CPA Practice Advisor

APR 2013

Today's Technology for Tomorrow's Firm.

Issue link: https://cpapracticeadvisor.epubxp.com/i/116963

Contents of this Issue

Navigation

Page 10 of 20

SECURITY Facing Cyber Security Threats in the Cloud W By Robert J. Chandler henever I present at conferences, or even when I���m in a conversation with a CPA or accountant, the number one topic on most ever yone���s mind is about cloud security. Ever since we began talking about the cloud, there have been three areas of concern: security, availability and reliability. Tat���s why I���m not at a l l su r pr ised t hat most accountants are still concerned about the security of their firm���s information and, of course, the security of their clients��� data. A recent article in the Washington Post, ���Pentagon to Boost Cybersecurity Force,��� caught my atention. Te intent is to expand the stafng of the Defense Department���s Cyber Command to protect U.S. computer systems against foreign threats. Te article states: ���Te plan calls for the creation of three types of forces under the Cyber Command: ���national mission forces��� to protect computer systems that undergird electrical grids, power plants and other infrastructure deemed critical to national and economic security; ���combat mission forces��� to help commanders abroad plan and execute attacks or other ofensive operations; and ���cyber protection forces��� to fortify the Defense Department���s networks.��� This may sound very ���James Bond,��� but it still is a very viable and real concern, and I���m glad to hear that our government is bolstering its defenses against other nations that want to see us fail. Accountants should know more about cloud security not only for themselves, but also to pass on the knowledge to their clients. Because not every risk can be completely eliminated in any environment, it is vital that security is on the top of the list for anyone who wants to compute in the cloud. First, you will want to ensure your prov iders maintain the highest security available. Certification along many platforms should be constantly updated as new security measures become part of an up-to-date data center. A re c o g n i z e d a nd i nde p e nde nt auditing standard, such as the AICPA SOC2 certifcation, must be employed that includes a uniform format for reporting. It must demonstrate that an organization has participated in an in-depth audit of their objectives and activities that often includes controls over IT processes and financial reporting. When data is hosted or processed by a third party over the Internet, adequate controls and safeguards must be in place. Second, another security feature is data encryption. Encryption is simply a means to not allow unauthorized people to see data they shouldn���t see. When a user accesses the cloud, standard security log on requirements are in play. One is a frst username and password for an online portal. Another is a second username and password for some applications. Tis is especially true in accounting where an accounting professional has to access a customer���s fnancial fles. Third, a reliable cloud server operation will maintain 24/7/365 security staf on-site, and redundancy of all data and data center systems. While no human security efort is going to be completely foolproof, these measures make cloud computing one of the most reliable and secure forms of doing business. Accountants should understand the ins and outs of security in the cloud, but also know that data is safe, security and always available. Robert J. Chandler is president and CEO of Cloud9 Real Time, an accredited Managed Service Provider, application hosting company and licensed Intuit Commercial Host. He is author of the recently published book Together in the Cloud, an informative ���How To��� guide that ofers readers insight into how businesses can implement and utilize cloud technologies in order to bridge the gap between users, applications and IT. April 2013 ��� www.CPAPracticeAdvisor.com 11

Articles in this issue

Links on this page

Archives of this issue

view archives of CPA Practice Advisor - APR 2013