The accounting industry’s interest in cloud services — from online bookkeeping to full-featured accounting software — shows no signs of slowing down. Intuit’s e-book “The Appification of Small Business,” forecasts 78 percent of small businesses will be fully cloud operational by 2020.
The cloud is a collection of securely networked physical servers where customers upload and store data that can be accessed from anywhere. Cloud security protects against unauthorized access to data.
Millions of people (or in Google’s case, one billion) use Gmail, Flickr, Apple’s iCloud, and Microsoft OneNote every day. These services rely on the cloud to make sure you can access your pictures, email, to-do lists, and more from your internet-connected device. Cloud security ensures privacy in your daily life.
The convenience of the cloud is often measured against security, privacy and reliability. Here are some common questions about the cloud and information so you can determine the best solution for your business.
Where is my data stored?
You might picture cloud data floating somewhere in the atmosphere waiting for an app or platform to call it into use. The reality is less entertaining but much more secure. Cloud security protects physical devices created to house information while keeping it accessible at a moment’s notice. These data storage servers are lined up in large rooms or warehouses, connected to you via the internet.
Vendors often spread their servers across state lines, and in some cases, continents, so data does not reside in a single place.
When choosing a cloud provider, ensure your data storage will remain in compliance with financial industry rules and regulations.
How is my data protected?
Cloud vendors employ several techniques to keep your data safe. Copies of all your data files are typically stored in more than one geographic location so customers can maintain reliable access in the event of a fire, flood, or natural disaster that impacts a building full of servers.
Vendors like Amazon Web Services, Google and Windows Azure have government and business certifications and business processes that ensure cloud storage and security practices meet strict regulation and compliance standards.
The American Institute of Certified Public Accountants (AICPA), for example, created a set of international service organization-reporting standards known as SSAE 16 and ISAE 3402 to protect data in the cloud.
Organizations entrusted with their customers’ sensitive financial information have no margin for error and are required by law to protect data as fiercely as the banking industry.
What can I do to keep my cloud data safe?
Cloud service vendors go to great lengths to keep data safe (Google data centers tout laser beam intrusion monitors and biometrics as just some of their security measures) but you have an important role in the process, too.
According to a white paper by SkyHigh Networks, 89.6 percent of organizations experience at least one insider threat incident each month. This can be due to malicious activity, but usually consists of events where sensitive information goes to the wrong people.
Consider implementing a policy that requires users to change their password at regular intervals and employing platform tools that automatically log workers out of your system when not in use. Military-grade encryption, restrictive user permission levels and regular backups add additional levels of security to data stored in the cloud.
Cloud accounting data is at its most vulnerable when moving between storage servers and your computer or application. Cloud storage providers encrypt the data while it’s traveling back and forth by encoding it in ways that make it unreadable unless the recipient system has the key that unlocks the code. Most modern cloud-based platforms have decryption features built right into the platform.
Multi-factor authentication is a proven method of protecting customer data that requires users to verify their identity in more than one way to prevent unauthorized system access. It’s often as simple as setting the system to automatically trigger a verification email or text when they attempt to login.
Using activity and online activity monitoring tools can show you who’s accessing your system and what they’re doing once they get there. Vigilant monitoring will help quickly identify and troubleshoot security issues when they arise.
For an extra coat of armor against unauthorized intrusion, consider anti-malware tools. Many cloud-based platforms already include these features and they are also available for purchase from companies that specialize in data security.