A past article in Ars Technica rekindled a healthy a nerve with many professionals and business owners regarding general password and office WiFi security…
Passwords are the keys that secure virtually everything nowadays. Use a weak password and the outcome could be disastrous. And one of the areas where passwords are the weakest are the standard issue office and home WiFi networks now universally ubiquitous.
Relatedly, at our Cloud Summit last November, K2′s Randy Johnston stressed the increased importance of stronger passwords and passwording our smart phones and tablets as well.
Earlier this month Cloud9 execs attended the ABA Tech conference and one of the more provocative presentations was that of John Simek, VP at Sensei Enterprises, who demonstrated the relative ease of cracking most office WiFi security using a $99 device called the Pineapple Mark IV to identify local WiFi networks and their weaknesses.
As reported in ABA Journal, Simek noted that, using the device at home, he was able to track Internet activities of his neighbor who works for a security firm hired by the federal government. The Pineapple (available from HakShop) is ostensibly being marketed for “penetration testing” on office WiFi security (no questions asked).
Once we began talking about the cloud, there were 3 areas of principal concern: security, availability & reliability…
First appeared: CPA Practice Advisor / April 3, 2013
Ever since we began talking about the cloud, there have been three areas of concern: security, availability and reliability. That’s why I’m not at all surprised that most accountants are still concerned about the security of their firm’s information and, of course, the security of their clients’ data.
A recent article in the Washington Post, “Pentagon to Boost Cybersecurity Force,” caught my attention. The intent is to expand the staffing of the Defense Department’s Cyber Command to protect U.S. computer systems against foreign threats:
“The plan calls for the creation of three types of forces under the Cyber Command: “national mission forces” to protect computer systems that undergird electrical grids, power plants and other infrastructure deemed critical to national and economic security; “combat mission forces” to help commanders abroad plan and execute attacks or other offensive operations; and “cyber protection forces” to fortify the Defense Department’s networks.”
Cloud Services for Law Firms is gaining traction among attorneys for several good reasons.
Advocates and early adapters of Cloud Services for Law Firms maintain that its chief advantages include economy, simplicity and accessibility.
Get the white paper: Cloud9 Legal Cloud Report
See also: Interest in Paperless Law Firm Capabilities Picking Up
Cloud Services for Law Firms now include legal practice management solutions, document management and data storage, secure document and information platforms, hosted secure email exchanges, digital dictation services and billing/time tracking. Cloud-based SME platforms are innovative, economical and increasingly viable for legal practices of all sizes.
Cloud Services for Law Firms Advantages
Law firm cloud computing advantages include reduced overhead due to decreased IT costs, increased ease of IT maintenance and support,
Taking advantage of law firm cloud computing allows attorneys to focus on providing legal services while the cloud provider updates, upgrades and maintains the practice management, accounting, time tracking, and other applications on both a regular and emergency basis.
Ten Attributes of Good Cloud Service Providers
Small business cloud computing is growing rapidly with increasing number of new players. If you are just beginning to look for a cloud service provider, here are the top considerations you should hold firmly in mind.
See also: Just How Secure Is Your Cloud?
1. Top Technical Expertise
Cloud service providers should not be approached like a commodity: it is not as elementary as providing you with the lowest rate computer in a server farm. Reliable cloud computing demands much technical expertise to initiate the right system that warranties sufficient security for your data and allows you to run your business without interruption. Key consideration should be placed on the quality of the cloud service provider’s support team and their technical adroitness.
*Sources: CloudTweaks and Sleeter Goup
You will be migrating confidential enterprise data to a third-party server. You really must able to trust the cloud computing provider. Query their representatives and determine if they are they team with whom you can trust your confidential corporate data. Ask for references and client testimonials. Research the cloud service provider completely before trusting them with your resources. Also, look for their industry accreditations and awards.
According to a new report (below) from a prominent market intelligence think tank, “Not using Cloud is [now] the greatest risk to business productivity.”
“Cloud hype continues to mount,” reports David Bradshaw, a market researcher at International Data Corporation (IDC), “But underneath the hype, enterprise IT really is evolving. There are essentially two categories of cloud services — public cloud services are available to anyone with the means to pay, while private cloud services are dedicated to a single customer or smaller and larger groups, niches or verticals of customers.”
As part of its research, commissioned by one of UK’s leading IT providers Computacenter, IDC also found out that 90% of corporate data center capacity goes unused; 23% of organizations have multiple Cloud services in full-scale use; and 8 out of 10 employees use consumer Cloud services to fill the corporate IT gap.
How should companies select what is best to place in Cloud? A first imperative is that the cloud solution selected should deliver greater business metrics than any alternative methods of meeting the same need, such as lower cost and faster implementation, lower (or no) capital costs, better fit to company needs, lower ongoing costs, and an exit plan from the software version upgrade cycle.
