Today's Technology for Tomorrow's Firm.
Issue link: https://cpapracticeadvisor.epubxp.com/i/255988
January/February 2014 • www.CPAPracticeAdvisor.com 11 FROM THE TRENCHES Pitfalls and Cautions Tings can go wrong with your data and corrupt either production fles or back ups. Cloud host i ng a nd SaaS applications minimize the amount of responsibility you have for protecting the data. However, some vendors "lock the data up" and prevent you from geting your data back easily. If you keep your data locally in your frm or home, user error, mechanical failure, intentional internal or external maliciousness, or other intrusions like viruses can destroy all of your data. Data may be mechanically safer in the c l o u d , b u t t h e r e g u l a t o r y r i s k s increase. For example, the Patriot Act Section 215 provides for access to data stored i n a ny data center w it hout subpoena or notifcation in the U.S. According to our research over 25,000 such requests have already been made w it h less t ha n 2 0 of t he request s denied. If you store client confdential data in the cloud, this data may be provided to governmental agencies without your knowledge. According to Ti me Magazine, November 11, 2013, page 31, there is approximately 19 terabytes of information stored on the public web. Tere are another 7500 terabytes of information stored on the hidden or secret web that is used by government agencies and criminals alike. A lthough not comprehensive, the Backup Pitfalls and Cautions chart above illustrates some of the issues for you to consider. Key concerns with any backup data is the ability to restore, the protection of the data, the application of records retention policies, and the amount of t i me requ i red to eit her back up or restore. With the 2013 disclosure of decryption technology held by govern- ments around the world, my comfort level has dropped with cloud hosting, SaaS applications, and cloud-based backup. However, my caution pri- marily lies around risk mitigation and unexpected exposure of client conf- dential data. Make sure you have read the license agreement of any cloud storage provider before you use the ser v ice. Test your backups for reli- ability on a regular basis. And make sure you have ALL of your data backed up no mater what! POTENTIAL SHORTFALLS Data will not be available during outages, service provider may have catastrophic loss and not have an appropriate backup site or failover plan (not particularly likely) Long backup times possible, tapes prone to failure, manual rotation of backup media required, backup software has to be confgured and updated, destruction of tapes needed for compliance with document retention policies, long restore times May not be secure, needs encryption, has to be carried off-site for additional safety, manual intervention to complete backup, prone to failure An off-site backup is still needed, perhaps a NAS in the offce and a NAS in your home OR a NAS in your home and that of another family member OR a NAS in your offce and home and a web based backup Large scale restores time consuming, pricing likely to increase when more data stored Need to purchase suffcient size drives and processors, possible to outgrow, have to be replaced every fve years, off-site storage to the web fees increase with more storage, need to be tested on a regular basis (weekly, minimum monthly) Virus infection or deleted fles are immediately replicated to the alternate site ...an archival backup is still needed. Communication speed and systems cost can be high. Consider using your older SAN (that has been used for fve years) by moving it to your backup site and installing a new SAN in your primary site SITUATION POSSIBLE CAUSE RESOLUTION OR OPTIONS Primary production fle corrupted Power inconsistent, software error, Restore from backup after issue is corrected mechanical failure Bad fle written over the top of a good fle User error made in application, then saved, Attempt to restore a version from document management or computer fle commonly done in Excel system, otherwise retrieve single fle from backup Hard drive (HD) or solid state drive Mechanical issue Replace unit and restore all fles from backup (SSD) failure USB thumb drive unreadable Physical damage Use new USB drive and restore from backup Synchronized cloud storage missing fles User intentionally or accidentally deleted fles Check for hidden prior versions or restore from backup (SkyDrive, Dropbox) New backup provider chosen Better alternative found Ensure that all fles are deleted from old provider. Check on retention period to confrm fles will be removed to minimize eDiscovery risk Production or backup fles stolen or Error was made in setup by IT-all drives should Execute security breach reporting plan. Requirements vary by state. compromised and were not encrypted be encrypted. Catastrophic loss of offce or home from fre, Bad luck or not proactively repairing faulty Find new location if necessary, purchase appropriate equipment, restore food or other cause equipment. from backup Volume of data is so large, restoring the Internet too slow, or inappropriate product was Ask vendor to ship an encrypted drive with your information for backup will take too much time initially chosen restore purposes Want to leave a cloud vendor and you need Vendor is not responding or taking a protracted Review the contractual obligation (which should have also been done your data amount of time originally) and ask for compliance with contract Data center is down Various including operational error or Largely beyond your control. Prepare in advance with a communication plan mechanical failure to your clients, and wait. Have manual procedures ready to execute Backup won't restore Backup probably wasn't tested on a Try earlier versions of backups. Implement regular restore testing procedure regular basis (weekly/ monthly). May be contracted to a managed service provider. BACKUP PITFALLS AND CAUTIONS cpa_10-11_Johnston.indd 11 2/5/14 11:42 AM