Password security: Customer passwords are protected with industry standard PBKDF2+SHA512 encryption (salted + stretched for thousands of rounds).Odoo staff does not have user passwords. If you lose it, you have to reset it.
- Employee access: Odoo staff may access user accounts to fix support issues (with use of a staff authorization, not user password). Odoo respects user privacy and only accesses files that need to be diagnosed.
- System security: All Odoo online servers are running hardened Linux distributions. Only a few trusted Odoo engineers have clearance to remotely manage the servers. Firewall and intrusion countermeasures prevent unauthorized access.
- Physical security: Security cameras are monitoring the physical data centers. Physical access to data centers where Odoo servers are located is restricted to data center technicians only.
- Credit card safety: When you sign up for Odoo Online subscription, Odoo does not store the user credit card details. User credit card information is transferred securely between the user and the PCI- Compliant acquirers: PayPal and Ingenico.
- Communications: All web connections to client instances are protected with 256 bit SSL encryption. Odoo servers are always under watch and patched against latest SSL vulnerabilities.
Odoo Software Security
Odoo being an open source software, the whole codebase is is constantly under observation by Odoo users and contributors worldwide. Community bug reports are an important source of feedback regarding security issues and Odoo encourages developers to audit the code and report security issues.