Monday, May 18, 2015

Accountants, FinTech and bitcoin BlockChain


There is a lot of hype, about Bitcoin block chains (especially in the FinTech market), and bitcoin like digital automation replacing accountants, at the moment..

Bitcoin was designed to substitute technology for trust. "What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party" Nakamoto wrote in the original Bitcoin white paper.

A fair bit of BitCoin is the normal "marketing hype", generated by geeks, start ups seeking to raise capital based upon a little know set of crypto, and a promise of something unique and new, or people simply wanting to print money themselves.

Bitcoin like most technologies has a number of advantages and disadvantages, i.e it "cut the suit" to meet a specific purpose, From a technical crypto perspective, bitcoin has some very cool aspects in their various protocols, especially the ECDSA signature usage, which is quite innovative.

Bit of history on digital currencies..
From a security perspective Bitcoin is light years behind technologies which predate it by at least a decade, one such example is Mondex, The lack of any mandatory security within Bitcoin is one of  several reasons exchanges and personal wallets have been relatively easy compromised, and millions perhaps billions of value lost; no one actually knows?

I personally had a play (it was just technology, back in the early days) and left the resultant  mined bitcoins on a hard disc, which has been lost many moons ago, I am sure I was not alone in doing this. Who knew people, would actually trade real value, for a signed blob of bits that simply resulted from generating a hash, all with zero intrinsic value, there is no gold here, its just a bag of bits?

Unlike Mondex, which was independently evaluated and achieved ITSEC level E6 accreditation, there is nothing to justify any claim of security within the various implementations of the bitcoin protocols or even the bitcoin chainblock, it is crypto driven by individuals and groups which want to play in the money printing business.

There is a mantra in the security world "hardware, hardware and then some more hardware"..
No independent security evaluation, no provable security, think snake oil?
One simply cannot make any software only solution, secure, its this basic..

So why did the likes of Mondex simply vanish, and bitcoin seem to f lowish?
Some reasons are related to simple economics, bitcoin allows miners to make money from basically nothing, the whole work factor stuff and consensus is a bit of a security con, more closely related to "junk bonds" than anything else. There are a lot of people who can simply print money; if bitcoin is successful i.e if  BitCoin is accepted as exchange fir items of real value.
Miming and consensus are all about printing money, nothing more..

If one compares Mondex and Bitcoin one sees nothing functionally new or different in bitcoin over Mondex; both support anonymous transactions, both make intensive use of Crypto. Mondex does not need a 20MB blockchain, and growing by the minute, to secure every transaction.  Mondex was a truly decentralized transaction solution (no blockchain), there was no real central control or processing, there was control over money supply, which only effectively exists when bitcoin is transferred to Fiat currencies. This is perhaps one reason why is believed ~80% of the original mined bitcoins have not been spent, they need to move out of the junk bond model, before redeeming the bag of bits. The fundamental difference is that Mondex was "actually secure", also very simple to explain. While the crypto underpinning bitcoin is quite simple, the way this crypto is sold, is close to snake oil.. As a simple example the selected  ECDSA algorithm, is still immature technology compared to what was used in Mondex.

So why did Bitcoin take off, and Mondex disappear from the digital currency market?
A few thoughts:

  • A programmer in their spare time, with almost zero capital, could not create/mine Mondex (money)  and almost zero effort, at least those at the top of the mining pyramid ?
  • Bitcoin is heavily skewed to these original miners, more like a pyramid selling scheme, than a currency, the Gold reference is also a con, to justify this skewed scheme, and provide the early miners a significant monetary advantage which everyone following or participating in bitcoin is paying for (the pyramid).
  • People have been sold a bogus concept, that "crypto" equals security, when nothing could be further from the truth. The whole "crypto" equals "trust" is simply beyond belief, yet this flawed concept underpins bitcoin.
  • Mondex was created by the Banks and hence had has all of the establishment "baggage",there was no room for non banks to play in the "Mondex Money pond" even though it was anonymous, truly distributed, and secure?
  • There was minimal ability within Mondex for "laundering" of money, due to the lack of any anonymous "mining process".
  • No mandatory or even minimal security is required in bitcoin, zero independent security evaluations exist. The need for "real" security was an impediment to Mondex adoption.
  • Bitcoin runs on the same irrational basis as caused millions of people, to up and leave their homes, and families to travel all over the world, to "mine" gold, diamonds and almost everything of value. Mining does not need to be rationalised.. bit like gambling or many other aspects of our society.

