Today's Technology for Tomorrow's Firm.
Issue link: https://cpapracticeadvisor.epubxp.com/i/146073
Reviews For Your Firm HOSTING PROVIDERS Taking Your Firm and Clients to the Cloud C loud ser ver based hosting of applications which have historically run on desktop or laptop Windows computers is a hot trend with accounting professionals. CPA Practice Advisor recently completed the 2013 Reader Survey, which will be featured in a future issue, and reveals that just under 10% of survey participants have their network hosted completely in the cloud (either hosted by a primary vendor or a specialized hosting company). Although accountants have been experimenting with the cloud for some time, the pace of change has accelerated in recent years. Te primary responsibility for maintaining a secure operating environment lies with the service provider, but tax and accounting professionals are still ultimately responsible for all data given to them by clients. Accountants are not very tolerant of problems in the cloud, whether they are unwitingly self-created due to a lack of IT knowledge, or due to service provider failures. We believe that stability and support are at least as important to prospects as the breadth of products which the company is willing to host for customers. We reviewed seven hosting providers for our 2013 review. Tese are: • Cloud9 Real Time • Cloudvara • InsynQ • Qutera • Right Networks • Swizznet • Xcentric Some of the major attributes we looked for included: • Quality, Reliability, and Redundancy of Hosting Facilities - We looked for features such as colocation in a Tier 2 or higher public data center, backup data centers (and an assertion about whether the backup location is a cold site, a warm site, or a hot site). • Types of Hosting Ofered, as well as membership in software publisher 6 certifications/programs for those commercially hosting their applications. The three types of hosting typically ofered include: • Hosting of a single application • Hosting of dedicated virtual server • Other types of hosting • Sofware Applications Supported • Client Accounting Products such as QuickBooks Pro, Premier, and Enterprise, Sage 50 US, Sage 50 Canada, and Sage 100 ERP. • Support for Add-on Applications Users should also confrm that any third party applications they use are also supported in the hosting environment. Examples of such applications include ODBC drivers, importing tools, as well as any other applications which automatically access and write data to the accounting software database. • Professional Tax and Accounting Tools like the Tomson Reuters CS/ ES Suites, the ProSystem fx and Axcess suites from Wolters Kluwer/ CCH, as well as products from other professional tax and accounting publishers such as Drake and Intuit. • Security and Regulatory Compliance requirements were also considered. Key features to look for from a hosting provider include: • US-Based Servers (commonly required of tax preparers by regulations under IRC §7216) - (Although CPA Practice Advisor is not widely distributed in Canada, it is important to note that Canadian accounting professionals (including Chartered Accountants, Certifed Management Accountants, Certified General Accountants, and Certifed Professional Accountants) have regulatory requirements which make it preferable to host data for Canadian citizens and companies in Canada. Two providers, Cloud9 Real Time and InsynQ , ofer services with separate, Canadianba sed data centers for u se by accounting professionals in Canada.) • HIPAA and PCI compliance, which are required of those handing August 2013 • www.CPAPracticeAdvisor.com healthcare patient d at a a nd t hose ac c ept i ng c red it cards. W h i le not a l l organizations need HIPA A/PCI compliant systems, the requirements of these certifcations place a greater emphasis on securing data, which is desirable by all users. (It is important to note that some accounting applications include a provision in their end user license agreements which put users on notice that they are neither "HIPAA-ready" nor "HIPAA-compliant". Such applications commonly require users to agree that the end user is solely responsible for compliance with all applicable state and federal privacy laws related to medical or health information.) • Tird Party Security Reviews in the recent past, including SOC 1 Type II and SOC 2 Type II evaluations (commonly referred to as SSAE 16 engagements). (While we would prefer a SOC 2, Type II examination (which uses Trust Services Criteria), some providers provided a SOC 1, Type II examinations (which focus primarily on Internal Control over Financial Reporting [ICFR]). A short article on SOC reports which provides some explanation of the two reports is at htp://bit.ly/soc-1-2-3.) • Support and Self-Service Assistance • Service Hours and availability of of-hours emergency support • Service Delivery Options, including web, chat, and telephone support. • Location of Call Centers providing technical support (e.g. onshore or ofshore). • Automation of End User Administration and setup and provisioning of new customers without the manual intervention of technical support personnel. A common misconception is that users should not worry about backing up their data because the hosting provider creates a backup of their data for them. While many hosting providers profess excellent backup procedures, we have no way of testing the accuracy of their statements or the ability of the provider to retrieve data from backups. We believe that users should, wherever possible, make their own local (on end user's premises) backups of any data stored in the cloud, including data stored by hosting providers. Local backups under the control of the end user protect against unexpected catastrophic loss of data due to unforeseen circumstances such as hosting provider bankruptcy. It is important to remember that third party hosting providers are not the only solution for hosting a suite of business applications. Some sofware publishers such as Tomson Reuters and Drake offer cloud-hosted versions of their traditional application suites, and others, including Intuit and Tomson Reuters, ofer versions of traditional accounting frm applications which run in a web browser. Tese suites are run from inhouse data centers operated by each company, and represent a sofware as a service alternative to the traditional, on-premises applications. Larger frms with an in-house IT department may fnd it more economical to run their own hosting platform to deliver applications to employees across the country. ● Brian F. Tankersley, CPA, CITP, CGMA Technology Editor Brian is the Technology Editor for CPA Practice Advisor, and is a fequent speaker at national continuing education courses on auditing and technology, as well as a consultant, coach and instructor for K2 Enterprises. He can be reached at brian@k2e.com.