There are many people that have the perception that the minute their financial data is sent to “The Cloud”, it is vulnerable to hordes of malicious cyber thieves that are continually preying on the financial data of the unsuspecting. This perception is further perpetuated every time there is a story in the media about a company as prominent as Home Depot allowing a breach that compromised financial data for millions of people.
So what is reality? Is anything in the cloud safe? Should a user be concerned about what may happen to their accounting data if they’re using an online program or hosting their software in the cloud?
Part Two-“Is My Data Secure?”
For many accountants/bookkeepers considering whether or not it is time to move their client to an online based program or cloud hosted software, part of their decision making process is based on whether or not they are potentially exposing their client to security issues. For many people, they would prefer to keep the software and files local and use some sort of secure file exchange method.
Ultimately, their consideration should include these three main elements;
Desktop Security/Protection-I am always fascinated when I speak with a user that is asking for extensive information regarding encryption practices, secured transmission of data, and hosting security but cannot tell you if they have an active firewall on their own computer. Equally perplexing, they do not have any sort of desktop password and their computer does not have a scheduled timing for “hibernation” with a required password to log back in. In other words, the security of their computer is at risk in its’ native environment.
Any user that is housing financial data for themselves or their clients should have minimum standards to protect outside users from accessing the desktop or breaching their router from a remote location.
Secure Transmission of Data-When considering a cloud based resource for accounting you must confirm that data is encrypted during the transmission process. (between your computer and the cloud based server) Additionally, you will want to ensure that data is transmitted through a secured channel which is most commonly identified with the “https” In general, a secured channel provides a reasonable guarantee that one is communicating with precisely the website that one intended to communicate with (as opposed to an impostor), as well as ensuring that the contents of communications between the user and site cannot be read or forged by any third party.
Secure Data Storage-The final piece that a user should consider when evaluating a cloud based financial solution is how the data is secured “at rest”. Based on the cloud provider, they will either have their own server facility or contract with a “colocation” vendor that provides not only the required security but also a state of the art facility with the necessary redundancy and power back up to avoid down time.
You can of course request the information regarding the data storage practices for any considered cloud based resource and include that in your evaluation process. If needed, you can sometimes request specific information regarding compliance with regulations such as SOC 1 and SSAE 16 standards.
Security of client financial data should be a primary concern when evaluating whether or not to move to the cloud. The reality is that no matter how many billions of dollars are spent on internet security there will always be the potential for breaches. Then again, there will also always be the possibility of local theft of computer devices that may contain secure information so what is the most secure?
If you are looking for a solution that allows you to continue working on a local accounting file where as previously mentioned, you are in control of your own security practices, you will want to look into Qbox. Although Qbox utilizes the cloud for the synchronization of data between remote shared users, no user has the ability to log into the working file from the cloud. The only transmission of data that takes place is the processing of incremental changes which would provide no value to a potential cyber thief if they were somehow able to hack the encrypted data.
Although no solution is completely “safe”, there are some alternatives that provide a much lower probability of data theft.