Caution in the Cloud

Over the past several months, I’ve had the chance to assess the issue of computing “in the cloud,” both in terms of the benefits and the drawbacks. So far, the benefits outweigh the drawbacks. But this is a very fluid situation that will require some strong due diligence and more than a little caution. Cloud computing is the idea that we can “rent” space on servers that exists in someone else’s server farm as we need it. Though vaguely similar to the old client/server model of computing that ruled until the advent of the personal computer, the Cloud model of computing allows you to keep both power and storage on your office PCs and servers, but to use the inherent advantages of shared resources to keep your IT costs under control. In today’s economy, that’s a big positive. Today there are four major Cloud applications that have emerged as truly useful in the accounting world. The first and most obvious of these is Software as a Service (SaaS), in which core accounting applications are not stored on your local machine but accessed over the web. Less obvious is the area of Business Processes as a Service (BPaaS), which enables companies to offload some business processes like payroll and billing to a Cloud service – while at the same time converting some variable process costs to fixed monthly costs. A third application is Infrastructure as a Service (IaaS). While this may have less direct bearing on accounting firms, it is useful to keep in mind for times when additional computing power – say, during tax time – might be useful. Finally, there is the use of the Cloud to do automatic backups to secure and redundant storage facilities. This has been a major game-changer for many accounting firms, enabling them to finally find a disaster recovery solution that is painless and makes economic sense. For all of this, there are major concerns about the use of Cloud services by accounting firms, and they are worth noting as you begin to craft your own firm’s strategy for their use. Here are the five top concerns: Data Security. One problem with the Cloud is that your data can be almost anywhere – including on servers in another country. If that country chooses to nationalize the companies that run those servers – or simply decides to seize access to them – your data and that of your clients may be compromised or gone. Inadvertent Seizure. In recent months, the US Department of Homeland Security has also taken on the task of enforcing trademark and copyright violations – by seizing servers they suspect may be involved. In most such cases, they simply seize all the data within that server farm’s domain. So if your data resides on a server also used by someone breaking the law, expect your data to be tied up as evidence until they are done with it. Months or even years. Data Caps. At the same time we are ramping up Cloud services for applications, business processes, computing power and backups, your local Internet Service Provider is busy putting usage limits – called ‘data caps”—on your account. This means that if you are allotted 250 Gb of downloads on your business account, you could easily exceed that number just doing nightly backups. The costs ramp up quickly, and if you exceed your allocated usage limit consistently you may find your access curtailed or even cut off. Denial of Service and hacker attacks. In spite of every effort they may make, major companies are targets of hackers, botnets and other malware. Google and Amazon have been through it. And while I don’t want to point fingers, they are far from alone. If your Cloud service provider is targeted, your business could be sitting and waiting until the attack subsides, even if your data remains secure. Other service interruptions. What happens if the tornado strikes the data center? Or a major flood or fire? Or strikes your ISP’s network between you and the data center? Does the Cloud provider have a redundant site in another location? None of these are sufficient to keep accounting firms from using Cloud services. But in our rush to make optimal use of the cloud, they are red flags that should not be easily set aside. Accounting firms, which are the protectors of their clients’ most valuable data, need to proceed cautiously so as not to put that data at risk.