Where else, outside of bitcoin, can a computer simply print money and people line up to buy it with a fiat currency or something of real value? There is in fact no need for any human involvement at all? This is a conceptually broken concept.

Anyway, enough of Mondex vs Bitcoin and history.

Lets focus on the good bits from the Bitcoin BlochChain, and what it means for Accountants and FinTech Ledgers generally..

The concept of securing accounting ledgers with BlockChains is not new, many accounting supplies toyed with secure or triple entry accounting back in the late 1990's.. We released our first secure Web Ledger back in 2004. And yes accountants and users alike hated it, as they could not simply delete/alter transactions like they could with all existing SME desktop and can do today with the latest generation cloud accounting systems. How times change..

So what has changed since the 1990'? Today there is a market acceptance for crypto ( right or wrong) and cloud accounting ledgers. The Cloud has become a commercial reality.. Also there is a fair bit of the basic Bitcoin BlockChain that is useful to the next generation secure ledgers, rather than just an dedicated payment system. i.e a Ledger secured by a BlockChain for anything.

So what is required to be fixed in BitCoin to meet a secure ledger application.


  • There needs to be actual security applied to the blockchain, this means there must be at  minimum, some elements that are secure, i.e. a Hardware Security Module(HSM) which protects all critical "secret" elements of the blockchain system. Very basic for overall system integrity and risk management
  • The "printing" of bitcoins must go, the removal of miming also removes a number of the side issues within bitcoin.
  • The consensus process can also go as not relevant, this is a poor mans "trust chain, that can compromised, especially when the mining return trends towards zero. 
  • The centralized and endless growing bitcoin blockchain needs to also become a fully distributed blockchain, which can still be navigated on a global basis as required.
  • A Trusted Third Party, needed to replace the "consensus" and "work factor" elements.

What is the role of the Accountant/Auditor in this new World?
The same as the old world, the Accountant adds "trust" and a lot more trust than  any crypto algorithms does.

To this end, we have added a secure blockchain to our Cognition Cloud Accounting Engine, which is available to all FinTech or other VAR's. Note solving the general secure ledger problem, is  bit simpler than creating a payment system.

The accountant can add "trust" to the blok chain, in the identical manner they do today, in our case they append their audit signature to the blockchain at the appropriate points, reconciliations and year end audits as an example, if required multiparty signatures can also be applied, to suit various applications.

Our  BlockChain is underpinned by a cloud based HSM (similar to Mondex, except in the Cloud), and traditional mature crypto, digitally combined with TTP and Accountant audit processes, The resulting secure Ledger, can be applied to any accounting process.

The future is here today,and can be applied to all accounting applications,
Typical usage:

  • Financial accounting
  • Portfolio management and broker trading
  • SMSF solutions
  • and much more.


Accountants and "Trust" cannot be replaced with cartographic algorithms, and money printing..

We believe, the future for the next generation "Digital Knowledge Accountant" is very rosy, robots and cryptography are not a threat to trusted knowledge workers..

Check out the our next generation public block chain ledgers, and initiative to secure global electonic commerce our Free Bitcoin ECDSA private keys.


The author has no commercial relationship, with Mondex, it is simply a technology that existed within the digital money market place, and one which was technically interesting to the Author, and is still the only one that has a strong security platform which under pins the currency transactions, and had meet  the normal social "trust" requirements.


Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.

Tuesday, March 31, 2015

Digital disruption, the big Bang...

Technology is destined to transform almost every major industry and change the way we live, work, and play in the near future. 

All Australia’s business including  practices do not need to look far into the future to see the new wave of digital disruption headed towards them. It is already here, transforming the way companies and operate and how they engage with their customers. It is estimated at lest one-third of the Australian economy faces imminent and major digital disruption 1.

The same technologies that opens up unprecedented possibilities and the innovations which are changing economies and markets, and reinventing relationships between organisations, suppliers and customers; also have the potential to totally decimate existing markets and businesses.

Digital Disruption is changing society.

