Serious Security Issues for Accountants, Part 3 – Keeping the Bad Guys Out of Your Online Data | AccountingWEB

Serious Security Issues for Accountants, Part 3 – Keeping the Bad Guys Out of Your Online Data

And yes, almost all of it is online.

True, the personal information stored in your phone, PDA, and laptop is not always online. We do turn these devices off when we’re requested to (well, most of the time). But as for the corporate data (including customer, vendor, and employee data) in our primary data storage location – yes, that hardware is typically and continually connected to the Web. If your service techs, employees, or consultants can get to it without being on-site, then it is online.

So where can we safely store this data? Before everything went online, the safest place was often somewhere within our brick-and-mortar business offices. Most businesses, large and small, still store their own corporate data internally. Imagine a CPA firm storing all its confidential corporate data (including clients’ tax and other financial data) on the servers of the company that provides the tax software. For the most part, that just doesn’t happen.

But wait, there is a major change underway in the way businesses acquire and utilize technology that will impact where the corporate data is stored. Software as a Service (SaaS) is rapidly emerging as clear alternative to the traditional approach to acquiring and using business software. With SaaS both the software and the underlying data are hosted at a remote site. All the client needs is a good Internet connection and a Web browser. Some believe the move to SaaS will turn out to be as important as the advent of personal computers. All business software (accounting, CRM, tax compliance, spreadsheets, etc.) appears to be heading in this direction.

In some cases the benefits of SaaS are turning out to be huge. Lower costs, improved reliability, very significantly improved functionality, ease of access, and improved security are some of these benefits. Yes, improved security is a benefit of hosted solutions.

So why wouldn’t a small or midsize business simply hire a provider to host its software and data? Following are the concerns we frequently hear from participants:

  1. I’m not sure the hosting entity will be careful about keeping my data safe from physical loss. Do you really think you have a better backup system than a well-established data hosting vendor does? Think again.
  2. I’m concerned that the hosting entity might mine my data. I am under a legal requirement to keep this stuff confidential. You should read the hosting agreements, they strictly prohibit this behavior. This is just not going to happen. It would be suicide for a tax software company to, for example, use a CPA firm’s client data for any reason.
  3. I’m concerned about cost. There’s very little chance that hosting will cost more than your current in-house systems. Remember to compute TCO. How much is all that remote access setup and management costing you? Those costs disappear when you use hosted solutions.
  4. Performance won’t be as good. Sure, this can be an issue – but only if you adopt an outsourced solution that requires large amounts of data to be moved back and forth on a continual basis. Most SaaS solutions have solved this problem, even for companies and firms with less-than-stellar bandwidth to the WAN.
  5. What about fault tolerance? What happens when the hosting entity goes down? Fault tolerance – don’t you just love that term? The answer is simple: If the hosting entity goes down, you can’t work. But how is that so different from what happens when your current system goes down? Presuming you have redundant Internet, what is the likelihood of your host going down for an extended period versus that of you going down for an extended period? The SaaS vendor wins, hands down. There is no way your system can have a lower risk of failure. That’s your vendor’s business, and its future depends on it. The few glitches we have seen to date (remember the brief Lacerte issue last year?) have been just bumps along the road to where we are today.

This brief posting has only scratched the surface by revealing one of the benefits of having an outside expert host your primary applications (including the underlying data). That benefit is improved security. For most, the real driving forces behind SaaS are improved functionality, ease of use, and cost savings. However, it is important to recognize this significant opportunity to improve the security of your corporate data by putting it in the hands of people who protect it for a living.

Get ready. The SaaS train is coming, and you are going to enjoy the ride.

William C. Fleenor, CPA.CITP, Ph.D.
Shareholder, K2 Enterprises, LLC

This blog

by The K2 Team - Look here for anything that involves technology and accounting. K2 Enterprises is the largest supplier of technology CPE (Continuing Professional Education) for CPAs, CGAs and CAs in North America. The K2 team routinely reviews software and hardware products from all major publishers and teaches accountants how to use these tools effectively. The entire K2 team has 10+ years of experience, many with 30+ years of technology and accounting experience.

More from this blog

Bloggers crew

Steve Knowles has spent 25 years in business and practice in the UK, but he also worked in the states and the years haven't dulled his way of seeing an alternative view to everyone else, and every day is a new adventure.


Joel M. Ungar, CPA is a lifelong resident of the Detroit area and a graduate of The University of Michigan. He is a principal with Silberstein Ungar, PLLC, a Top 15 auditor of SEC public reporting companies.


