centralized applications – Cooper Mann Consulting

laptop drawing The portable computer is an essential business tool for day’s mobile workforce, having the power and portability to meet the demands of executives and professionals working away from the office. While executives and mobile professionals get the applications and data they need to keep productivity high, carrying business data on devices outside the network introduces significant business risk.

There are studies which estimate that as much as 80% of the data a small business owns (data like customer files, contracts, product information and financial data) is copied to or stored on portable computers. When valuable business data is lost or stolen, the business can be exposed to a variety of problems – loss of revenue being just one. Losing track of business data can create legal issues, too. Customer privacy may be compromised, sensitive information could be exposed, or confidential plans might be made public if a business doesn’t take the right steps to secure its data.

It isn’t just the possibility of loss or theft which increases risk when data is copied to portable computers – the increased vulnerability of the information sits with the likelihood that the user will access unsecured networks, launch non-corporate applications, access private email accounts and perform other non-business related tasks with the computer because they have more access than with a fully secured corporate in-office desktop. User behavior is often what puts corporate data and assets at risk, regardless of the policies that might define correct and acceptable procedures. It is very easy for workers to unknowingly lose and leak data, and when the data is present on the portable computer it gets even easier.

A 2014 study commissioned by Cisco Systems found that employees around the world continue to engage in “risky” behaviors that put business and personal information at risk:

The majority (70%) of surveyed IT pros believe that as many as half of their data loss incidents are due to authorized program installations
44% of employees share work devices with others without supervision
39% of IT professionals have dealt with employees trying to access unauthorized parts of the company’s network
Almost half of the employees admitted to copying data between work and personal computers when working from home
18% (up to 25% in some regions) of employees shared passwords with their co-workers

Companies must not only protect their data for their financial well-being, but must recognize their legal obligation to protect much of the information, as well. The risk extends beyond the walls of the enterprise, to vendors and customers and consumers whose information may be stored in the company data. Additionally, portable computers exposed to malware and virus attacks are likely to pass the bad code to other systems they come in contact with, introducing not just risk for the recipient but liability for the infected laptop owner.

Where mobile computing brings huge advantages to today’s business, owners would do well to consider the benefits of enabling mobility through the use of server-based and hosted computing models. Rather than installing software and copying data to PCs and mobile devices, workers should be able to access a central system where the applications actually run. IT management is more efficient and security is easier to enforce when applications and resources are contained exclusively within the corporate boundary, even if they are accessible from without.

Virtual desktop and remote application solutions offer features that address a variety of potential risk factors as well as enabling improved management and security of IT assets. Centralizing and securing applications and data resources at the server allows businesses to deliver the mobility and functionality users need while enabling the information security and management the business demands. This is a foundation upon which remote desktop and remote application technologies were built, allowing users to have the real-time access to applications and data with full functionality and desktop modality, but without the requirement to install, manage and secure applications and data on the individual devices.

Make Sense?

Accountants and Clients Working Online: who owns the data?

Mobile device support and remote access to applications and data is becoming a standard requirement for most businesses today. The “online” working model goes a long way towards addressing problems face when they need to get team members together no matter where they are. When the information is stored and managed centrally, it is easier to provide access to outside accountants or other professionals. Yet, while this collaborative working model solves numerous problems, it also introduces a number of issues that neither the business owner nor their outsourced professionals may have thought about. One of these issues is the challenge represented with dissolution of the engagement, and subsequent division of information assets related to it. This separation can become unfriendly and problematic if the parties do not have an agreed-to plan. Quite frequently, disagreements result from the use of subscription-based online services which are not clearly delineated as customer-controlled versus provider-controlled. In these cases, clients may benefit from the use of a service through their provider, not understanding that the provider ultimately owns or controls access to the solution and maybe even the data associated with the account.

In general, it is safe to take the approach that whoever pays the bill for the service is the owner of the data associated with it. This “he who pays the bill owns the data” approach is simple and it makes the most sense. Consider that the individual paying the bill for the services is the individual who is financially obligated for what occurs with the service, so it makes sense that they would have authority over service access and usage.

It is quite common in outsourced and online accounting models for a professional firm to subscribe to services or solutions which help them support various processing needs for their clients. Solutions such as Bill.com or Paychex provide tools to assist professionals in efficient delivery of various process-support services, such as bill payments and approvals, or payroll processing and reporting. These tools are utilized as part of the professional service offering, and are generally not directly exposed to the client users (other than in specific contexts, perhaps). Separating the client from these systems is usually not difficult; the professional simply stops using the solution for that ex-client. Since the transaction information from the solution ultimately integrates into the accounting data file, the accounting firm can simply return the accounting data file to the client without losing their process support data in the online service. On the other hand, if the client was the subscriber to the solution and the accounting professional was “invited” to participate with them, the separation would mean that the accountant no longer had access to the online data, and the client would retain use of the solution.

In contrast to a process-supporting solution, separations become far more complicated when the online solution includes fundamental tools for the client like general business application access and data storage. Consider that a business decides to use SmartVault for its document management needs, and also wants to connect documents and files directly to transactions in their QuickBooks accounting system. In this situation, the accounting data and the document vault are closely connected, and contain a wide variety of valuable business documents and files. When the solutions are both run as online services, where the QuickBooks applications are hosted along with the integration for SmartVault, both the accounting professional and their business client can work more closely and in real time, creating much more value in the relationship. If the relationship does not work out, however, separating applications and data can be a frustrating process for both parties if there isn’t a clear understanding of who gets what. It would be easier perhaps if the question centered on an accounting data file, but in these situations the problem extends to questions of ownership of source documents, working papers, and even application software licenses.

Accounting professionals need to protect the value of the work they perform on behalf of the client, and the business owner needs to have their business information and applications. Clearly understanding how to orient subscription based services to protect the interests of both parties is an important element in providing the highest level of professional service to clients. In some cases it makes sense for the professional to own and control the subscription, particularly if the service is an element which supports professional services delivery. These tools help you provide services to your clients, and the client benefits from the result of use of the solution. If the client leaves you, then it is up to them to “tool up” their own operations to handle those processes.

In other cases, it makes far more sense for the client business to own and control their online services, and invite their outside professionals to participate. The benefits of working together are still present, and the remote access and mobility aspects benefit the business owners and team members as much as their remote professionals. The accounting professionals can preserve their working papers and other work product on their own systems, drawing a clear line between their retained data versus that of the client and making a potential future separation much easier to facilitate.

Make sense?

Share this:

Accountants and Clients Working Online: who owns the data?

Share this: