cloud technology – Page 8 – Cooper Mann Consulting

July 17, 2013May 6, 2014

via Accounting and Business Technologies | QuickBooks Pro and Premier as Software-as-a-Service

QuickBooks Pro and Premier as Software-as-a-Service

Running business applications online was once considered a fad, but has now become a mainstream approach to implementing technology. Businesses large and small are finding that turning technology investments into a predictable expense allows them to focus on their business operations and not the IT budget. For some, the ability to bring remote locations or mobile team members closer to the systems that support the business is the biggest benefit. For others, the security of having business continuity and disaster recovery built into the system is the key. Regardless of the motivating factors, business owners are finding that online application services can make a positive impact to their bottom line.

The market has clearly identified online technologies and application services as something beneficial. This is demonstrated by the rapid adoption and growth of business solutions that leverage the Internet as network. Further, online applications and services are being used as a way to augment systems that were once exclusively LAN or PC based. An example of this is the extension of Intuit’s QuickBooks products to incorporate online payroll services and online payment processing solutions.

With the move to online application services being one of the biggest shifts in technology seen in years, it only makes sense that the applications that have become “standards” in business shift to an online model, as well. The opportunity is great, but the responsibility is greater.

Many software companies are facing a number of problems with respect to the unauthorized hosting of their desktop applications. Because of the technology employed for desktop application hosting is very costly, many service providers feel compelled to “leverage” application licensing and other system features to increase their value proposition and in order to compete. Customers who utilize these unauthorized application services are putting their businesses at potential risk. This risk may come in the form of substandard services resulting in lost or corrupted data; risk may come in the form of unauthorized access to confidential business or personal information due to poor system security; risk may come in the form of exposure due to the unauthorized use of software licenses.

While the market has clearly demonstrated the value and benefit of application hosting services, the lack of protections, consistency and support make it a venture fraught with peril for many. The volume of “grey market” activity and instances of license piracy have undoubtedly increased dramatically, as the cost of service delivery is high and the margins for the service provider are narrow. Manipulating the cost of service by leveraging the application licensing is sometimes the only way some service providers can create profitability in their offerings. But with the prior lack of oversight in terms of service pricing, licensing, quality assurance, or service orientation, it had become the “wild west” for service providers, and the perceived value of the service declined while the number of and variety of deliveries increased.

The answer to the problem, or at least as it exists around the Intuit QuickBooks products, is in the ability for Intuit-Authorized QuickBooks hosting providers to offer subscription access to QuickBooks Pro and Premier licenses when they are hosted. Customers no longer need worry about purchasing their QuickBooks software before engaging with the hosting company, and can avoid the annual cost of upgrading their application software. With the QuickBooks license delivered under a subscription program, customers are able to work with the most current version of the software, and know that their systems are protected and their data is secure. Intuit-authorized QuickBooks Hosting providers can supply, manage, and maintain hosted QuickBooks implementations for businesses of virtually any size and type – all with an Intuit-supported license.

via Accounting and Business Technologies | Joanie Mann: QuickBooks Pro and Premier as Software-as-a-Service.

July 11, 2013

Technology and Tools for Accounting Professionals

old_school_ledger There was a time not so long ago when accounting professionals focused more on tabulation and summarizing of information than on analysis. Accounting for businesses, in particular, required collecting myriad papers and receipts and other transaction documents, summarizing the information, translating it into journal entries, and finally posting those numbers to the big bound book which represented the business general ledger. With the work required to gather and enter all of the information, professionals necessarily focused their efforts on making the process as efficient as possible by attempting to structure the workflow and manage the paper.

When those efforts are compared to today’s approach which involves digital documents, intelligent data collection tools, automated workflow solutions, online accounting and data analysis, it is clear that the processes for accounting for business activities have not really become simpler. In fact, much of the enabling technology has served to complicate certain processes, which drives users to find even more “solutions” to address these new problems. It (IT) is a bit like the Wonka Everlasting Gobstopper, which never gets finished and never gets smaller. IT simply changes things – regularly and often.