Goodbye SAS 70, Hello SSAE 16: Cloud9 Real Time Application Hosting Raises the Security Bar
SAS 70 has been touted on a number of websites for businesses offering data center services. It has been the equivalent of the “Good Housekeeping” stamp of approval since its inception as a cornerstone audit in 1992. The SAS 70 type of audit, that’s been around since the early 1990s, has been retired and replaced with the SSAE 16 (Statement on Standards for Attestation Engagements #16).
Cloud9 Real Time’s AIS Data Center recently announced its successful completion of the SSAE 16 SOC 1 Type 2 and the SSAE 16 SOC 2 Type 2 audits for the company’s San Diego facility. These third-party audits of the AIS data center services serve to further demonstrate the commitment made to provide a high level of standards for compliance and security.
Per the American Institute of Certified Public Accountants (“AICPA”) Standards for Attestation Engagements (SSAE) No. 16, the SOC 1 report is geared towards reporting on the Internal Control over Financial Reporting and is designed to be a reporting standard for a business’s financial reports, highlighting its financial accounting and reporting practice. The SOC 2 report covers the suitability of the design and operating effectiveness of controls to meet the criteria for the security and availability principles set forth by the Trust Services Principles.
Where You Store Your Data Does Matter, Have You Considered The Cloud?
Image source: AIS
Data storage demand is expanding at an exponential pace. In a recent Aberdeen Study (“How Much Of Your Data Should Be In The Public Cloud?”), companies polled indicated that typical data storage needs were rising at a rate of over 30% per year. This is a trend that is forcing IT managers to review their current IT infrastructure and proactively obtain increasingly cost effective ways to store the increased data safely and with the same or better level of access that they enjoy today.
“The primary pressure of moving data to the public cloud is the need to get the data off-site and readily available for disaster recovery. The secondary pressure causing this shift is the increasing cost and complexity of most IT environments especially those firms with fast growing IT environments. Best in class companies have been actively shifting a portion of their storage pool to public storage cloud providers to leverage their robust data management and security processes. Data security concerns are not stopping firms from using public cloud storage because they are encrypting their data in transit and while it is stored on cloud disk drives,” writes Tim Caulfield, CEO at Cloud9′s AIS™ Data Center.
CPA firm disasters come in many different forms:
Accounting firm server crashes, hard drive failures, disgruntled employees and of course the all too unfortunate natural disasters. When the storm hits – how prepared is your accounting practice and your clients?
Every accounting firm should have a Disaster Recovery Plan, here are the essentials to get you started:
1. Offsite backup of all accounting firm data. Tape backups are not reliable. Backups need to be regularly scheduled and automatic.
2. Know your accounting office functions. Being able to recognize what materials, procedures and equipment are essential to keep your business running is the first step to taking inventory of what needs to be recovered promptly.
3. Have a list of your accounting firm employees phone numbers readily available. Have a person in charge of contacting accounting clients during a disaster, communication is key.
In 1900, Mercedes Benz forecasted that the total demand for cars worldwide would never exceed 500,000. Why? – because there were “not enough chauffeurs” available.
That same year a panel of British experts concluded that “The telephone may be appropriate for our American cousins, but not here, because we have a sufficient number of messenger boys.”
*Sources include: Wikipedia and Wired
So What is “Cloud Computing?”
Cloud computing is the delivery of computing as a service rather than a product, whereby shared resources, software, and information are provided to computers and other devices as a leased or otherwise metered service over the Internet.
I get asked daily about security in the Cloud and I welcome these questions as it is not only important for users to understand but also opens the discussion about moving to the Cloud, meaning progress for the acceptance of our technologies.
Is It Secure? Recently I was speaking at a seminar and during the lunch break a gentleman said to me, “I don’t know, I just feel so much more secure knowing I can go in the back room of my office and see my server.” This thought and sense of security is not only misguided but it also seemed almost antiquated in today’s modern society. I responded by asking him if he still keeps his money under his mattress and he said, “Of course not” and I think he understood from there where I was going with this.
When Cloud Hosted Application & Load Speed Isn’t Everything
It’s funny the things that are “deal breakers” for firms looking to move to the Cloud. Recently, a colleague asked me about the approximate connect time with hosted solutions. “Is it 3 minutes, 2.5, under two minutes?” I believe this was her exact question. In fact, she had been testing multiple hosted solutions and recording and evaluating connectivity speeds. She was so focused on this one small factor that she was completely missing the true value that cloud-based applications offer.
The benefits of moving to web-based cloud solutions far out weigh the extra seconds it may take to connect—
Especially when you consider the overall time saved by operating in a virtual environment. The Cloud eliminates the need to manually backup client data, update and maintain software onsite, or coordinate data exchange with clients. Trust me…this adds up to hours of time savings! But wait! There’s more. Within my cloud system, I can collaborate with my clients in real time— accessing files and data simultaneously, while assured that I’m always working with the most current data. I no longer have to ask a client to close a file when I need to get into it, or log in after hours to avoid disrupting the client’s workflow.