As a reseller of cloud accounting software, we are often met with opposition from our prospects and customer regarding the privacy and security of their data in the cloud.
First, let's address security and we will address privacy later and in much more detail. The following Tech Soup Canada blog addresses security very well and I would suggest having a look. Tech Soup targets Not for Profit Organizations but the information applies to For-Profit organizations as well.
To read the Tech Soup Canad Blog click here.
To summarize in most if not all cases the security of a cloud accounting publisher is far superior to what most organizations have today. It is like comparing apples to oranges or server closets to Tier One data centers. The article goes on to define the differences between security and privacy but the most resistance we face as a reseller of cloud technology is with respect to the privacy of data stored in the cloud.
The objections we face mostly relate to 3rd parties' ability to access private data. Some fear data being in the cloud is more exposed than on-premises data but the encryption and privacy standards that cloud providers must adhere to are far more stringent and monitored than anything a typical organization would have to deal with. Another fear is the US or other governments accessing data as a result of terrorist investigations under the “Patriot Act”. So yes access to this data can be granted by your cloud provider for the purposes of terrorist investigations. It should be made clear though that the Canadian government has similar rights under legislation to access data for the same purposes and that your data is exposed to this type of access whether stored In the cloud or on-premise or stored in Canada or the US. The US and Canadian governments cooperate with each other fully in these types of situations to ensure the data is made available to each other authorities. It should also be noted that any data that is transferred over the Internet is usually routed to the United States at some point anyway so even if your data is stored in Canada you are accessing it via the Internet and 90% of Internet data is routed the US regardless.
Another concern regarding cloud data privacy is Canadian privacy legislation. We have been told by many organizations that laws exist in Canada to prevent data from being stored in the cloud period but especially in another country. The following is an excerpt from the Canadian Privacy Act (PIPEDA) FAQs.
The Personal Information Protection and Electronic Documents Act (PIPEDA) does not prohibit cloud computing, even when the cloud provider is in another country.
Click here for the link to the above FAQ
Another Frequently Asked Question from PIPEDA is :
I've heard that cloud computing may improve privacy protection. Is this true?
For businesses that are considering using a cloud service, cloud computing could offer better protection of personal information compared with current security and privacy practices. Through economies of scale, large cloud providers may be able to use better security technologies than individuals or small companies can, and have better backup and disaster-recovery capabilities. Cloud providers may also be motivated to build privacy protections into new technology and to support better audit trails.
On the other hand, while cloud computing may not increase the risk that personal information will be misused or improperly exposed, it could increase the scale of exposure. The aggregation of data in a cloud provider can make that data very attractive to cybercriminals, for example. Moreover, given how inexpensive it is to keep data in the cloud, there may be a tendency to retain it indefinitely, thereby increasing the risk of breaches.
I have researched data leaks from the major ERP and accounting providers and I get find very little if any kind of data loss.
As you can see there is a lot of information on this topic and we have only scratched the surface. I will continue to blog on this topic as I research and find more information but I encourage all of you to provide your feedback so we can have a dialogue about the risks, and benefits and educate ourselves.
Learn how Sterling Park District has saved time and money at their not-for-profit organization with Sage 300 ERP and its payroll module.