Securing the future: Exploring Unit4's information security strategy

from Unit4 Communications March 18, 2025 | 3 min read

In a world where data breaches and cyber threats are constant concerns, organizations must prioritize robust information security measures. During a recent webinar, Erik Marcussen, Deputy CTO at Unit4, provided an in-depth exploration of the company's strategy for information security.

His presentation underscored the critical balance between security, functionality, and compliance while highlighting the shared responsibility model inherent in SaaS environments.

Here's a detailed dive into the key topics covered in the session.

The CIA Triad: The pillars of information security

At the heart of Unit4’s security framework is the CIA Triad, a well-established model that emphasizes Confidentiality, Integrity, and Availability. These three pillars collectively ensure secure and trustworthy systems.

1. Confidentiality

Ensuring that sensitive data is only accessible to authorized individuals begins with robust identity management. Unit4’s identity services integrate seamlessly with customer systems, minimizing risks of unauthorized access.
Encryption plays a vital role in safeguarding data, both in transit and at rest, and is a fundamental principle in privacy-by-design approaches like GDPR compliance.
The "Zero Trust" model, which assumes every access attempt as a potential threat, further strengthens confidentiality by mandating multiple verification layers.

2. Integrity

Data integrity revolves around ensuring that information is accurate and trustworthy. By implementing approval routines, secure automation, and message signing, Unit4 reduces risks of data tampering or corruption.
Access logging and forensic analysis ensure transparency and accountability, crucial for building user trust and addressing inconsistencies promptly.

3. Availability

High availability is a cornerstone of Unit4’s services, with a contractual SLA of 99.8% uptime, translating to minimal downtime for customers.
Measures like redundancy, continuous monitoring, phased rollouts, and automated recovery systems contribute to service resilience.
Regional data centres enhance not only availability but also data residency compliance, ensuring that customer data remains within designated geopolitical zones.

Webinar: Information and Data Security in the Cloud

Watch the recording

AI and automation: Opportunities and risks

The integration of AI technologies into modern cloud solutions as well as security frameworks has introduced both opportunities and challenges.

Enhancing security

AI is used to monitor systems for threats, automate responses, and conduct advanced vulnerability testing. For example, Microsoft Sentinel, integrated into Unit4’s systems, proactively identifies global threats and applies countermeasures.

Risks and regulations

The EU AI Act, a pioneering regulation, sets stringent guidelines for AI deployment, ensuring ethical use and transparency.
Issues like neutrality, bias, and copyright compliance require organizations to exercise caution when adopting AI.
Training employees on the limitations of generative AI models, such as susceptibility to prompt injections, is critical to prevent exploitation.

Shared responsibility in SaaS environments

In Cloud-based systems, security is a partnership between the provider and the customer. Unit4 emphasized:

Customers as data owners: While Unit4 serves as a data processor, customers retain ownership and responsibility for how data is utilized.
Unit4’s commitment: Certified under frameworks like ISO 27001, ISO 27017, ISO 9001 and SOC 2, Unit4 ensures compliance and robust security practices at every stage of the software lifecycle and operations.

Investing in people: The human element of security

Technology alone cannot ensure security. Targeted attacks often exploit human vulnerabilities, making education and training indispensable.

Unit4 conducts regular drills, training sessions, and awareness programs to equip employees and customers to identify and thwart social engineering attempts.

The role of security in innovation

While Unit4 continues to enhance its automation and AI capabilities, the company prioritizes a mindful approach, applying technology only where it delivers real value. Security considerations are embedded from design to deployment, ensuring that innovation doesn’t compromise safety.

Ready to learn more?

This webinar provided an illuminating look into how Unit4 secures its systems while empowering customers to meet their own security responsibilities. You can explore Unit4’s information security strategy and the on-demand recording of this session for comprehensive insights and actionable takeaways here.

You can check out our integrated suite of solutions here, as well as additional resources on information security and AI integration.

Unit4 Communications

More from Unit4 Communications

Streamline T&E processes for confident financial management with Unit4 Travel & Expenses solution

National Insurance Changes: What UK employers need to know in 2025 and how FP&A software can help

Now is the time to start the modernization journey

Four key factors to consider when looking for a new payroll system

Leveraging data and analytics for nonprofit success

How Unit4 FP&A can support demand planning for public sector services

Dresner ranks Unit4 as a #1 vendor for Workforce Planning and Analysis tools for the second year in a row

Nonprofits are embracing SaaS Cloud solutions on the road to digital transformation

How Nonprofits can leapfrog into the future with Cloud technology

Integrating Acquired Companies: The Importance of Consolidated Operations

Request a call-back

Securing the future: Exploring Unit4's information security strategy