Back then – before the Internet and digital imaging, or even Personal Computers – high technology wasn’t the focus because it didn’t exist in the realm of business in general. I suppose you could call business solutions at that time “low” technology, where mainly mechanical solutions were introduced to address various business problems.

old_school_filecabinet

As an example, prior to the advent of digital imaging and electronic documents, one of the primary requirements of the business was to organize and store paper documents. Over time, a wide variety of filing, foldering and labeling solutions have been developed, all oriented towards making the storage and later retrieval of paper documents easier. For some businesses, letting go of the paper is a hard thing to do. Years and years of training in keeping paper files has left many business owners and managers wary of working without physical paper documents. Investments in office space, filing cabinets, storage folders and personnel to organize, file and retrieve all of the documents is only a partial measurement of the cost of managing paper, and large numbers of businesses continue to operate in this manner.

old_school_desk

The technology applied to processing the work has also changed, in many ways even more dramatically than the technology applied to collecting and storing the information. Take the simple processes of tabulation (to arrange in tabular form; condense and list) and summing (adding up) information, for example. Previous generations didn’t have computers and spreadsheet software to perform the work. Rather, individuals would painstakingly handwrite each transaction entry into a ledger or on a columnar worksheet, and would then have to manually add each column and then cross check footer totals to ensure accuracy. Back then, the machines used to perform the addition/subtraction were mechanical devices and could not perform multiplication or division. These adding machines were first hand-cranked devices, later replaced with shiny new electrical ones (weighing approximately 20 lbs each).

Even voice communications have changed dramatically over the years. Many people don’t remember a time when having multiple phone lines in the business meant having multiple telephones, and the concept of a PBX (Private Branch eXchange) didn’t exist. Every phone would be hard-wired to an incoming line; if you wanted to answer a call, you had to use the right phone. This became difficult in an office with many people, so solutions such as the “fabulous extendo-phone” was invented to allow anyone in the office to access the phone from their desk.

The technology available to businesses today is astounding, and offers amazing potential and benefit. On the other hand, technology rarely (truly) makes things simple or easy – it more frequently serves to shelter certain users from the complexity while delivering new workloads and concerns to others. It’s rather like energy – it isn’t created or destroyed, it just changes form [law of conservation of energy]. Business is like that, particularly where information technology is involved. The underlying requirement doesn’t go away, just like a business’s requirement to account for financial transactions and activities, and the need for the business to capture and retain documents isn’t changed. How the process is managed, and which tools or mechanisms are applied to the task is what changes.

Make Sense?

One-Write System Revolutionizes Accounting. These guys had the right idea, they just didn’t have the cloud.

Read about how accountants need to help their small manufacturing clients get in front of the ball
Read more about how accountants need business intelligence, too
Read more about how there’s no fear and loathing in accounting
Read more about the pressure on accountants to deliver more value and intelligence to their clients
Read more about Data Warriors: accounting in the cloud

July 9, 2013

Cloud IT: Hiding Complexity and Risk

Cloud computing and Internet technologies have delivered previously unimagined capability for even the smallest of businesses – capability to compete, build brand recognition, and reach markets in remote geographies. The mantra for businesses used to be “location, location, location”, but it’s become connectivity – perhaps even more than location – which now delivers business opportunity. As technology has evolved, allowing businesses and consumers to connect regardless of time or place, the complexity of the systems and networks have also increased dramatically. Where a business could once easily identify their various vendors or business service providers, the identification of those involved in the service ‘delivery chain’ are no longer so easily recognized. Among the benefits of cloud computing technologies is the ability to reach beyond traditional boundaries. The risk for many businesses is in not fully understanding how, and with whom, those boundaries are being crossed.

For many an enterprise, the convenience and efficiency introduced with cloud computing models overshadows the increased risk potential. Service level agreements and vendor contracts are assumed to be sufficient to protect the business and its information assets, yet recent events (such as the recent reveals of PRISM and the actions of the National Security Agency) should cause businesses to look a little deeper at their entire provider network. It’s not that the average business should be concerned about government snooping of their emails, but they should be aware of who has access to their systems and data, and which entities are responsible for which parts of the system. It’s only prudent to know the details, and it is the best first step to mitigate business risk.

