In this blog post, we will explore the safety, risks, and benefits of using a cloud-based system for jewelry software. We will also address the concerns that jewelers may have when it comes to cloud-based jewelry software. Are these concerns valid? What is the likelihood of a data breach? How does the backup process work? These are some of the questions that may come up when using a web-based system like PIRO Fusion.
In a way, I understand these fears as I felt something similar when a friend first introduced me to Dropbox. No way I will put my private data in the cloud – was my first reaction.
The short story of PIRO Fusion
When our team started to develop PIRO for the jewelry industry, our choices were very limited. In 2007, cloud computing technology was not an everyday thing. Even Microsoft, who developed its ERP system, Microsoft Navision (later rebranded to Microsoft Dynamics 365), introduced this new hosting model gradually. 2018 was the year when they fully moved their ERP to the cloud.
Knowing the circumstances, it is not a surprise that the first version of PIRO was a desktop-based system. We simply called it PIRO.
However, we began innovating and working on a fully functioning cloud-based version as early as 2015 - and we were ahead of our competitors in this regard. After two years of development, our entire code was rewritten using cloud technology, and PIRO Fusion (the cloud-based version of PIRO) was launched in early 2017.
Initially, the market's reaction was not exceptional. Many jewelry companies were hesitant to store their jewelry data in the cloud.
After just two years, the sentiment has changed. ‘Cloud’ wasn’t just a narrative anymore that big companies pushed, people really started to use many cloud-based applications, and the trust in these systems has evolved immensely.
Today we receive many leads that are specifically looking for a cloud-based jewelry management system. So, the market has validated our actions, and thousands of development hours proved to be a good investment.
By mid-2020, we moved completely over to the cloud and stopped selling on-premise PIRO licenses.
Can you trust PIRO Fusion to hold your data?
Gaining trust in cloud technology doesn’t mean that people know how cloud-based systems work. We are getting fewer questions about PIRO Fusion’s cloud infrastructure and security, but it is still an issue we aim to cover in this blog post. Thus, I will try to cover the most important aspects and questions.
1. Where is PIRO Fusion hosted?
PIRO Fusion is hosted in our private cloud servers located in Manhattan, New York City. All data is primarily stored in our Manhattan data center. It is in a secure location in Manhattan's Financial District, close to the New York Stock Exchange - running essentially on the same intercontinental network as the Exchange.
For European customers, we can provide hosting from Europe if this helps clients to stay GDPR compliant.
2. Why don't you use big cloud hostings providers such as Microsoft Azure or Amazon Web Services?
The PIRO team has all the necessary technical knowledge and infrastructure to operate such cloud servers. On the other hand, Microsoft Azure or Amazon Web Services are quite expensive and it is often impossible to calculate the cost, since they use traffic- and usage-based pricing. Running PIRO Fusion on our private cloud servers helps us to keep the costs low and stable for our clients. This way, we can ensure there is no extra charge if you experience a surge in resource need and traffic; like around the typical holiday seasons.
Furthermore, our private cloud service is just are reliable and scalable as these big service providers.
3. Does PIRO own the data I upload to Fusion?
No, the data is always owned by you. We are just providing the hosting service and technical environment for your data. Although PIRO Fusion customers can’t directly access the databases PIRO is running on, the stored data can be exported at any time. In case of service cancellation, PIRO Fusion customers will receive all their data in an Excel/CSV format (as this is the most convenient format to import into a new system) and can ask us to delete all of their data from our cloud servers immediately. If immediate deletion is not requested, our policy is to keep the data for 90 days before permanent deletion.
4. Is there only one server or multiple servers that run PIRO Fusion instances?
There are many physical servers used to run the PIRO system – these allow for load balancing when needed. Load balancing is a mechanism to optimize serving the users' requests and makes sure the system is not slowing down if a higher volume of users is connected at the same time.
We also keep dedicated servers for Fusion instances and Customer Portals as well, if our clients require dedicated resources. In addition, we use a separate server pool for our API/Integration services to handle communications with external platforms like Shopify, QuickBooks, etc. There is also a separate server pool for dedicated file storage, used by clients who want us to store their files, such as design files and images.
5. Server uptime – what if we can’t access the application?
We took the necessary measures to maximize the server uptime. There is a full application-level, failproof mechanism in place, so that if the primary data center goes down the secondary data center will take over the load.
This mechanism made it possible to maintain on average a 99.8% server uptime in the past years, and most of our customers experienced very limited or no downtime.
6. How do you handle backups? Can I have my own onsite backup?
Our system keeps an exact copy of all the PIRO data in another location, so if anything happens to the primary or secondary data centers, all the data can be restored within hours.