Whether you’re delivering goods or services online recruiting new talent via LinkedIn, developing a mobile app or ditching your document retention department, you’re already experiencing the upside of digital technology.

In some ways, today’s innovations – broadband, smartphones, the cloud, the ability to analyse complex data sets, social media and other tools that make it now possible to ‘digitise’ a whole business..

The above is nothing, new... what is new is the "gestation" time.

It took a decade to get rid of typewriters and typists, we pioneered "Cloud" technologies back in 2000, they are just maturing in 2015... the real pace of change has been very slow..

But during 2014 all of this changed, with the likes of Airbnb and Urber..
In the space of 18 months, the whole short term rental market has changed forever, in many cities real estate agents have simply left the market altogether, as they simply cannot compete with a direct to client supply chain, 70% of all real estate in Australia is sold via online channels,  there is an explosion of DIY home sales in the last year, as sellers realise they can reach potential buyers themselves (same shortened supply chain).

Taxi owners, who paid hundreds of thousands for a taxi licence, are seeing them become worthless overnight as customers move to the same direct supply model as airbnb.

How many woman do not buy their cosmetics from strawberry net these days?

But this is just the top of the ice burg...

Not only are supply chains being decimated, but also barriers to entry are crashing down... instead of spending $500k on  a taxi licence, one simply signs up to  Urber and starts making money as a taxi owner?

25 years ago, one could start up a new bricks and mortar company in Silicon Valley in a day.. today one can create a virtual company with world wide reach with almost zero staff..

In the same way as there was a physical infrastructure within Silicon Valley, premises, corporate, suppliers ect, the Cloud offers an almost limitless range of suppliers of almost any service. Need staff simply plug in highly skilled staff from the Phillipines into a modern digital platform, and deliver their services directly to your clients.. All possible to day..

What has this to do with Accounting practices? or any Australian Business?

Your 20+ something year old staff, can now, just like the Urber taxi, start their own practice without any of the traditional bricks and mortar barriers..

As Cloud accounting software. spirals towards zero, same as taxi licences, a whole new world where the next generation "Cloud Accountant" delivers high quality accounting services directly to the client, much like AirBnB.

It's all about shortened supply chains and the low cost mobile delivery platforms, and next generation cloud software solutions.

Given the digital disruption of Urber and AirBnB, it is realistic to ask will traditional accounting practices exist in 18 months?

We believe the future is bright for the "next generation" of Cloud accountants, and that they exist in almost every bricks and mortar firm today..

Check out the next generation Accountants Web Office, the future is here today..








    

       

1. Dellotte 2015..
Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.

Tuesday, February 17, 2015

Who ya gonna call....

What does Ghostbusters theme song, have to do with your Accounting Practice?
Its all about "Trust" Its obvious, if you have a ghost, then the only call is to "Ghost Busters".


As a non-accountant, I find it strange that there is a push to get Accountants to move into the AFSL world, where trust is at a all time low..

In todays global, uncertain world, Accountants should be proud that they have retained the trust of their Clients. There are many reasons for this, but like most things, clients and the general public have long memories, and the typical local accounting Practice has stood the test of time, and maintained a consistent image within their local and national communities.

Going forward, I predict "Trust" will become the single greatest asset any Practice has.


What is professional trust?
Beyond the definitions, professional trust is the confidence that one has in the people and organizations that work and deliver professional service to the extent that one can rely on their work product, opinions, and judgments..


When professional trust is low, we construct and prescribe formal systems and attempt to ensure that we receive a specific behaviour from professionals. There is a general threat of punishment if we don’t achieve the prescribed formality. This is a loss of respectful regard and has the effect of reducing the benefits of professional reliance.
See anything  familiar about this approach?


When professional trust is high, we rely more on those personal professional connections and develop understood ways of working together. Practice aptitudes that involve diligence, pursuit of competence and reasonableness are evident in behavior.


Like most things within a Practice, one needs a set of procedures, policies and culture to ensure that a "trusted" result is always delivered to the client.


Modern Cloud based Practice Management, with embedded quality, and workflow, scheduling systems underpin a modern Practice service delivery, and client experience.


Check out Accountants Web Office, today...
Your future awaits...





Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.

Saturday, February 14, 2015

Are you the "Miley Cyrus" of Accounting Practices?