Enterprise Clouds are complex, sophisticated entities which invariably rely on a daisy-chain of third parties and contractors to help build, run and maintain their Cloud provider’s systems. The organizational and technical complexities are additive, resulting in increased systemic risk. Systemic risk is the least visible and hardest to eliminate, and those risks become real when the providers’ systemic risks become [yours].

The question is, how well does your Cloud provider manage the ecosystem of contractors and third parties that are farther down the food chain? This is even more relevant in the globalized workforce, where, paradoxically, Cloud and related technologies have greatly facilitated the outsourcing and offshoring of work to low-cost countries. http://www3.cfo.com/article/2013/6/data-security_prism-national-security-agency-edward-snowden-cloud-implications-vendor-management

Before executing a service agreement with an outsourced provider, make certain that the details of facility, connectivity, network, equipment, and other elements of the delivery and system are spelled out. Business subscribers should know where the various points of failure exist, and which company is responsible for dealing with each. If a carrier fails and connectivity to the data center is lost, the hosting service provider may be powerless to impact the situation, even though access to service is part of the SLA and requirement. If a hosted software product has a vulnerability or fails to perform, the developer of the product is likely responsible, rather than a hosting service provider. The point is that there are often multiple players in the delivery chain, and customers should be aware of this reality prior to engaging with the service.

Ultimately, the business with mission critical data in the possession of a 3^rd party service provider should have a healthy helping of doubt as to whether the provider has full control over their environment. Business owners, managers and CFOs should recognize the increased necessity of evaluating risk within their provider systems and in provider/vendor relationships, to keep trade secrets secret and prevent intellectual property from becoming the property of others.

Joanie Mann Bunny Feet

Make Sense?

June 19, 2013

HIPAA Privacy and Security and the Cloud

Is your cloud solution or hosting service HIPAA compliant? This is among the most frequently asked questions from professionals shopping for cloud hosting service. Unfortunately, it is also among the questions most frequently answered with ambiguity, or with naiveté. The problem is that many businesses dealing with HIPAA compliance responsibilities as it relates to protection and security of personal health information may not fully understand their responsibilities as they extend to outsource IT and other service providers. In the case of HIPAA compliance, many providers suggest their compliance without truly understanding what it means, and are introducing significant risk to their business and subscribing customers because of it. With recent changes in rules relating to protection and control of personal health information, it is not just the health care provider, the health plan, 3^rd party administrator or others that process health insurance claim information which must agree to provide adequate controls – the requirement may fully extend to business associates of these entities… possibly including their cloud service or hosting solution providers.

Some of the largest breaches reported to HHS have involved business associates. Penalties are increased for noncompliance based on the level of negligence with a maximum penalty of $1.5 million per violation. The changes also strengthen the Health Information Technology for Economic and Clinical Health (HITECH) Breach Notification requirements by clarifying when breaches of unsecured health information must be reported to HHS. http://www.hhs.gov/news/press/2013pres/01/20130117b.html

HIPAA guidelines and rules exist to protect and secure personal health information, a requirement growing in importance with advancements in technology, electronic health records, e-billing solutions, and cloud computing adoption. Where the regulations were once focused on the entity directly involved in generating or processing the information, the view is now extended not only to 3^rd party administrators, but also to the technology solutions and providers involved. When a “covered entity” (an entity with a responsibility to protect and secure personal health information [PHI]) makes a decision to move this information to the cloud, a number of important and complicated issues must be addressed in the agreements with the service or solution provider. These issues include security and privacy of information (including providing individuals the right to access and request changes to the stored information), tools which may be provided to allow the customer additional security protection, encryption of data at rest and in transmission (and who holds the keys), data location, return of data, disaster recovery, and service levels.

Cloud provider contracts and business associate agreements with cloud providers are not one-size-fits-all and should be negotiated carefully to protect PHI in a manner that accurately reflects the capabilities of the parties http://www.americanbar.org/content/newsletter/groups/labor_law/ebc_newsletter/12_winter_ebc_news/ebc12winter_cloud.html

The provider delivering cloud hosting services to the business may now be considered to be a “business associate” under HIPAA, meaning that the responsibilities of the Customer (the “covered entity”) also extend to their service provider. For any business operating under a HIPAA compliance requirement, moving to the cloud must necessarily involve a detailed discussion and set of agreements that spell out the “business associate” relationship as well as the details of the service delivery and accepted performance levels.