Allan Boress, CPA, with over 25 years as a practitioner and consultant to the accounting profession. Mr. Boress is the author of 12 published books in 6 different languages, including a best-seller, The "I-Hate-Selling" Book.


Larry Perry, CPA, CPA Firm Support Services, LLC, is the author of accounting and auditing manuals, author and presenter of live staff training seminars, and author of webcast and self-study CPE programs. He blogs about small audits, reviews, and compilations.

Sandra Wiley, COO and Shareholder, is ranked by Accounting Today as one of the 100 Most Influential People in Accounting as a result of her prominent role as an industry expert on HR and training as well as influence as a management and planning consultant. She is also a founding member of The CPA Consultant's Alliance. Sandra is a certified Kolbe™ trainer who advises firms on building balanced teams, managing employee conflict and hiring staff.

Maria Calabrese, CIR, Human Resources manager for Fazio, Mannuzza, Roche, Tankel, LaPilusa, LLC in Cranford, New Jersey, Maria's topics revolve around the world of: Mentoring, Performance management, and The "Y Generation," a.k.a. "The whY generation".


William Brighenti is a CPA, Certified QuickBooks ProAdvisor, and Certified [Business] Valuation Analyst, operating an accounting, tax, and QuickBooks consulting firm in Hartford, Connecticut, Accountants CPA Hartford.


Ken Garen, CPA, is the co-founder and President of Universal Business Computing Company (, a software development firm of high-volume, high-productivity accounting and payroll technology.


Eva Rosenberg, MBA, EA, is the publisher of, and author of the weekly syndicated Ask TaxMama column. She provides answers to tax questions from taxpayers and tax professionals worldwide.


Amy Vetter, CPA, CITP is the CPA Programs Leader for Intacct Corporation responsible for leading the CPA/BPO Partners nationally.

Brian Strahle is the owner of LEVERAGE SALT, LLC where he provides state and local tax technical services to accounting firms, law firms and tax research organizations across the United States. He also writes a weekly column in Tax Analysts State tax Notes entitled, "The SALT Effect." For more info, visit his website:
Scott H. Cytron, ABC, is president of Cytron and Company, known for helping companies and organizations improve their bottom line through a hybrid of strategic public relations, communications, marketing programs and top-notch client service. An accredited consultant, Scott works with companies, organizations and individuals in professional services (accounting, finance, medical, legal, engineering), high-tech and B2B/B2C product/service sales.

Rita Keller is a nationally known CPA firm management consultant, speaker, author, mentor and blogger. She has over 30 years hands-on experience in CPA firm management, marketing, technology and administrative operations.

Stacy Kildal is the mom of two fantastic kids, an Advanced Certified QuickBooks ProAdvisor, Certified Enterprise Solutions ProAdvisor, Sleeter Group Certified Consultant, a nationally recognized member of the Intuit Trainer and Writer Network, and co-host of RadioFree QuickBooks.
Michael Alter's blog specializes in providing practical advice to those who seek greater profitability and practice management tactics that enhance deeper client relationships.

Sally Glick, CMO, Principal, Marketer of the Year in 2003 and AAM Hall of Famer in 2007, leads a lively discussion of the constantly expanding roles of marketing and the professional marketers that drive this initiative in accounting firms of all sizes.


The IMA Young Professionals Blog features the insights of IMA’s Young Professionals Committee. Committee members share advice and experiences on careers, continuing education, work/life balance, and other issues affecting young accounting and finance professionals.


FEI Financial Reporting Blog provides highlights from SEC, PCAOB, FASB, IASB, and other regulatory news, including reporting under Sarbanes-Oxley Sect 404. It is written by Edith Orenstein, Director of Technical Policy Analysis at FEI.


Sue Anderson has 30 years of experience in continuing education for accountants. Currently she is the program director for online CPE provider CPE Link.


Jim Fahey is COO of Apple Growth Partners, a regional CPA firm in Ohio. His focus is on the effective and efficient use of technology within the firm by all team members.

Caleb Newquist is the Editor-in-Chief of Sift Media US, overseeing content for both AccountingWEB and Going Concern.

Leita Hart-Fanta, CPA, CGFM, and CGAP is the author of "The Yellow Book Interpreted" and owner of a website devoted to training for governmental auditors.


AccountingWEB is more than just a U.S. team of journalists and financial and technology experts - we have an international side, too! Members of our British team who publish share their ideas, insights, and perspectives from across the pond.