Is your data safer in the cloud or in your office closet?

Sift Media
Share this content

Not a day goes by that I don’t see an article about cloud computing scroll through my Twitter feed or email client. It is certainly the topic du jour in our industry and most others. While the CPA world is still getting to know what the cloud is all about, there are some perceptions that are just that - more opinion than fact.

The one perception that sticks out the most to me is that data is more secure in one’s own office than that dangerous place called the World Wide Web. Really? Let’s think about this. Those people or firms that have a technology infrastructure that is safer than a Tier 1 to Tier 4 data center are in the minority. Reputable service providers utilizing the cloud will use an infrastructure that utilizes a data center – people and organizations that are in the business of network security. CPA’s are in the business to provide audit, tax and accounting. This is not to say your technology staff is not competent to protect your data, it means they can only do so much when you only give them the spare broom closet down the hall that has no separate ventilation system and has no lock on the door. Instead of spending so much time worrying about the web threats, think about the ones locally that are probably more apt to occur.

In my 20+ years in the industry, I’ve heard my share of horror stories and worked with enough peers in the industry to know they are real events, such as:
- Having laptops in the office disappear and come to realize that they were stolen by the building security guard (who had a key to every locked office in the building.)
- Cleaning staff in the office that used company PC’s at night because users never locked their workstations (CTRL+ALT+DEL.)
- Staff member that left their PC in the parked car with the sunroof open (it was a hot day, off course the sunroof was open) and surprisingly the computer was gone after they came back a few minutes later from an errand. Do you have your machines encrypted?
- USB memory sticks, which are on the decline with ubiquitous Internet access, floating around your office with no accountability for quantity or allowed access. Your entire network full of client data could easily fit on a couple memory sticks and walk away with the help of a disgruntled employee without you ever knowing. Do you have endpoint protection?
- Recently saw a newspaper story where an individual, dressed in a nice suit and carrying a briefcase, was caught on security cameras walking past the receptionist in an office, stealing a laptop and walking right out without question. A simple inquiry “May I help you with something sir?” might have stopped this theft.

Would these things ever happen in a data center? Doubt it. Check the providers SAS 70 audit. Of course, you would have to go through a retinal eye scan first to get in there, if you are on the “list” that is…remember, this is just my opinion!


Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.