Joanie Mann Bunny Feet Make Sense?

June 13, 2013June 17, 2013

Preparing for Disasters of the Legal Kind

As businesses begin to realize the benefits of cloud computing and business data mobility, they may be overlooking one of the most important issues any enterprise can face: information management in the event of litigation. While the IT department probably has a disaster recovery plan for handling various computer system failures, is there also a plan for managing system data and electronic information in the event of a “legal disaster”? In the spotlight is e-discovery, which is the requirement of the business to respond to legal requests for electronically stored information, and the issues CIOs and business owners should be paying attention to as computing solutions and technology models continue to change at a rapid pace.

The popularity of BYOD (Bring Your Own Device), data sync solutions, and online collaboration tools has created an environment where business data may exist in various states (meaning as in conditions or status, not as in State, like California) and on a variety of devices and systems, some of which may not be in the direct control of internal IT. Regardless of where or how the information was delivered to these devices and systems, CIOs and business owners should recognize that the information on those devices is included in discovery requests, and should be prepared with a plan for dealing with the response.

This “e-discovery plan” is the most important thing, and it means not only working through the various aspects of managing the information, but also providing consideration to keeping the plan updated. As technology changes, and as user behavior changes along with it, businesses must adjust their IT management approaches in kind. Consider that a user couldn’t store business data on their phone until the phone was able to handle that function. Now that smartphones are the norm and tablet computers are gaining in popularity, business data is roaming on personal and business devices. These advancements may introduce productivity and process gains which provide an advantage to businesses, but they also introduce potential risk and certain complexity when it comes to e-discovery.

Litigation is always expensive, but sanctions for slow response or other costs can be avoided if the plan helps the business respond in a timely manner. For this reason, the plan should include an identification of all sources for information (every location where business information and data is stored), as well as the steps to be taken to preserve this data in the current state. If the business has systems which regularly purge information (like accounting systems which purge prior period details, email systems which automatically purge old emails, or backup systems which delete old backup files as new ones are made), all of these activities must be halted. If the company doesn’t have access to control the various devices and systems to prevent these activities (or doesn’t know that they are happening), significant risk is introduced. In the case of a legal “hold”, all data and metadata and the audit controls and files must be preserved.

The final steps in the plan are the steps to be taken after the litigation is over. This is often times a forgotten part of the plan, which is the final destruction of the information gathered for discovery. Not that the original data must be destroyed (consider ALL dependencies), but the “database” of collected information related to the litigation probably should be. With this data pooled in a single place, it becomes a potentially valuable target for a data breach. At minimum, the collected information could too-easily be pulled into an entirely new legal case.

IT managers, CIOs and business owners must be realistic about the information their enterprises generate and store, including being realistic about the risk potential that duplicated and mobile data represents. It is not that the enterprise should be afraid of allowing mobility and providing remote access solutions, but it is essential that the enterprise control the use of these solutions and how they use or interact with business data. Without a strictly enforced policy of usage and control for all devices, services and solutions “touching” business data, any legal disaster planning falls short.

Joanie Mann Bunny Feet Make Sense?

Read More:

June 12, 2013

e-Discovery in the Cloud: Benefits versus Risks

After many years of working with business professionals in “enabling” their organizations to make better use of technology, I must say that it is a bit frustrating trying to get folks to understand that this new and wonderful cloud computing model (or Internet-based computing, SaaS, or whatever-you-want-to-call-it computing) is still just technology. It uses computers and disk drives, it runs software, it takes electricity, and it was developed by human beings. It can break. It’s not magical and perfect and you can’t get the good stuff for free. Swim at your own risk. So, assess the risks, and measure the benefits against the risks and costs. For many, the benefits outweigh the risks, as cloud computing approaches can deliver advanced capabilities at cost levels not previously available to most businesses.

No industry is immune to the security and access considerations surrounding a cloud computing model. Particular those lawyers involved in e-discovery (all of them) have recognizing the potential benefits – and tradeoffs – of the model. This reality was clearly revealed at the ILTA (International Legal Technology Association) 2010 event in Las Vegas. While the discussions at the conference were oriented specifically towards the legal profession, the IT-related discussions are totally relevant to every business. Accounting and finance professionals should pay close attention to this type of conversation, as it relates very directly to accounting’s approach to information technology and the application of IT in the business or professional practice.

