Ensuring Data Security: Precanto's Customer Journey

You know the potential of FP&A platforms to drive planning and insights, but you might have a serious concern: How safe is my data? With sensitive information like salaries, headcount, and financial projections at stake, a data breach could mean reputational and financial damage.

At Precanto, we understand that securing your financial and personal data is essential. Our platform integrates security at every stage—from data integration to storage, access management, and ongoing compliance. With SOC2 Type II audits and strict role-based access, we prioritize safeguarding your data so you can focus on your business.

In this blog, you’ll see how Precanto’s security practices adhere to the most rigorous standards.

Integration: Bringing Data into Precanto Securely

End-to-End Encryption from Day One

The moment your data enters Precanto’s system, it’s encrypted both in transit and at rest. We use TLS (Transport Layer Security) for secure data transmission, preventing interception or tampering during transmission to our platform. Once your data is received, it is encrypted at rest using AES-256 encryption—one of the strongest protocols available.

Third-Party Authentication & Secure Access

Integration with tools like Okta, Microsoft 365, and Azure Active Directory lets employees use existing corporate credentials to access Precanto securely, with multi-factor authentication (MFA) for added protection.

This approach minimizes the risk of password-related breaches while streamlining the user experience—your team logs in with credentials they already know and trust, and multi-factor authentication (MFA) ensures an extra layer of protection.

After integration, Precanto secures your data with enterprise-grade infrastructure on AWS and Cloudflare:

• Shared Responsibility: AWS secures physical infrastructure, while Precanto handles data and application security.
• Network Security: Precanto is protected by Cloudflare’s WAF, which protects against DDoS and SQL injection attacks. Namespaced-based tenancies keeping customer data isolated.
• Failover, Backup & Recovery: Multiple availability zones ensure 99.9% uptime SLA. Regular backups enable quick data restoration, minimizing downtime.

This setup provides a secure, scalable environment, ensuring your data’s safety at every level.

Analysis & Role-Based Access Controls (RBAC): Ensuring Secure Access and Data Integrity

Once your data is securely stored, the next step in the journey is analysis—transforming raw data into actionable insights. However, this stage introduces new challenges: sensitive information must remain accessible only to those authorized to see it. At Precanto, Role-Based Access Controls (RBAC) play a crucial role in ensuring data integrity, protecting sensitive fields, and giving your team the insights they need—without compromising security.

How RBAC Safeguards Your Data

Precanto's RBAC framework ensures that the right people have access to the right data. Whether it’s finance teams working on cash flow forecasts or HR managers reviewing salary trends, every user is assigned a specific role with pre-defined access permissions.

• Customizable Roles: You control who can see, edit, or share specific datasets. For example, a CFO may need full access to headcount reports, but individual managers only require visibility into their department’s data.

Fine-Grained Data Permissions for Analysis

Precanto’s platform makes it easy to control access to specific data attributes. For example, in headcount reports, you might choose to expose employee locations but hide individual salary information. By breaking down access at this granular level, you minimize the risk of exposing unnecessary information while still enabling your team to perform the analysis they need.

LLM Hosting: Ensuring Safe Collaboration with External Tools

LLM Hosting on Azure: Securing AI-Powered Insights

Precanto leverages Azure’s enterprise-grade hosting for LLMs (Large Language Models). With the increasing adoption of AI-driven analysis, your data must remain protected, even when processed through these advanced tools. Azure offers several critical layers of protection:

• Data Isolation: Any prompts, completions, or outputs from Azure-hosted LLMs are isolated from other customers’ data. No information leaves your tenancy or is shared with OpenAI or other third-party vendors.
• Privacy Safeguards: Azure ensures that neither your input data nor the AI’s outputs are used to train or improve external AI models. Your data stays private and is never reused to benefit other services.
• Controlled Environment: Azure's LLM infrastructure is isolated from OpenAI’s public API services, meaning there is no interaction with other AI tools that fall outside of Microsoft’s secure environment.

These precautions ensure that even when your financial data interacts with advanced AI models, it remains secure and under your control.

Ongoing Maintenance & Compliance: Staying Secure Over Time

Regular Software Patching and System Updates

Given today’s environment of zero-day exploits, Precanto conducts frequent system updates and security patches to address vulnerabilities in the application and infrastructure as soon as they’re identified. These updates ensure we stay ahead of new threats without compromising platform performance or disrupting your workflows.

• Zero-Downtime Updates: We deploy updates with no downtime, ensuring your access to the platform remains uninterrupted.
• Vulnerability Management: Through Amazon Inspector, we scan for vulnerabilities daily in our code and live deployments, addressing any issues before they can be exploited.

SOC2 Type II Compliance: Precanto's annual SOC2 Type II audit provides independent validation of our security controls, ensuring ongoing effectiveness and fostering trust with enterprise clients by streamlining vendor onboarding.

Custom Hosting & VPN Options: Tailoring Security for Your Needs

Custom Hosting: Your Cloud, Your Rules

For customers with specific hosting preferences, Precanto can deploy the platform on your private cloud infrastructure. We support hosting on AWS, Azure, or Google Cloud, giving you the flexibility to manage your own cloud environment while still benefiting from Precanto’s advanced FP&A capabilities.

• Single-Tenant Architecture: Each customer’s data remains isolated, meaning there is no shared database. This adds an additional layer of security, preventing cross-contamination between tenants.
• Compliance Alignment: Hosting Precanto on your organization’s cloud enables easier compliance with your internal policies and regulatory requirements.

This flexibility allows customers with strict security requirements to maintain complete control over their cloud environment while leveraging Precanto’s platform.

VPN Integrations: Restricting Network Access

Precanto can integrate with your company’s corporate VPN, ensuring that access to your tenant environment is restricted to approved corporate devices and internal networks. 

• Seamless SSO Access through VPNs: Users connecting through the VPN can still log in seamlessly via Single Sign-On (SSO) with Okta, Google Workspace, or Microsoft 365, maintaining convenience without compromising security.

• Network Isolation: Integrating with your VPN effectively seals off your Precanto environment from the public internet, ensuring that only authorized users within your organization can access the platform.

Security at Every Step of the Journey

Data security isn’t just a feature of Precanto—it’s woven into every step of our platform. From the moment your data enters our system through storage, analysis, and beyond, we prioritize protection, control, and compliance. Whether you’re tracking headcount, making predictions, or exploring our AI/ML capabilities, Precanto ensures your information is secure.

Security is not a destination—it’s a journey, and we’re with you every step of the way.

‍

Discover how Precanto transforms your data into actionable financial insights here

‍