Cloud-based accounting programs are the latest in accounting technology. There are plenty of upsides, from ease of use and mobile access to seamless integrations with niche programs and complex accounting systems. Yet, like everything, cloud-based programs are not without some risks as well. Included among the considerations are, lack of physical control of servers, data transmission out of office, and the potential to be affected by loopholes and exploits that not explicitly aimed at your company. These cloud security risks must be considered when outsourcing accounting, but there are opportunities to mitigate the risks as well.
1. Physical hardware security
The cloud-service provider hosts all hardware on location, such as the servers hosting the application and your data. You connect to the application through an app or your browser in order to access its resources. Because you don't have the servers on-site, you don't have physical access to the hardware nor do you control its security. Talk to cloud-service providers about their data center security, determine whether they co-locate their servers or have complete control over the server room or center, and find out what measures they have in place to control physical access to the devices. Ask about data redundancy, back up procedures and processes in place in case of breach.
2. User account access
Each application has its own way of administering the exact amount of data and functions users can access. It's important to have an understanding of how often accounts are audited, how hard it is to disable accounts if you fire an employee, and how much control you have over the creation and administration of these accounts. Custom user access levels may help ensure you retain control of your data and additional identification points may be a beneficial feature to leverage.
The hardware used at a cloud-service provider often hosts more than one client per machine, as the resources are pooled and shared with virtualization options. What this means is that your data is sharing space with other clients using the service, which may cause issues if a hacker targets another company and your data gets caught in the crossfire. Look into cloud-service providers who keep sensitive data on separate physical hardware from other clients, consider setting up a private cloud or using an API to keep your data onsite while still using the cloud-based application, or determine whether the included security measures are enough to handle this situation without a cause for concern.