Workday's comprehensive approach to securing access to business data—combined with a unique ability to audit application changes and ongoing SAS-70 level II certification of key design, development and data center processes—make us a trusted partner for improved governance and compliance.

Secure and auditable access to enterprise information

Traditional enterprise applications offer multiple and separate access control systems—one for end users, one for database reporting, one for integrating systems, etc.—that require significant investment in duplicated maintenance while increasing the risk of a security breach. Changes to data are either audited with low level database logs or not at all. On-premise software vendors simply aren't compelled to document and verify all their development and delivery processes.

Workday takes a different approach to solving these problems, delivering a cohesive approach to security that reduces security risk to the enterprise, increases visibility to useful data and eliminates duplicate security schemes.

Embedded security in Workday's solutions

Workday's solutions were designed with robust security in mind. All Workday solutions include:

Secured access at all levels of Workday's solutions. Workday's business services are secured at multiple levels and architected to reduce security risk at all points in the system:

• Secured data center. Workday leases space in top-tier data centers that comply with stringent security standards. Authorization is limited solely to Workday employees that have been approved for access.
  
• Secured network access. All access from both users and external systems is over secure http (SSL 3.0), providing robust security across Workday's solutions.
• Secured applications. No direct database access is allowed. All access through the business logic, either from individual users or external systems, requires either a secure Workday-maintained password or delegated authentication against a central enterprise password. Workday has implemented role-based authorization, making sure only authorized people and systems have access to data.
• Secured database. All attribute values in the database are encrypted with a customer specific key, so no one other than a specifically authorized user can access any data.

Embedded Auditing. Workday tracks all changes to business data at an application level. This means that customers receive useful data, not the low-level database logs found in traditional enterprise application. This application audit information is the basis for audit and compliance reporting found throughout the Workday system.

SAS 70 Type II Certified. All SaaS vendors are required to document and certify their important development and delivery processes. Workday is certified and will continue to certify to SAS 70 Type II. Does your on premise vendor give you this level of insight into and assurance about their development processes?

Explore Workday Technical Foundation

Business Process Framework | User Experience | Integration On-Demand | Security | Development Framework