The technical term for this is the disaster recovery process, which ensures not only the safety of the data, but also an almost uninterrupted operation of the PIRO Fusion application for all users. It's important to note that the disaster recovery process is a last resort action, and is only needed if both primary and secondary nodes are down, which is very unlikely to occur.
Backups are made daily, and are completely encrypted before being transferred to the backup location. We keep all backup files for at least 7 days.
Onsite backup is not an option, because true cloud systems work on a specific system architecture that cannot be replicated locally. Even if you have a local backup, you will not have the necessary system architecture to access the data.
Your PIRO Fusion account, which we host, is connected to other servers and databases, such as the API server, Customer Portal server, and licensing server, among others. For the system to function correctly, you will need access to all of these servers and databases.
7. Is the connection between the server and the user secured?
Can the data be compromised while it is being transferred between the cloud database and the application user? The answer is no, because there is a secure SSL connection between the server and the PIRO Fusion application. SSL provides industry-standard protection and the data which is being transferred is also encrypted.
8. How is my data protected from a breach?
As stated above, our databases are not accessible to external parties, which provides a high level of security. That is the first level of data protection. The servers that are hosting PIRO Fusion databases are only accessible for administrative purposes via secure VPN services and only whitelisted IPs can access it.
Saved credit cards are not actually saved in our database, but payment gateways that are PCI compliant.
Our API uses secure authentication so no data can be requested via API without permission.
A data breach can happen only if one of your PIRO Fusion users exports your data and uses it for malicious purposes. However, even they won’t be able to export encrypted sensitive data - and we log any attempts to do so. In other words, they cannot anonymously steal any of your data.
9. Can we run the system offline and sync the data when we are online again?
No, this is not possible. We don’t store any data locally on any device, the data is in the cloud so an internet connection is necessary in order to use the system.
However, we do not think this is an issue nowadays, as an internet connection is available from various sources. If a wired internet connection is not available you can use a Wi-Fi hotspot, mobile data, or Starlink connection to access the system.
This is more like a theoretical issue, as none of our PIRO Fusion customers have had a situation where the lack of internet connection caused difficulties in their operation.
There is no minimum bandwidth you will need to run PIRO Fusion, but a slower internet connection can cause slower data processing.
10. Can I host PIRO Fusion and the database locally?
No, we don’t do this for various reasons. Firstly, on-premise hosting would make it really difficult for us to support and update your system. We release updates and new features quite frequently, and we do it in a branch; all PIRO Fusion accounts are being updated at the same time. An on-premise hosted Fusion instance would be too isolated and out of our reach.
Secondly, we can’t take responsibility for onsite hosted data, and you will lose all that protection you get from us by default. We won’t be able to provide you with any technical assistance in case of server hacking, and we won’t be able to handle your backup and restore processes.
Also, we can’t help you with setting up your in-house infrastructure, configuration, and maintenance, therefore, smooth operation of the system cannot be guaranteed.
11. How can we access our data to link it with 3rd party systems?
You can access your data using the PIRO Rest API. Your developers or our developers can set up an integration using secure API calls. Such integration can allow outside applications to retrieve or insert data into your PIRO Fusion database.
EDI connection is also possible if needed.
Are on-premise systems safer?
Studies show that the acceptance of cloud-based software is quite high in North America, Europe, and Africa (over 70%). They are followed by South America and Asia Pacific with over 60%. Only the Middle East is adopting cloud technology a bit slower – there, only 53% of the companies use cloud-hosted ERP systems.
However, trust in cloud systems is growing overall. Companies understand that running software and storing a database on-premise is not safer, rather, it is just a myth, as most of these on-premise servers still must have access to the internet, either because of a 3rd party software integration, to get updates or to get any support (since support staff usually accesses on-premise servers remotely). If a server is connected to the internet, it is vulnerable to attacks.
Also, an on-premises server requires dedicated IT personnel who supervises the server, maintain its security and updates, and ensure its functionality by providing ongoing maintenance. By using a cloud-based system, this duty and responsibility are on the cloud software provider. You can save server-related hardware costs and the headache of constantly having to update the hardware & software portion.
We, as your hosting provider for your application, ensure that the latest software architecture is used, and I’m highlighting again that no additional cost is charged to you for this.
In terms of server security, cloud providers typically have more resources to invest in security measures, such as firewalls, intrusion detection systems, and encryption.
Taking all this into consideration, using cloud-based jewelry software is more of a win than a risk. I hope this blog post gave you enough technical details to understand all the measures we take to secure our system and your data.
Please, don’t hesitate to schedule a walkthrough if you are interested in upgrading your current jewelry software.