Businesses of all kinds are storing content and data and accessing software applications via the global network of computer servers known as the cloud. IT analyst Gartner recently predicted that the total value of cloud-based systems would reach $210 billion a year by 2016.
But just how safe is it to post your financial data to a server that is owned, maintained, and secured by someone else, somewhere else? Well, most of us are happily conducting day-to-day banking over the internet so does security matter to most organizations?
Many studies, such as this one from online accounting technology consultancy Software Advice, have indicated that security is rated as a top concern to companies working or planning to work with cloud-based systems.
So what should a company look for to ensure peace of mind with regards to security concerns when considering a cloud-based accounting system?
In this excerpt from accountingWEB, the author says there are four key questions to ask a cloud-based service provider when making the move to a cloud-based accounting system.
1. What type of protection does your organization use to safeguard my information?
Ideally, a cloud-based provider should offer Extended Validation (EV) SSL encryption technology that ensures the privacy of communications between your browser and the provider’s servers. A cloud-based provider should use 256-bit encryption—the same encryption that the banks use to protect your data—when you connect to its site, application, or server.
Additionally, it should employ firewalls to prevent unauthorized electronic access to its servers and your information.
2. What security measures does your organization take for its data centres?
Cloud-based technology services rely on a network of connected devices to host your information and services. Part of that process often includes the inclusion of servers. Doubtless, the security on each server is important, but the need to physically protect those servers from unauthorized access is also important. After all, what good is virtual security if someone can walk in and take your information off of a server? The company’s production servers should be in highly secured, locked facilities with biometric access controls. The data centres should have guards and video surveillance 24 hours a day/365 days a year. To enter a facility, authorized employees who have undergone background checks should have ID cards, PINs, and finger/hand scans.
3. Do you regularly undergo security audits in compliance with industry standards?
Your cloud technology provider should undergo an SSAE 16 SOC 1 Type II Audit by a leading national CPA firm each year. The comprehensive audit not only validates the virtual security of the company’s IT protocols, but also examines the handling of and access to your information. The items the audit categorizes include:
- A review of the procedures, both manual and automated, by which the company’s transactions are initiated, recorded, processed, and reported from their occurrence to inclusion.
- An audit of accounting records, whether electronic or manual that support information and specific accounts involved in initiating recording, processing, and reporting.
- How the company’s information system captures events and conditions that are significant.
4. How—and how often—do you back up your servers?
Since your data is hosted in the cloud, your firm is relieved of the strain of conducting regular data backups. However, you should ask your cloud technology provider how often it backs up your data. Two words that you should hear in the company’s answers should be “regular” and “redundant.” Continuous backups should be performed so that the provider can recover from a potential disaster quickly and without a disruption in your service. The company should also conduct redundant backups, where your data is stored on protected yet redundant servers housed in a separate yet secure data centre.
Here is a recent article published in The Australian about how the accounting industry is embracing cloud technology.
What concerns do you have, if any, about cloud-based accounting systems? We always look forward to your feedback.