As one of the pioneers in Cloud based solutions from back in 1999, there are a few things a Practice partner should consider..
The advantages are spruiked in numerous places, hence in this posting, we will look at some of the potential disadvantages and how these may be addressed.
The Accounting Practice
A Practice needs to be able provide evidence to authorities to justify our accounts and tax claims - possibly years after the fact, satisfy legal requirements to keep records, answer owners questions, satisfy ethical requirements of documentation.
1. Back Up and Restore
The accountant who maintains accounts that (legally) belong to someone else, and now all the data is outside of the control of both the accountant and the client.
a) In the old days, one simply saved a copy of the client accounts in MYOB or whatever, as at the date the end of year or BAS was prepared. One could simply load back the saved file into the accounting program and all was available.
b) In most cloud based systems, there is very little archive or even back up capabilities, and even less ability to restore any of these files to a specific client account.
c) When the client stops paying for the service, what use is a proprietary exported file, that cannot be accessed, anyway?
2. Service Disruptions
All computer systems have a uptime which is not 100%.
a) What is the maximum loss of data (time period) in the case of an service disruption?
b) What is the maintenance schedule.
The ATO recently closed down its entire SBR for over 4 days to do a "update"?
While no-one has any control over the ATO, one should ensure that ones accounting system, and data, is able to be used when one "needs" to..
The ATO recently closed down its entire SBR for over 4 days to do a "update"?
While no-one has any control over the ATO, one should ensure that ones accounting system, and data, is able to be used when one "needs" to..
3. Disaster recovery
When clouds have issues, they tend to affect all of their users.
One could consider the Megaupload case as an extreme example, but can one be sure..
"MYOB General Manager Julian Smith says the data sovereignty issues in this case fall into a “grey area” of US law." The issue is foreign and even our governments will give priority to their own considerations, the users as in this case are "collateral damage"..
a) "Hurricane Katrina created a number of challenges for Gulf Coast businesses, chief among them being data protection. While many companies utilized remote data backup services - or had the foresight to ensure that their backups were completely safe – others were left with submerged computers and no backups".
b) In the last Brisbane floods, several organisations who has stored paper records, and computer backup tapes, in their basements found them destroyed.
4. Service Level Agreements
These Cloud services support your business, so you need to know exactly what you are paying for, and if it is approperate for your operational requirements.
a) Check out if there is an SLA at all?
b) If there is a SLA look to see if they actually pay penalties, when they breach their SLA; always a good litmus test
5. Security.
Saw a recent positing, on one of the major Accounting providers, basically stating that they use SSL, so clients don't need to care about their data or any security! Also this specific positing started with "Our Security Experts" and then left these as anonymous.
a) Any security professional knows security is never equal to "encryption" or in fact any single security mechanism. There is a basic premise around "security in depth".
b) the recent Heartbleed SSL bug, is but one example of how silly,and potentially liable these types of statements are.
The Solution
Ok, so we get the picture, so what can we do about it.
1. Backup and Restore
As one cannot own the accounting software one need to have a non-proprietary format which can be stored under the Practice or Client control. It is preferable that this file can be given to the ATO, if required without change, the second best is the ability to use industry standard products like Excell or any Spreadsheet to provide the required evidence.
Within all VillageMall solutions including Practice Manager, we make use of the international
OECD SAF-T archive formats.
2. The minimum acceptable level, should be the ability to recover, in a stable state, for at least the previous night, some providers will do this on an hours basis.. The "stable state" is particularly important as most cloud based systems are multi-tenanted databases, i.e a single database is service all clients.
3. Disaster Recovery
With the availablity of several enterprise Australian based data centers, and the new APP 8 privacy act requirements, there is simply no reason to take on the risks associated with storing client and practice data outside of Australian jurisdictions. In the case when data needs to be stored outside of Australia to meet geographical independence, then this data should be 100% encrypted in transit and at rest.
Cloud services have lots of upside, so keep smelling the roses, as you find them...
Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.
When clouds have issues, they tend to affect all of their users.
One could consider the Megaupload case as an extreme example, but can one be sure..
"MYOB General Manager Julian Smith says the data sovereignty issues in this case fall into a “grey area” of US law." The issue is foreign and even our governments will give priority to their own considerations, the users as in this case are "collateral damage"..
a) "Hurricane Katrina created a number of challenges for Gulf Coast businesses, chief among them being data protection. While many companies utilized remote data backup services - or had the foresight to ensure that their backups were completely safe – others were left with submerged computers and no backups".
b) In the last Brisbane floods, several organisations who has stored paper records, and computer backup tapes, in their basements found them destroyed.
4. Service Level Agreements
These Cloud services support your business, so you need to know exactly what you are paying for, and if it is approperate for your operational requirements.
a) Check out if there is an SLA at all?
b) If there is a SLA look to see if they actually pay penalties, when they breach their SLA; always a good litmus test
5. Security.
Saw a recent positing, on one of the major Accounting providers, basically stating that they use SSL, so clients don't need to care about their data or any security! Also this specific positing started with "Our Security Experts" and then left these as anonymous.
a) Any security professional knows security is never equal to "encryption" or in fact any single security mechanism. There is a basic premise around "security in depth".
b) the recent Heartbleed SSL bug, is but one example of how silly,and potentially liable these types of statements are.
The Solution
Ok, so we get the picture, so what can we do about it.
1. Backup and Restore
As one cannot own the accounting software one need to have a non-proprietary format which can be stored under the Practice or Client control. It is preferable that this file can be given to the ATO, if required without change, the second best is the ability to use industry standard products like Excell or any Spreadsheet to provide the required evidence.
Within all VillageMall solutions including Practice Manager, we make use of the international
OECD SAF-T archive formats.
2. The minimum acceptable level, should be the ability to recover, in a stable state, for at least the previous night, some providers will do this on an hours basis.. The "stable state" is particularly important as most cloud based systems are multi-tenanted databases, i.e a single database is service all clients.
3. Disaster Recovery
With the availablity of several enterprise Australian based data centers, and the new APP 8 privacy act requirements, there is simply no reason to take on the risks associated with storing client and practice data outside of Australian jurisdictions. In the case when data needs to be stored outside of Australia to meet geographical independence, then this data should be 100% encrypted in transit and at rest.
Cloud services have lots of upside, so keep smelling the roses, as you find them...
Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.