10X ERP Security Overview

This document describes how 10X ERP approaches security to protect our customers' data and systems. It is intended to provide a high-level overview, and we're happy to answer deeper technical questions upon request. We regularly evaluate and improve our security posture and remain committed to transparent, accountable security practices.

Our Approach to Security

Security is at the core of how we build and deliver 10X ERP. We take a practical and disciplined approach to security, focusing on best practices that ensure our platform is safe, stable, and reliable.

Infrastructure & Hosting

  • 10X ERP is hosted in the cloud using Linode.
  • Each customer has their own dedicated PostgreSQL database, providing complete data isolation at the database level, not just through application logic. This architecture delivers the security of on-premise systems with the convenience of modern SaaS. Learn more about our dedicated database architecture.
  • Our servers are distributed across multiple geographic regions, ensuring a hardware issue in one location does not affect clients in other regions.
  • We maintain regular backups and high availability configurations for customer environments. Details can be found here: Data Backup and Recovery

Application Security

  • We use GitLab for version control and CI/CD, enforcing code review and automated testing.
  • Every code change (merge request) triggers a comprehensive suite of automated tests to ensure stability and prevent regressions.
  • Our team follows a secure development lifecycle, including static code analysis and regular dependency audits.
  • We use Sentry for real-time error monitoring and response.

Data Protection

  • Unlike traditional multi-tenant SaaS platforms that separate customers through software logic, 10X ERP provides each client with their own dedicated database. This means your data never sits alongside competitors' data. Read about our dedicated database approach.
  • All customer data is encrypted in transit using TLS.
  • Data at rest is encrypted using industry-standard techniques.
  • Backup data is also encrypted and stored securely.

Ransomware and Cyberattack Protection

Ransomware is one of the top concerns for businesses considering cloud systems. Our defense combines backup isolation, active data monitoring, and comprehensive audit trails to both prevent and detect threats.

Backup Isolation

The most common ransomware scenario involves attackers encrypting production data and the backups together, because they sit on the same network or server. Our architecture prevents this:

  • Isolated backup storage: Your backups are stored in cloud object storage that is completely separate from our application servers. An attacker who compromises the application cannot reach the backup infrastructure.
  • Three independent backup systems: Your data is protected by three separate backup systems, each with its own credentials and storage. An attacker would need to independently compromise all three to destroy backup copies.
  • AES-256 encryption: All database backups are encrypted with AES-256-CBC, using keys stored separately from production systems.

Active Data Integrity Monitoring

Backup isolation protects the backup files themselves, but a more subtle attack could corrupt data through the application layer and let that corruption flow into backups over time. To catch this, we run automated data integrity checks that validate the consistency of your data on an ongoing basis:

  • 30+ automated checks covering accounting balances (General Ledger vs. subledgers), inventory reconciliation (system records vs. physical totals), accounts receivable, accounts payable, and dozens of other business rules.
  • Daily reconciliation compares GL balances against physical inventory and subledger totals, tracking match percentages over time. A sudden mismatch triggers investigation.
  • Email alerts notify our team of anomalies in critical areas like General Ledger transactions and inventory movements.

These checks are designed to catch data corruption quickly, whether caused by an attack, a software bug, or any other source, so we can restore from a known-good backup before the issue compounds.

Complete Audit Trail

Every change to every record in the system is tracked with a field-level audit trail, capturing old values, new values, the user who made the change, and when it happened. This makes it possible to:

  • Pinpoint exactly when an issue started
  • Identify what was changed and by whom
  • Restore to the precise point in time before the problem occurred

For full details on our backup strategy, see Data Backup and Recovery.

Authentication & Access

  • We support Google and Microsoft-based sign-in with two-factor authentication (2FA).
  • Access is role-based, with permissions managed per user.
  • Session timeouts and other policies are in place to prevent unauthorized access.
  • Server access requires SSH key authentication only (password authentication is disabled).

Monitoring & Response

  • We have automated monitoring and alerting in place to catch and respond to issues quickly.
  • Health checks run continuously on all critical services, with automatic restart and recovery.
  • All access and key events are logged and auditable.
  • We maintain an incident response plan and will notify customers promptly in the event of a breach.

Customer Role

Security is a shared responsibility. We encourage customers to:

  • Use strong authentication methods
  • Limit user access appropriately
  • Maintain and review user permissions regularly within the application
  • Review access regularly

Contact & Reporting

To report a potential vulnerability or security concern, contact us at [email protected]. We welcome responsible disclosures and handle them promptly.

Related Articles

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us