Miley Cyrus has many talents, but without question she has a talent which allows her  to "stand out"  in the crowded music scene. The question is how does any Accounting practice differentiate its services from the  sea of Accounting Practices..

As the level of automation increases, within Cloud accounting services, and accounting software fees fall towards zero, how do all the practices using QBO(now only  $4.99 per month), or Xero($35 per month), or Cognition(Free) stand out from the Crowd?

The answer is simple, service and just like Miley Cyrus, something that is unique which clients are willing to pay for....

If client finds a number of accountants, all using the same QBO/Xero accounting software, then what is the difference?  Typically this will be in the first instance your fees...

The drivers..
The professional services market within Australia and beyond has changed significantly.
The tax and accounting industry is not only about delivering technical service, but doing so in a consistent and high quality manner. With the market becoming more competitive than ever, clients expect more from their accountants to not only guide their business through the mase of compliance requirements but to take full advantage of the opportunities that come their way. Never before have accountants been in a position to make a real and lasting difference for their clients.

The brave new world creates new business process complexities for many SMEs which many are not equipped to handle alone. When an SME starts selling online, taking credit cards, or streamlining their paperless workflows, they often don’t have the expertise needed to evaluate options and integrate the chunks to create an efficient business system, the explosion of  expensive "add-ons" makes many of these decisions critical to the overall solution.

For accountants who stick to financial statement and tax preparation services, the dramatic improvements in technology will continue to commoditise those services.. Payroll and sales tax service, which today have become not much more than pressing the submit button on the software product, there is simply no margin in these, without significant volumes, which most practices simply don't have.

But?
Only 15% of clients think that their accountants are tech-savvy enough to ask for advice. The rest say their accountants are not keeping current, falling behind, or simply don’t know.

So what do clients really want?
1. help me remain compliant
Most SME clients don’t understand or want to understand all of the complexities of compliance especially with regards to tax,  so they rely on accountants to get it right and they prefer not to have issues with a tax authority, let alone be investigated
2.Save me tax
Most SME's cannot control their income. so this best dollar any business can save, because tax spend doesn’t help one make more money. There are nearly always things one you can do to legally,  only pay the tax due.
3. No surprise bills
This is the number one reason why clients leave their accountant. Always provide your clients with a upfront quote for everything, and if you don’t know how much it will be, give an upper limit of where you will stop. Every SME likes to how much they’re going to have to pay before they make the decision to buy your services.
4. Want be treated well no matter how small I am
Be sure that the right people in your client’s organisation are talking to the right people in your firm.  Its all about relationships, every client likes to feel they’re important, which they are. So treat them as such.

The gaps between what clients want and what accountants are delivering is huge. But then, so are the opportunities for the accounting firms that can separate themselves from the pack.

How does a practice separate themselves from the pack?
The first point is that the typical Accounting Practice, is not a technology expert and never will be, this includes Cloud Accounting Software.
As almost every Practice makes use of Xero or MYOB to various levels, there is simply no point of differentiation with this approach. Additionally as Cloud Technologies become communities, the whole issue of "which" accounting software becomes mute, so being a specialist in any specific software is not going to make any difference.

In fact to many Sole Traders the whole concept that one needs to pay $35+ per month for accounting software is "out-of-this-world", and not in touch with any commercial reality..
In the old days a Sole Trader bought MYOB for $100 full stop... not the current $400 per year.
In reality the current Xero/MYOB does nothing fundamentally different to the old one-off $100 software.

So what is happening here, when did Accountants move to become Software Accounting Resellers?

In fact Freshbooks, have a mantra, that many do not need any accounting software at all, and with 3 times the number of users as Xero, there may be some truth in this.

Most accountants tell us that they would like to spend more of their time providing strategic advice to their clients. But of course, solving logistical and tactical challenges (like client errors and data transfers) gets in the way, and those challenges probably take up the majority of your staff’s time. That’s low-level “value” that any accountant could deliver, and that lack of differentiation is the single greatest threat to your practice’s growth and profitability.


