Is My Data Safe In The Cloud?
The accounting industry’s interest in cloud services — from online bookkeeping to full-featured accounting software — shows no signs of slowing down. Intuit’s e-book “The Appification of Small Business,” forecasts 78 percent of small businesses will be fully cloud operational by 2020.
The cloud is a collection of securely networked physical servers where customers upload and store data that can be accessed from anywhere. Cloud security protects against unauthorized access to data.
Millions of people (or in Google’s case, one billion) use Gmail, Flickr, Apple’s iCloud, and Microsoft OneNote every day. These services rely on the cloud to make sure you can access your pictures, email, to-do lists, and more from your internet-connected device. Cloud security ensures privacy in your daily life.
The convenience of the cloud is often measured against security, privacy and reliability. Here are some common questions about the cloud and information so you can determine the best solution for your business.
Where is my data stored?
You might picture cloud data floating somewhere in the atmosphere waiting for an app or platform to call it into use. The reality is less entertaining but much more secure. Cloud security protects physical devices created to house information while keeping it accessible at a moment’s notice. These data storage servers are lined up in large rooms or warehouses, connected to you via the internet.
Vendors often spread their servers across state lines, and in some cases, continents, so data does not reside in a single place.
When choosing a cloud provider, ensure your data storage will remain in compliance with financial industry rules and regulations.
How is my data protected?
Cloud vendors employ several techniques to keep your data safe. Copies of all your data files are typically stored in more than one geographic location so customers can maintain reliable access in the event of a fire, flood, or natural disaster that impacts a building full of servers.
Vendors like Amazon Web Services, Google and Windows Azure have government and business certifications and business processes that ensure cloud storage and security practices meet strict regulation and compliance standards.
The American Institute of Certified Public Accountants (AICPA), for example, created a set of international service organization-reporting standards known as SSAE 16 and ISAE 3402 to protect data in the cloud.
Organizations entrusted with their customers’ sensitive financial information have no margin for error and are required by law to protect data as fiercely as the banking industry.
What can I do to keep my cloud data safe?
Cloud service vendors go to great lengths to keep data safe (Google data centers tout laser beam intrusion monitors and biometrics as just some of their security measures) but you have an important role in the process, too.
According to a white paper by SkyHigh Networks, 89.6 percent of organizations experience at least one insider threat incident each month. This can be due to malicious activity, but usually consists of events where sensitive information goes to the wrong people.
Consider implementing a policy that requires users to change their password at regular intervals and employing platform tools that automatically log workers out of your system when not in use. Military-grade encryption, restrictive user permission levels and regular backups add additional levels of security to data stored in the cloud.
Cloud accounting data is at its most vulnerable when moving between storage servers and your computer or application. Cloud storage providers encrypt the data while it’s traveling back and forth by encoding it in ways that make it unreadable unless the recipient system has the key that unlocks the code. Most modern cloud-based platforms have decryption features built right into the platform.
Multi-factor authentication is a proven method of protecting customer data that requires users to verify their identity in more than one way to prevent unauthorized system access. It’s often as simple as setting the system to automatically trigger a verification email or text when they attempt to login.
Using activity and online activity monitoring tools can show you who’s accessing your system and what they’re doing once they get there. Vigilant monitoring will help quickly identify and troubleshoot security issues when they arise.
For an extra coat of armor against unauthorized intrusion, consider anti-malware tools. Many cloud-based platforms already include these features and they are also available for purchase from companies that specialize in data security.
Is cloud storage reliable?
Microsoft reports that 75 percent of business professionals it surveyed experienced better service availability after moving to the cloud. Cloud security and reliability is a concern for accounting firms, and one of the cloud’s biggest selling points in a crowded industry where reputation means everything.
What legal issues do I need to know about?
When you’re ready to move to the cloud, there are a couple of legal issues to keep in mind. The AICPA reminds accountants they are legally and ethically bound to protect their clients’ sensitive and confidential information. It recommends that accounting firms take care when selecting a cloud services vendor and writing a clause directly into the service contract requiring the vendor to “assume responsibility and legal liability for confidentiality of data.”
Forensic accountants have additional legal implications to consider due to the nature of their responsibilities to the judicial system.
What are some trends and best practices?
A Kforce survey of U.S. accounting organizations found 28 percent of respondents already invest in cloud services for financial applications and 20 percent are considering adopting it in the future.
Trey James, chief executive of cloud hosting service Xcentric told Accountingweb a few best practices for cloud storage:
- Be wary of malware. Clicking on links or opening attachments within emails from people you don’t know can lead to a data breach.
- Change your passwords frequently and don’t reuse passwords on multiple sites.
- Ask questions of your cloud service provider. Don’t hesitate to dig into information regarding security audits and regulations, off-site backups, physical security practices and two-factor authentication.
Source: Quickbooks
[WPSM_AC id=5125]