Security concerns rank as the top reason that companies choose to keep their financial data holed up in their basement servers rather than launching it up into the cloud.
While reports of security breaches of large cloud vendors such as Amazon.com do occasionally surface, your data is always much safer in the hands of a company that was custom-built to keep it secure. After all, its entire reputation is built upon privacy and safety of information.
Think of it as flying versus driving: Yes, when things go wrong in the air, it’s big-time news. But, as Christopher Reeve famously says in the first “Superman” movie, “Statistically speaking, of course, it’s still the safest way to travel.”
The reality is that cloud-based providers can offer you better security for your sensitive financial data than your own IT department. However, there are a few things you need to know — it’s important to be educated about security so you can find the right vendor to work with.
Thomson Reuters, a New York-based media and information firm, published a
-
Physical security is all about redundancy: Providers have redundant power supplies, Internet connections, and hardware, the paper explains. Should a fire, flood, or some other natural disaster happen, the vendor has backup electricity, hard drives, and replicated data to ensure that your information doesn’t get lost. Physical security is also integral to ensuring that the data center isn’t easily accessible. Failover backup sites must be redundant.
-
Application security is about encryption and restriction: The vendor’s actual software must be secure enough to withstand hackers and viruses by using powerful firewalls, anti-virus programs, encrypted communications, and strong administrative controls. Remarkable vendors will “actually hire professional hackers to try to hack into their applications and provide audit reports with their findings,” the Thomson Reuters white paper notes.
Secure network access is necessary to ensure that only authorized people are seeing the data. Encrypted communications prevents unauthorized external access to the data. Examples include redundant perimeter firewalls, digital certificates and public key infrastructure. Internal controls also should be in place to prevent fraud, waste, and abuse.
-
Dedicated security teams are the heart and soul of a quality cloud provider: This is what they do, and they have 24/7 monitoring practices in place. Sure, trusting an outsider to look after your information can be scary; however, research shows that the most problems are the result of internal employees making mistakes or, even worse, stealing information. This is yet another reason why cloud computing is safer: You have “centralized control” over your information.
“It’s much easier to establish and enforce policies for a cloud-based system than for the patchwork of email accounts, physical media and thumb drives that usually results from on-site data storage,” the paper explains.
With that said, you must do your part. You have to establish firm policies about access and then strictly enforce those policies.
Like it or not, cloud-based accounting programs are becoming increasingly popular, and if you continue to keep your financial data on a basement server, you’ll soon be left behind.
If you’re going to keep pace with your competitors, you need to be ready to make the jump to the cloud. And that means embracing cloud security. Do your research. With the right physical security, the right application security and the right team to take care of your data, you can feel confident that your financial data is safe.