"But where are my data really? Is it risky to put everything in the Cloud?"
It's a question I often get during my discussions with executives and financial managers. It is a legitimate query: your ERP is the beating heart of your company. Entrusting this heart to a third party, even if their name is Microsoft, requires concrete proof.
I therefore decided to write this article to pop the hood of the machine and show you the colossal infrastructure that protects your data every second in the Microsoft Dynamics 365 Business Central SaaS environment.
An invisible but omnipresent fortress
When you switch to Business Central Online, you are not just renting software, you are accessing one of the most secure networks in the world. Microsoft invests over a billion dollars a year in cybersecurity, and this translates into three fundamental pillars:
- Total isolation: Contrary to popular belief, your data is not mixed with that of others. Each client benefits from perfect logical isolation thanks to a Multi-tenancy architecture [1].
- The digital vault: Your information is protected by [Linkurl]https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/security/transparent-data-encryption[Lintext]end-to-end encryption[linkend] [2]. Whether "at rest" on disks or flowing to your computer, it is unreadable to anyone attempting to intercept it.
- The safety net: To err is human, disasters are possible, but data loss is avoided. Microsoft ensures resilience in the face of disaster thanks to continuous backups [3] and geographic replication.
The Microsoft Investment
And if you are wondering if this effort is sustainable, the numbers speak for themselves:
- 20 billion dollars: This is the amount Microsoft is investing over 5 years (plan committed until 2026 [4]) to accelerate the development of advanced security solutions.
- 34,000 full-time engineers: This is not a small department; it is an army of specialists dedicated exclusively to cybersecurity and the "Secure Future Initiative" (SFI) [5] to ensure that every product is "secure by design".
- 80 billion dollars in 2025: Microsoft announced a [Linkurl]https://www.informatiquenews.fr/microsoft-un-investissement-massif-de-80-milliards-de-dollars-dans-linfrastructure-ia-102430?hl=fr-FR[Lintext]massive investment plan[linkend] [6] in data center infrastructure and AI for fiscal year 2025, guaranteeing computing power capable of detecting threats in real time.
The power of real-time analysis
The protection level of Business Central SaaS relies on an analysis capacity that no local infrastructure can match:
- 100 trillion signals per day: Thanks to its global ecosystem (SFI) [5](Windows, Office, Azure), Microsoft analyzes 100 trillion security signals every day to anticipate attacks before they reach you.
- 5 billion emails filtered daily: Every day, protection systems block billions of phishing attempts and malware [7].
- 97% of identity attacks blocked: The 2025 report highlights that if basic guidelines (like MFA) are followed, almost all "password spray" attacks fail [7].
The technical point: Sovereignty and Integrity
For those who want to go further into the technique, it is crucial to understand how integrity is maintained. Business Central SaaS relies on Azure SQL technology, using the Transparent Data Encryption (TDE) [8] mechanism.
Concretely, this means encryption keys are managed with military rigor, often via Hardware Security Modules (HSM) [9]. Furthermore, for our European clients, sovereignty is respected: your data is stored in data centers specific to the chosen region, strictly complying with GDPR and ISO 27001 certifications. You can consult all compliance evidence on the Service Trust Portal [10].
Security is a shared responsibility
This is the most important point: security is a team effort. If Microsoft secures the vault, it is up to you to manage who has the keys. Here is how we lock access together:
- Identity (MFA): The first rampart. By activating multi-factor authentication [11], you block 99.9% of account hacking attempts.
- Access control (RBAC): In Business Central, each user only accesses what they need thanks to rights and permission management [12]. A buyer does not need to see employee salaries.
- Conditional access: You can decide that Business Central is only accessible from France, or only on computers registered by the company, thus strengthening perimeter security [13].
The expert's "rant"
I'll let you in on a secret: I curse systematically every time I have to pull out my phone to retrieve my OTP code during a connection to production environments. Those who know me know I am not naturally a complainer (well, almost), but this little daily friction is my way of overwhelming those who exploit security flaws. It is the price to pay to protect our clients' digital heritage. In a perfect world, we wouldn't need these barriers, but until that day, every code entered is a victory against malice.
Conclusion
Switching to Business Central in SaaS means treating yourself to a team of thousands of cybersecurity experts watching over your data 24/7. For an SMB, achieving such a level of protection internally would be financially and technically impossible. The question is therefore no longer "Is it secure?", but "How do I configure my access to get the most out of it?".