Tally offers a comprehensive security framework for authentication, authorisation, integrity, and confidentiality of user data.
Some highlights of the security framework are described below:
Tally.ERP 9 connects to Tally.Net Server using a secure multi-step handshake. The product license and Tally Software Services (TSS) license are validated as part of the handshake.
● Data exchanged between Tally.ERP 9 and Tally.Net Server is compressed and encrypted with an enhanced version of the industry-recognized Triple Data Encryption Algorithm, before the transfer process is initiated.
● Message Digests are used to detect data corruption and alteration during transfer.
● Customer data synchronization between two Tally.ERP 9 systems is controlled by synchronisation configuration. This configuration specifies, the systems that will participate in data exchange, the data that will be exchanged, and role of each participating system.
The users on both systems must authorise the synchronisation configuration before data is exchanged. Post authorisation, data is exchanged only on user request.
● Tally.NET stores encrypted data only to facilitate synchronization. Data is deleted from the Tally.NET Server after synchronisation.
● Tally.ERP 9 has the provision to encrypt and store customer data on disk using TallyVault .
● Customer data handled by Tally.NET Server is encrypted, both in memory and on disk.
● Tally.ERP 9 opens a network port only when the user requests a network service. The port is open only for the duration of data transfer.
● No other system, third party or Tally, can open the network port or initiate data transfer.