Cloud computing is becoming the standard delivery mode for most enterprise software applications. While security is a consideration for any application, it is particularly important for accounting software. The major areas to consider when evaluating cloud computing accounting applications are:
• Identity management
• Application security
• Data security
• Privacy protection
Any cloud computing vendor should be able to provide satisfactory answers to questions regarding each of these security requirements.
Managing identities within cloud computing
Identity management controls access to the system that holds your data. In some cases the application provider will supply the identity management, or you can use your own identity management data through single sign-on (SSO) or other user authentication techniques. It is important to maintain appropriate security levels through standards for password length, complexity, and expiration.
Securing applications in the cloud
Application providers must create secure areas for their clients to store and manage their data. Usually firewalls are used to prevent unauthorized users from seeing or manipulating data that does not belong to them. Make sure that your provider has the appropriate controls in place to segregate and protect your data. Usually there are firewall specifications or other protections that vendors can provide to establish that adequate protections are in place.
Promoting data security in hosted applications
Data redundancy and backup are just as important in cloud computing as any other software environment. Accounting application providers should definitely have adequate backup procedures in place to handle your critical data. Ask for evidence of backup and restore procedures, and test these procedures on a regular basis. Also, it is a good idea to maintain your own backup data in a secure location.
Protecting privacy for users in hosted environments
Most accounting applications provide ways to mask critical customer data, such as account numbers, credit card numbers, birth dates, etc. Access to unmasked data should be restricted to only top level administrators who should have access to that information. You can review with your service provider how data privacy is controlled and protected in their application, and verify that their procedures meet the appropriate standards for privacy.
Using cloud computing for accounting systems does not present a different security risk from using any other type of hosted software. But there are certain controls and standards that must be met by vendors who offer accounting services in their hosted environments. Make sure that you investigate the security requirements listed above, and that you can establish that your data and application environment are adequately protected.