Serious Security Issues for Accountants, Part 3 – Keeping the Bad Guys Out of Your Online Data
True, the personal information stored in your phone, PDA, and laptop is not always online. We do turn these devices off when we’re requested to (well, most of the time). But as for the corporate data (including customer, vendor, and employee data) in our primary data storage location – yes, that hardware is typically and continually connected to the Web. If your service techs, employees, or consultants can get to it without being on-site, then it is online.
So where can we safely store this data? Before everything went online, the safest place was often somewhere within our brick-and-mortar business offices. Most businesses, large and small, still store their own corporate data internally. Imagine a CPA firm storing all its confidential corporate data (including clients’ tax and other financial data) on the servers of the company that provides the tax software. For the most part, that just doesn’t happen.
But wait, there is a major change underway in the way businesses acquire and utilize technology that will impact where the corporate data is stored. Software as a Service (SaaS) is rapidly emerging as clear alternative to the traditional approach to acquiring and using business software. With SaaS both the software and the underlying data are hosted at a remote site. All the client needs is a good Internet connection and a Web browser. Some believe the move to SaaS will turn out to be as important as the advent of personal computers. All business software (accounting, CRM, tax compliance, spreadsheets, etc.) appears to be heading in this direction.
In some cases the benefits of SaaS are turning out to be huge. Lower costs, improved reliability, very significantly improved functionality, ease of access, and improved security are some of these benefits. Yes, improved security is a benefit of hosted solutions.
So why wouldn’t a small or midsize business simply hire a provider to host its software and data? Following are the concerns we frequently hear from participants:
- I’m not sure the hosting entity will be careful about keeping my data safe from physical loss. Do you really think you have a better backup system than a well-established data hosting vendor does? Think again.
- I’m concerned that the hosting entity might mine my data. I am under a legal requirement to keep this stuff confidential. You should read the hosting agreements, they strictly prohibit this behavior. This is just not going to happen. It would be suicide for a tax software company to, for example, use a CPA firm’s client data for any reason.
- I’m concerned about cost. There’s very little chance that hosting will cost more than your current in-house systems. Remember to compute TCO. How much is all that remote access setup and management costing you? Those costs disappear when you use hosted solutions.
- Performance won’t be as good. Sure, this can be an issue – but only if you adopt an outsourced solution that requires large amounts of data to be moved back and forth on a continual basis. Most SaaS solutions have solved this problem, even for companies and firms with less-than-stellar bandwidth to the WAN.
- What about fault tolerance? What happens when the hosting entity goes down? Fault tolerance – don’t you just love that term? The answer is simple: If the hosting entity goes down, you can’t work. But how is that so different from what happens when your current system goes down? Presuming you have redundant Internet, what is the likelihood of your host going down for an extended period versus that of you going down for an extended period? The SaaS vendor wins, hands down. There is no way your system can have a lower risk of failure. That’s your vendor’s business, and its future depends on it. The few glitches we have seen to date (remember the brief Lacerte issue last year?) have been just bumps along the road to where we are today.
This brief posting has only scratched the surface by revealing one of the benefits of having an outside expert host your primary applications (including the underlying data). That benefit is improved security. For most, the real driving forces behind SaaS are improved functionality, ease of use, and cost savings. However, it is important to recognize this significant opportunity to improve the security of your corporate data by putting it in the hands of people who protect it for a living.
Get ready. The SaaS train is coming, and you are going to enjoy the ride.
William C. Fleenor, CPA.CITP, Ph.D.
Shareholder, K2 Enterprises, LLC