Moving Toward the Virtual Firm (Part 5 of 5) Cloud Computing
Cloud Computing Choices & Preference
In this final installment of her five-part series on transitioning to a virtual office, Simone Hoover explains the types of contracts involved with cloud service and what every business owner should ask before making a commitment.
Once you have established the data parameters of the move, youâ€™ll need to decide whether to set up a private cloud (on-premise servers that can be accessed remotely), go to a public cloud (servers provided and maintained by a third-party provider), or try a hybrid model.Â As a small firm, a private cloud was not an option.Â I did not want to be in the IT business beyond the decision of what laptop to buy.Â Â Â For those who have reservations about moving your data out of your control, StoAmigoâ€™s Cloud Locker by Â Duvon Corp provides 250GB of storage and can be accessed either via a website or mobile apps.Â See www.cloudlocker.it.Â There are big and small, generic and industry-specific provider organizations actively vying for your business.Â Â These include Amazon (also host to the CIA), Accountants World, Intuit, Thomson Reuters, CCH, CPA2Biz, Microsoft, Rackspace, Salesforce.com.Verizon/Terremark and others.Â Donâ€™t expect a single vendor to provide all the applications you require.Â Consider the storage, document management and backup functions as essential and specific applications can usually be adapted, if not available, in true cloud versions.Â
Security is and will remain a major concern.Â Moving to the cloud is said to be both more secure and more risky than the traditional appliance-based data storage.Â While cloud services are popular targets of cyber-attacks, the providers know this and will presumably devote more attention and resources than an individual enterprise has at its disposal.Â Â That said, buying this service is no different than any other.Â Vet your vendors thoroughly before signing and certainly before conversion.Â The Cloud Security Alliance (CSA)Â a nonprofit organization that promotes research into best practices in securing cloud computing publishes a series of white papers of interest. In particular, the â€śGRC Stackâ€ť provides a toolkit for assessing private and public clouds against industry established best practices.
To find cloud service providers with thoroughly vetted technology and processes, organizations should see if the provider has undergone a Service Organization Control (SOC) audit, especially a SOC 2, or Type 2 audit, which measures the performance and controls of a vendorâ€™s cloud systems over an extended period of time.Â Â This SOC report is the successor to the ISO 70 report you may be familiar with.Â Discussion of the move from ISO to SOC is beyond the scope of this article.Â There are three levels of reports, SOC 1, 2 and 3, which test controls over privacy, availability, securityÂ and sustainability.
Cloud Contract Conditions
The contract to provide cloud service or Service Level Agreement should be reviewed with common sense.Â Keep in mind where your boundaries are.Â Â Things to consider include:
- What are the insurance coverage risks? These often are covered under cyber-risk policies.
- What is the Return on Investment (ROI)/Total Cost of Ownership (TCO) risk? Will you be paying on a per-use basis for access to software, data and processes?Â This can prove to be a better bottom line option than the traditional ITÂ setup.
- Is the cloud provider financiallyÂ stable?
- Does the contract address the full-range of your organizationâ€™s legal rights and obligations?Â (Confidentiality, privacy, protecting intellectual property, limitation of liability and termination rights, data ownership, data recovery for provider change, e-discovery, and dataÂ retention)
- Does your organization have software licenses that prevent it from moving applications to the cloudÂ provider?
- How is your organization ensuring that sustainable security, confidentiality, privacy, processing-integrity and availability risks areÂ mitigated?
- Who in your organization is managing the cloud providerÂ relationship and who is it on the providerâ€™s side?
- Is the business department purchase of cloud services outside of standard procurement policy and procedure?Â If it is, what is the justification for this exemption?
- What are the escalation procedures in case of a security/data/privacyÂ breach?
- Do they use subcontractors?
- Where does the data actually reside?
- Request SOC 1 or SOC2 report.
- Can the client access providers down line a subservice organizationÂ and/or the reports?
- Regarding the user, where are the control points and who in your organization is using them?Â What has changed ?Â Not keeping controls current is likely to become an issue when you are cloud-based.Â Â If you have changed software or personnel, these are risks that should be continuously assessed and minimized.Â Â Â
- When moving cloud providers, how does a potential move work and what costs are involved?Â Is the provider using proprietary systems that impact mobility?
While the prospect of a move to the cloud may seem daunting, it is almost inevitable.Â Business visionaries, such as Boomer Consultingâ€™s COO Sandra Wiley, see the cloud as being standard within five years to the degree that we no longer think about whether to be in the cloud, but rather are talking about those businesses or practices that occur outside of it.Â
Today no major application software is being written for other than a cloud-based delivery.Â It behooves todayâ€™s professional to move toward the change and enjoy the benefits.Â
[author] [author_image timthumb=’on’]http://m.c.lnkd.licdn.com/mpr/mpr/shrink_200_200/p/4/000/17a/28f/06d9ab4.jpg[/author_image] [author_info]Simone Velasquez Hoover, CPA/CVA is President of Simone Velasquez Hoover, PA. The firm provides comprehensive financial, development and management support to nonprofit, membership organizations and high net worth individuals. In addition, the firm provides forensic accounting, litigation support and dispute resolution services to individuals, families and business clients. Ms. Hoover served as Executive Director, NACVA State Chapter Foundation Chapter President from 2005 through March 2013. Currently, she is also Executive Director of Operation Homefront â€“ Florida, a 501(c)(3) that serves the families of deployed and wounded service members throughout the state with emergency financial and other support. Simone can be reached at hoovercocpa.com.[/author_info] [/author]Â