Moving Toward the Virtual Firm (Part 5 of 5) Cloud Computing Reviewed by Momizat on . Cloud Computing Choices & Preference In this final installment of her five-part series on transitioning to a virtual office, Simone Hoover explains the type Cloud Computing Choices & Preference In this final installment of her five-part series on transitioning to a virtual office, Simone Hoover explains the type Rating: 0
You Are Here: Home » Practice Management » Moving Toward the Virtual Firm (Part 5 of 5) Cloud Computing

Moving Toward the Virtual Firm (Part 5 of 5) Cloud Computing

Cloud Computing Choices & Preference

In this final installment of her five-part series on transitioning to a virtual office, Simone Hoover explains the types of contracts involved with cloud service and what every business owner should ask before making a commitment.

Cloud Computing

Cloud Computing

Once you have established the data parameters of the move, you’ll need to decide whether to set up a private cloud (on-premise servers that can be accessed remotely), go to a public cloud (servers provided and maintained by a third-party provider), or try a hybrid model.  As a small firm, a private cloud was not an option.  I did not want to be in the IT business beyond the decision of what laptop to buy.    For those who have reservations about moving your data out of your control, StoAmigo’s Cloud Locker by  Duvon Corp provides 250GB of storage and can be accessed either via a website or mobile apps.  See www.cloudlocker.it.  There are big and small, generic and industry-specific provider organizations actively vying for your business.   These include Amazon (also host to the CIA), Accountants World, Intuit, Thomson Reuters, CCH, CPA2Biz, Microsoft, Rackspace, Salesforce.com.Verizon/Terremark and others.  Don’t expect a single vendor to provide all the applications you require.  Consider the storage, document management and backup functions as essential and specific applications can usually be adapted, if not available, in true cloud versions. 

Security is and will remain a major concern.  Moving to the cloud is said to be both more secure and more risky than the traditional appliance-based data storage.  While cloud services are popular targets of cyber-attacks, the providers know this and will presumably devote more attention and resources than an individual enterprise has at its disposal.   That said, buying this service is no different than any other.  Vet your vendors thoroughly before signing and certainly before conversion.  The Cloud Security Alliance (CSA)  a nonprofit organization that promotes research into best practices in securing cloud computing publishes a series of white papers of interest. In particular, the “GRC Stack” provides a toolkit for assessing private and public clouds against industry established best practices.

“Security is and will remain a major concern. Moving to the cloud is said to be both more secure and more risky than the traditional appliance-based data storage. ”

To find cloud service providers with thoroughly vetted technology and processes, organizations should see if the provider has undergone a Service Organization Control (SOC) audit, especially a SOC 2, or Type 2 audit, which measures the performance and controls of a vendor’s cloud systems over an extended period of time.   This SOC report is the successor to the ISO 70 report you may be familiar with.  Discussion of the move from ISO to SOC is beyond the scope of this article.  There are three levels of reports, SOC 1, 2 and 3, which test controls over privacy, availability, security  and sustainability.

Cloud Contract Conditions

The contract to provide cloud service or Service Level Agreement should be reviewed with common sense.  Keep in mind where your boundaries are.   Things to consider include:

  • What are the insurance coverage risks? These often are covered under cyber-risk policies.
  • What is the Return on Investment (ROI)/Total Cost of Ownership (TCO) risk? Will you be paying on a per-use basis for access to software, data and processes?  This can prove to be a better bottom line option than the traditional IT setup.
  • Is the cloud provider financially stable?
  • Does the contract address the full-range of your organization’s legal rights and obligations?  (Confidentiality, privacy, protecting intellectual property, limitation of liability and termination rights, data ownership, data recovery for provider change, e-discovery, and data retention)
  • Does your organization have software licenses that prevent it from moving applications to the cloud provider?
  • How is your organization ensuring that sustainable security, confidentiality, privacy, processing-integrity and availability risks are mitigated?
  • Who in your organization is managing the cloud provider relationship and who is it on the provider’s side?
  • Is the business department purchase of cloud services outside of standard procurement policy and procedure?  If it is, what is the justification for this exemption?
  • What are the escalation procedures in case of a security/data/privacy breach?
  • Do they use subcontractors?
  • Where does the data actually reside?
  • Request SOC 1 or SOC2 report.
  • Can the client access providers down line a subservice organization  and/or the reports?
  • Regarding the user, where are the control points and who in your organization is using them?  What has changed ?  Not keeping controls current is likely to become an issue when you are cloud-based.   If you have changed software or personnel, these are risks that should be continuously assessed and minimized.   
  • When moving cloud providers, how does a potential move work and what costs are involved?  Is the provider using proprietary systems that impact mobility?

While the prospect of a move to the cloud may seem daunting, it is almost inevitable.  Business visionaries, such as Boomer Consulting’s COO Sandra Wiley, see the cloud as being standard within five years to the degree that we no longer think about whether to be in the cloud, but rather are talking about those businesses or practices that occur outside of it. 

Today no major application software is being written for other than a cloud-based delivery.  It behooves today’s professional to move toward the change and enjoy the benefits. 

[author] [author_image timthumb=’on’]http://m.c.lnkd.licdn.com/mpr/mpr/shrink_200_200/p/4/000/17a/28f/06d9ab4.jpg[/author_image] [author_info]Simone Velasquez Hoover, CPA/CVA is President of Simone Velasquez Hoover, PA. The firm provides comprehensive financial, development and management support to nonprofit, membership organizations and high net worth individuals. In addition, the firm provides forensic accounting, litigation support and dispute resolution services to individuals, families and business clients. Ms. Hoover served as Executive Director, NACVA State Chapter Foundation Chapter President from 2005 through March 2013. Currently, she is also Executive Director of Operation Homefront – Florida, a 501(c)(3) that serves the families of deployed and wounded service members throughout the state with emergency financial and other support. Simone can be reached at hoovercocpa.com.[/author_info] [/author] 

The National Association of Certified Valuators and Analysts (NACVA) supports the users of business and intangible asset valuation services and financial forensic services, including damages determinations of all kinds and fraud detection and prevention, by training and certifying financial professionals in these disciplines.

Number of Entries : 2611

©2024 NACVA and the Consultants' Training Institute • Toll-Free (800) 677-2009 • 1218 East 7800 South, Suite 301, Sandy, UT 84094 USA

event themes - theme rewards

Scroll to top
G-MZGY5C5SX1
lw