So
Step one, is to remove the practice from any association with Accounting Software fees, this allows the client and practice to focus on the clients requirements, after all this what accountants have traditionally done. The old made new again...
Step two, the value proposition, most client’s value work that makes them or saves them money.  They rarely value compliance reporting.
Step three, run your practice in the same way as you recommend to your clients..
We see practices pushing online accounting software, but running their practices with "Old World practice management solutions, some have not changed in the last 15 years, and many have no workflow or automation capabilities.
How many practices make use of  Modern Cloud based Practice Management Solutions today?
How many practice who push Xero to their clients actually use Xero for their own accounting purposes?
Step four, Cognition, the next generation of Cloud Accounting allows each practice, or even bookkeeper, to develop,  customize and deliver  their very own Cloud Accounting "APP",  allowing a unique client offering to their specific market.. Gone are the days of a one solution fits all. There are some 2 million+ Mobile Apps available for android alone today.

The future is bright for the modern Cloud based Accounting Practice, get on-board today, just like your clients..

Your own unique practice Cloud Accounting App, allows your practice to have the "Miley Cyrus"  differentiator, so your practice does not compete with the "crowd" on price alone..

Ask about our Cognition ISV program,  to deliver your Practice "Miley Cyrus" Cloud Accounting solution today..


Stand out from the Accounting Practice Crowd..
Embrace the "Miley Cyrus" approach, but perhaps skip her "wrecking ball" hit...






Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.

Wednesday, February 11, 2015

Cloud Accounting Due diligence..

Proper due diligence, focuses on identifying the players within the Cloud relationship.
That is, who is actually involved in providing the services and are they the same entity (or entities) that are processing or storing data?
In the case of aggregators, for example, a Cloud user could be dealing with a single entity which itself is provided services by various third parties.


The Add-On Dilemma?
Recently, many Cloud accounting providers, chose to only offer core features. This leads to of the required business functions, are now provided by a range of Add-On providers. You now need to ensure that you perform due diligence on all providers; required to support your operational requirements.

From a contractual and liability perspective, it’s important for the cloud accounting practice and their clients to know whether it has a directly enforceable contract with the key players or whether it is relying on those with whom it does have a contract to enforce relevant provisions.
For example, a review of terms should seek to assess issues such as:
  • The parties in the Cloud stack not just the contracting parties  and their roles, rights and obligations, especially regarding data, its processing, storage location, and ownership;
  • Whether each party has the rights required from other parties in the Cloud stack;
  • The capabilities and liability of other parties in the Cloud stack;
  • Backup/restoring data and disaster recovery plans;
  • Service levels and what happens if the internet is unavailable;
  • Continuous availability of services for business continuity;
  • Treatment of data on termination/insolvency;  
  • What happens in the event of a security breach?, client reporting obligations; and  
  • Issues such as change of control, service levels, service credits, audit rights, compliance with security standards, procedures in the event of a breach, force majeure.
Of course, in terms of risk management, users of Cloud services are to an extent letting go of control over their infrastructure, and software. This element of risk is brought into sharp focus when you consider that providers of IT services often tend to offer their services, without assuming any risk and with an exclusion for all liability where permitted by law. This is reinforced by a reading of some standard disclaimers on Cloud computing sites. It is important that one understands the risks assonated with any decision, Cloud accounting is no different.
If you cannot get answers to all these question then you should consider the Google example below as a typical response for most Cloud providers, and make the appropriate assessment.

Google Apps noted that “... Google and its licensors make no warranty of any kind, whether express, implied, statutory or otherwise, including without limitation warranties of merchantability, fitness for a particular use and/or non-infringement. Google assumes no responsibility for the use of the service(s). Google and its licensors make no representations about any content or information made accessible by or through the service. Google makes no representation that Google (or any third party) will issue updates or enhancements to the service. Google does not warrant that the functions contained in the service will be uninterrupted or error-free.”
Google also has a complex set of corporate relationships where the Australian licenced Google Entity, which in fact may not actually be involved in any Google related activity, typically one can find that one is actually using a foreign Google entity located in Island or Bermuda, rather than the Australian Entity, even if the transaction is totally inside Australian jurisdiction.

Specific Security questions for your cloud providers:

  1. Where is the data hosted, and if outside of Australia is there documented support to meet APP8
  2.  Is all data encrypted in transit, i.e. is it possible to access the site via http:?
  3. Is all data encrypted at rest, on-line and archive (should be a minimum of AES256)
  4. If encryption is used are the keys unique, and under the exclusive control of the Practice
  5. Is there support for Industry standard Multi Factor Authentication(MFA)
  6. Can MFA support be mandated on all outside of Australia logins to support APP8
  7. Does the system support industry standard mandatory password changes, on at least every 60 day basis
  8. Is the system PCI or ISAE3402 certified.

