Securing the future: Exploring Unit4's information security strategy
In a world where data breaches and cyber threats are constant concerns, organizations must prioritize robust information security measures. During a recent webinar, Erik Marcussen, Deputy CTO at Unit4, provided an in-depth exploration of the company's strategy for information security.
His presentation underscored the critical balance between security, functionality, and compliance while highlighting the shared responsibility model inherent in SaaS environments.

Here's a detailed dive into the key topics covered in the session.
The CIA Triad: The pillars of information security
At the heart of Unit4’s security framework is the CIA Triad, a well-established model that emphasizes Confidentiality, Integrity, and Availability. These three pillars collectively ensure secure and trustworthy systems.
1. Confidentiality
- Ensuring that sensitive data is only accessible to authorized individuals begins with robust identity management. Unit4’s identity services integrate seamlessly with customer systems, minimizing risks of unauthorized access.
- Encryption plays a vital role in safeguarding data, both in transit and at rest, and is a fundamental principle in privacy-by-design approaches like GDPR compliance.
- The "Zero Trust" model, which assumes every access attempt as a potential threat, further strengthens confidentiality by mandating multiple verification layers.
2. Integrity
- Data integrity revolves around ensuring that information is accurate and trustworthy. By implementing approval routines, secure automation, and message signing, Unit4 reduces risks of data tampering or corruption.
- Access logging and forensic analysis ensure transparency and accountability, crucial for building user trust and addressing inconsistencies promptly.
3. Availability
- High availability is a cornerstone of Unit4’s services, with a contractual SLA of 99.8% uptime, translating to minimal downtime for customers.
- Measures like redundancy, continuous monitoring, phased rollouts, and automated recovery systems contribute to service resilience.
- Regional data centres enhance not only availability but also data residency compliance, ensuring that customer data remains within designated geopolitical zones.
AI and automation: Opportunities and risks
The integration of AI technologies into modern cloud solutions as well as security frameworks has introduced both opportunities and challenges.
Enhancing security
AI is used to monitor systems for threats, automate responses, and conduct advanced vulnerability testing. For example, Microsoft Sentinel, integrated into Unit4’s systems, proactively identifies global threats and applies countermeasures.
Risks and regulations
- The EU AI Act, a pioneering regulation, sets stringent guidelines for AI deployment, ensuring ethical use and transparency.
- Issues like neutrality, bias, and copyright compliance require organizations to exercise caution when adopting AI.
- Training employees on the limitations of generative AI models, such as susceptibility to prompt injections, is critical to prevent exploitation.
Shared responsibility in SaaS environments
In Cloud-based systems, security is a partnership between the provider and the customer. Unit4 emphasized:
- Customers as data owners: While Unit4 serves as a data processor, customers retain ownership and responsibility for how data is utilized.
- Unit4’s commitment: Certified under frameworks like ISO 27001, ISO 27017, ISO 9001 and SOC 2, Unit4 ensures compliance and robust security practices at every stage of the software lifecycle and operations.
Investing in people: The human element of security
Technology alone cannot ensure security. Targeted attacks often exploit human vulnerabilities, making education and training indispensable.
- Unit4 conducts regular drills, training sessions, and awareness programs to equip employees and customers to identify and thwart social engineering attempts.
The role of security in innovation
While Unit4 continues to enhance its automation and AI capabilities, the company prioritizes a mindful approach, applying technology only where it delivers real value. Security considerations are embedded from design to deployment, ensuring that innovation doesn’t compromise safety.
Ready to learn more?
This webinar provided an illuminating look into how Unit4 secures its systems while empowering customers to meet their own security responsibilities. You can explore Unit4’s information security strategy and the on-demand recording of this session for comprehensive insights and actionable takeaways here.
You can check out our integrated suite of solutions here, as well as additional resources on information security and AI integration.
Sign up to see more like this
Popular blogs
May 12, 2026 6 min read
Dresner ranks Unit4 as a #1 vendor for Workforce Planning and Analysis tools for the third year in a row
Read more
January 20, 2026 4 min read
FP&A in 2026: Future Trends Shaping Financial Planning and Analysis
Read more
April 28, 2026 10 min read
Procurement Trends 2026: Cost Savings, Talent Enhancement & Digital Automation
Read more
March 12, 2026 3 min read
Planning, budgeting and forecasting in 2026: why organizations must rethink their approach to financial planning and analysis
Read more
January 22, 2026 5 min read
2026 CFO Insights: Build agility and cement growth for the future with digital data-focused tools
Read more
February 10, 2026 4 min read
Unlocking Financial Automation: How the Unit4 Financials by Coda Extension Kit is Transforming Financial Management & Accounting Operations
Read more
January 27, 2026 4 min read
Harnessing Intelligent ERP to Accelerate Impact: EGPAF’s Digital Leap Forward
Read more
Don't miss the latest Unit4 blogs
Sign up for industry insights & exclusive content