Facing Cyber Security Threats in the Cloud

Whenever I present at conferences, or even when I’m in a conversation with a CPA or accountant, the number one topic on most everyone’s mind is about cloud security.

Ever since we began talking about the cloud, there have been three areas of concern: security, availability and reliability. That’s why I’m not at all surprised that most accountants are still concerned about the security of their firm’s information and, of course, the security of their clients’ data.

A recent article in the Washington Post, “Pentagon to Boost Cybersecurity Force,” caught my attention. The intent is to expand the staffing of the Defense Department’s Cyber Command to protect U.S. computer systems against foreign threats.

The article states:

“The plan calls for the creation of three types of forces under the Cyber Command: “national mission forces” to protect computer systems that undergird electrical grids, power plants and other infrastructure deemed critical to national and economic security; “combat mission forces” to help commanders abroad plan and execute attacks or other offensive operations; and “cyber protection forces” to fortify the Defense Department’s networks.”

This may sound very “James Bond,” but it still is a very viable and real concern, and I’m glad to hear that our government is bolstering its defenses against other nations that want to see us fail.

Accountants should know more about cloud security not only for themselves, but also to pass on the knowledge to their clients. Because not every risk can be completely eliminated in any environment, it is vital that security is on the top of the list for anyone who wants to compute in the cloud.

First, you will want to ensure your providers maintain the highest security available.

Certification along many platforms should be constantly updated as new security measures become part of an up-to-date data center. A recognized and independent auditing standard, such as the AICPA SOC2 certification, must be employed that includes a uniform format for reporting.

It must demonstrate that an organization has participated in an in-depth audit of their objectives and activities that often includes controls over IT processes and financial reporting. When data is hosted or processed by a third party over the Internet, adequate controls and safeguards must be in place.

Second, another security feature is data encryption.

Encryption is simply a means to not allow unauthorized people to see data they shouldn’t see. When a user accesses the cloud, standard security log on requirements are in play. One is a first username and password for an online portal. Another is a second username and password for some applications. This is especially true in accounting where an accounting professional has to access a customer’s financial files.

Third, a reliable cloud server operation will maintain 24/7/365 security staff on-site, and redundancy of all data and data center systems.

While no human security effort is going to be completely foolproof, these measures make cloud computing one of the most reliable and secure forms of doing business. Accountants should understand the ins and outs of security in the cloud, but also know that data is safe, security and always available.

—————————

Robert J. Chandler is president and CEO of Cloud9 Real Time, an accredited Managed Service Provider, application hosting company and licensed Intuit Commercial Host. He is author of the recently published book Together in the Cloud, an informative “How To” guide that offers readers insight into how businesses can implement and utilize cloud technologies in order to bridge the gap between users, applications and IT.