Perform the due diligence, ask the questions, and then assess the Risk vs Benefit..

There is nothing new about Cloud outsourcing, just need to understand the risks for your practice and your PE liability for your clients data, especially the cyber crime related liabilities. The above general questions are designed to assist with this risk assessment.


Disclaimer The contents of this site should not be understood to be accounting, legal or security advice but rather as general educational information that may or may not meet your specific requirements. You are advised to always seek professional advice to meet your specific requirements.

The Cloud ate my data..

Cloud computing can work a bit like Hotel California; you can check your data in OK, but will you ever get it out?

One of the least thought about issues is exactly how does one get data out of the Cloud.
A Practice needs to consider the notion of being locked-in to certain applications or systems,
all Practices' and their clients need to consider the requirements to access data some years into the future for a range of regulatory reasons.

Backup of data may well require the applications which created the data to be available in order to sensibly access it. When was the last time you opened a MYOB-4 archive?
This may be achievable if complete system backups and there exists perpetual licences to applications which allow a user to rebuild a system so as to restore data.  But does this exist in the current Cloud Accounting world?

In a Cloud setting, rebuilding an application years later so as to make data intelligible in most cases is impossible — and yet that is precisely what organisations might have to be able to do in order to remain compliant with data retention laws and regulation. All records, whether electronic or not, should be retained for at least the minimum period stated in any applicable statute or regulation.

In Australia there are more than 80 acts of legislation, regulations and rules specifying document retention requirements applicable to companies under Australian law. Depending on the situation data needs to be accessible for five, seven or 10 years after creation.

If a court orders a company involved in litigation to make available records from six years ago, or during an ATO audit, excuses such as “the Cloud ate my data” simply won’t wash.
 
Such scenarios should be considered at the outset of any relationship, and give rise to questions such as:
  • If service providers change, can the records be usefully accessed?
  • Can I access archived data, years into he future without the service provider?
  • Are there any lock-ins, such as licensing ( i.e. will the application even open the file if there is no current licence) which prevents access to accounting or SMSF data?
  • Does the supplier limit the data that can be exported from their application, and will such limits still allow one to meet any data retention obligations?
  • Can data be extracted on-demand from the Cloud?
  • When will archive data be transferred and what form will it take?
  • What are the obligations on each party regarding an exit plan?

SAF-T The International Audit and Archive Format
In order to address a number of the issues above, we recommend that when considering any Cloud Accounting service, that as a minimum they support the Internationally standardised OECD SAF-T data archive format.
It is preferable that the SAF-T export is available to a client on-demand, but at a minimum that the Practice performs a yearly SAF-T archive.
Due to the scope of data within the SAF-T archive this file "must" always be exported and encrypted at rest. All major Accounting Software, Oracle, SAP, Cognition etc., support SAF-T exports.

SAF-T can be opened, viewed, and utilised, via any industry standard spread sheet program, our accountants typically make use of Excel.




Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.

Tuesday, February 10, 2015

BYOD, Those pesty Mobile devices and your Practice...


What BYOD is and isn’t
BYOD – or Bring Your Own Device – is what happens when your employees, clients or guests use their own personal smart phones and tablets to access your Cloud Practice and Accounting Software. They bring their own mobile apps… security risks… privacy demands…with the intent to connect to your cloud enterprise. And they expect you to make it work, this includes managing any increased Cloud and BYOD risks for them.

Because it’s their own the device, uniformity goes out the window. You’re not handing them preconfigured devices to connect to secure enterprise networks, with work applications preloaded,
and all administrative privileges pre-vetted by your IT staff. And you can expect that these devices take the path of least resistance to connect; whether that’s your secure network using existing credentials or the guest network. BYOD means that hundreds or thousands – or tens of
thousands – of essentially rogue devices are interacting with your and your client organisation’s confidential data…and it means that you need to come up with a plan that protects this privacy and your confidential data and is transparent.

Who’s getting the most of it?
There isn’t an industry – or a corner of the globe – that isn’t putting the mobile revolution to work for them.
Here are a few examples of what they’re doing to accommodate BYOD.

