Skip to main content

Artificial Intelligence

June 2017 Firm Management Channel

With the current break-neck pace of software and technology we can often overlook the fact that "the cloud" is really just outsourcing. The term "cloud" is simply a catch-all term for subscription-based services running on someone else's network.

8 Steps to Evaluating Cloud Service Security

By Dave Jones

With the current break-neck pace of software and technology we can often overlook the fact that “the cloud” is really just outsourcing. The term “cloud” is simply a catch-all term for subscription-based services running on someone else’s network. Evaluating the security of such services requires digging in and asking the provider some possibly uncomfortable questions. If you aren’t currently doing this for each cloud opportunity, and thinking through how its failure will impact your firm and your clients, you are simply putting the firm at risk.

As an example, I recently had a Partner forward me some information about a potential cloud service that we could use to help our staff by easing their manual data entry tasks. The idea behind the service was straightforward. Their cloud service would aggregate a client’s transactions and allow the transactions to be bulk downloaded into our chosen software. To accomplish this, we would need to have each client enter their financial institution credentials into this cloud provider’s system.

Our use of a cloud application like this would necessarily mean asking the client to participate. And, even if not actually stated, the fact that we would use it and ask the client to use it, conveys to the client that we “endorse” this software in some way. That means I had to ask the right questions before committing. If we ask our clients to participate in a cloud application, and then down the road that application is breached or found to be low quality, the client will be asking us the hard questions.

These are the questions I always ask any potential cloud vendor:

  1. What is the security of the facility running the servers?
  2. Is client data encrypted? If so, what encryption method is being used?
  3. Is the cloud provider’s internal system segregated from its internet-facing cloud servers?
  4. Does the provider have a security audit they can share with us?
  5. What safeguards do they employ on their web service interface and/or API?
  6. Do they back up their data regularly and perform test restores for proper disaster recovery?
  7. What general data breach and protection policies are in place?
  8. Is client data shared with any third parties?

If you can’t get satisfactory answers to these questions, deciding to do business with such a provider boils down to a decision about how much risk your firm is willing to take on to gain the potential benefits the service will provide. And, if this is an app for doing client work, you will also be passing on that risk on to your clients. That has to be fully understood at the Partner level.

Continue reading ab out the questions to ask potential cloud vendors at


This Month’s Top Firm Management Social Media Posts:

SAMPLE, old one- Do not use. (Need 5.) Is Corporate Tax Planning Ethical? Stuart Jehan via LinkedIn:



Latest Firm Management News:

IBM and Maryland CPAs Partner for Big Data and Artificial Intelligence. IBM will provide advanced cognitive and data skill platform to boost cognitive skills.

Watch for these Key Issues in Partner Agreements. There are many issues that a new equity partner should give thought to and check out upon being promoted to partner.

Armanino Acquires HR and Financial Staffing Firms. Top 25 firm has announced deals to acquire Team Jenn Corp and integrate The Brenner Group to its growing outsourced financed & accounting practice

3 Day Live Enrolled Agent Exam Prep Course to be Held in Reno in August. Course will precede the National Society of Accountants’ annual meeting at the Nugget Casino Resort.



See inside June 2017

June 2017 Payroll Channel

It’s essential for your employees to have time away from work. They need to spend time with their families and follow their interests. And, rested employees will perform better than tired, burned out employees. Your employees value their time, and you ...


June 2017 Accounting & Audit Channel

A SOC 2 attestation focuses on an organization’s controls in areas such as operations and compliance. It is performed in accordance with AT Section 101: Attest Engagements, and this report is generally best suited for financial services, health care ...