Enterprise
Everyone wants to stay connected to the office now. So enterprises are leveraging authentication methods and policies they currently use for IT-managed laptops, and extending them to personal devices.
Education
Higher education practically invented BYOD. Colleges and universities have had to support student-owned devices for many years and have done an excellent job leveraging BYOD to transform the teaching and learning environment. Now, these same institutions are extending BYOD to faculty and staff.
Retail
Retail spaces are completely transforming as a result of mobile devices. While most of these devices used by staff are issued by IT - such as iPads for mobile point-of-sale (POS) - there is a growing trend to also allow BYOD in stores for certain employees. But the big story for BYOD in retail is for shoppers. Armed with smartphones, shoppers are price checking and reading product reviews while in the store – a Google/Think Mobile survey found that 77% of all smartphone users browse while
shopping. Wi-Fi networks can gather information about shoppers; improving the customer experience with real-time product information and special promotions to establish long-term social media connections.
Accounting
The modern Accounting Practice is moving from using commodity third party accounting software ( MYOB, Xero) to their very "own" mobile APP's.
These APPs are targeted to their specific clients, and exploit the over 3 million Android APPS today.
The practice is part of the ecosystem with their clients, delivering professional services around the clock. The modern Cloud Practice now has a "differentiator" in the market, which now includes sticky clients.
The next "big thing" in this space is the upcoming suite of personalised SMSF APPS, keep a look out in 2015, within this space..

What about the numbers?
"Worldwide combined shipments of devices (PCs, tablets, ultra mobiles and mobile phones) are projected to reach 2.5 billion units in 2014, a 7.6 percent increase from 2013"
"Mobile phones are expected to dominate overall device shipments, with 1.9 billion mobile phones shipped in 2014, a five percent increase from 2013",
according to Gartner, Inc.
What exactly DO you lose if you don’t move to BYOD?
To put it bluntly... your ability to manage risk.
As users increasingly combine work and personal applications on their devices, your management challenges grow more complex – and the chance that confidential data are leaked rises exponentially.
Devices are replaced, and lost or stolen, without IT being informed. Documents are not encrypted, but then stored in personal cloud applications. Jailbroken devices are infected and then connect to the network, which can have a detrimental effect on other users’ data.
Given that application and data security is the top IT concern regarding BYOD, an emerging approach is to combine device and application management within the network access-management solution.
In other words, an integrated approach.

What is the main security issues with most Cloud Solutions today, and BYOD.
With the move from Corporate to Cloud computing, most of the security infrastructure has been thrown away..
Policies which were developed over many years of operational experience has been lost as new entrants driven solely by cost enter the Cloud market.. Many of these companies did not exist 5 years ago..
Simple test, ask yourself the last time your Cloud anything asked you to change your password!
That's right even basic password policies are missing from these services, what else?
Some simple Questions to ask your "Cloud Software Supplier":
  1. Is my data stored within Australia (APP8)?
  2. Is there a mandatory password change policy in force?
  3. Can I optionally use a Multi-Factor-Authentication to protect my access?
  4. Is my data encrypted at rest?
  5. Are any encryption keys securely stored inside a Hardware Security Module (HSM)?
  6. Is there a disaster recovery plan in place for my practice data?
  7. Can any BYOD APP store user passwords?
  8. Can I enforce a One Time Password (OTP) to protect all BYOD access?
  9. Can "I" revoke an individual device access to any of my services, from within my Practice Console 24*7?
If a Practice is using in/out sourcing, we recommend that Multi-factor-authentication is part of the mandatory remote access policy for all services. Simple password remote access control is a significant risk for any practice and client data. As all major mature Cloud service providers such as Google, Amazon, VillageMall etc today offer MFA support, this should not be an issue, and hence is not in the list above, but you need to check just in case..

If you don't receive a satisfactory answer to all of theses questions, then you need to consider the associated risks Before using the service..
BYOD offers a bright future for Cloud Accounting Practices, as part of the next wave delivering unique Professional Accounting services "directly" to their Clients 24*7*365.

But all opportunities have associated Risks, ensure your Practice understands the risks for your Practice and your clients data..

Ask the Questions, until you are satisfied you understand the Risks for your Practice..


Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.