In a recap of the event entitled ILTA 2010 in Las Vegas: Strategic Unity, Defensibility, and the Cloud, author Chris Dale discussed that professionals in both public and corporate service must work with the IT departments towards a common goal. “IT is no longer just a service department providing an infrastructure, applications, training, and troubleshooting.” While these elements still remain as critical aspects of IT, the role has grown to also incorporate considerations for collaboration (collaborative information management), mobility, and social media.

Recounting one session attended, called Defensible Ediscovery Processes, the author related the variety of definitions provided to the general term” defensible”, which were pretty amusing. These definitions ranged from “protected against attack“, to “less lousy practices“ or “practices which suck the least” (my personal favorite), and finally, “what you can get away with without being found guilty of spoliation“. From these definitions then came qualifiers, such as “reasonableness” and “faith”.

Why would defensible processes be important, and how does this relate to IT or cloud computing? An example of the element of “faith” came up in this context: ” how can [lawyers] have faith that the technology is delivering the right answers?” A panelist gave the sample of “an email retrieved from (or possibly not retrieved from [love those lawyers]) a system, with 26.5 pages missing. How can you be sure that the systems which you are using will not do that to you?” These are valid questions in any IT environment, and are no less important when considering a cloud-based technology model. The trade-offs are related to perfection in functionality and performance of the solution versus cost, and should be measured in proportion to one another.

The tradeoffs may come in a variety of areas, with collaboration and connectivity being the primary drivers (collaboration) and barriers (connectivity) to the model. Businesses are more than ready to adopt cloud computing strategies based on the belief in improved collaboration, access to information, and improved IT management, but tend to overlook the offsets in the areas of bandwidth availability (and consistency), application functionality (or lack thereof), and level of support available from the provider. In support of this argument, Jerry Justice (IT Director for SS&G – Certified Public Accountants and Advisers) posted in a LinkedIn discussion on the topic that “by design the Internet is ‘reasonably’ connected, but not the same as a well-connected [local] network. the upside is it gives you the ability to connect from great distances, the tradeoff is that you experience variable connectivity.”

“The underlying issues are that there is a paradigm shift to working on the Internet (from working in the office) and then another shift when you add in cloud-based environments (versus local apps). It is possible to be very productive, but .. you have to adapt your approaches“.

The idea “that perfect must be qualified by cost and proportionality” was also discussed in an ILTA session on cloud computing which included panelists from Autonomy iManage, Mayer Brown, and Ernst & Young. “Cloud computing remains a contentious area, with no obvious agreement even as to what the term means, let alone as to its implications” wrote Mr Dale in his recap of the event. While the panelists held differing views, the representative from Mayer Brown held a position similar to Mr Dale, in that it is important to “dissect the objections one at a time, accepting that there is room for more than one view, and testing arguments against the alternatives. Arguments based on pure cost are pretty compelling, and if one method of achieving an objective is very much cheaper than the others, then the burden shifts to those who argue for the more expensive route.”

Discussions went on to describe differences between public cloud providers and others, who segregate customer data in “private and identifiable silos”. “The key word here is identifiable“, writes the author, “which connotes a geographical certainty as well as anything else. I sometimes wonder if the imagery associated with cloud computing (invariably a jagged line disappearing into some cumulus) does not leave some people with the idea that their precious data is indeed floating in some inchoate container up in the air.”

“If you neglect to provide in your contract that your data remains in a specified jurisdiction, and if you fail to conduct proper due diligence checks on the provider, then you deserve all you get. Like any risk assessment, it involves weighing cost against other factors; most of these other factors are definable and quantifiable“.

I couldn’t have said it better myself.

Joanie Mann Bunny Feet J

original post March 24, 2011

Share this:

Technology and Tools for Accounting Professionals

Share this:

Cloud IT: Hiding Complexity and Risk

Share this:

HIPAA Privacy and Security and the Cloud

Share this:

Preparing for Disasters of the Legal Kind

Share this:

e-Discovery in the Cloud: Benefits versus Risks

Share this: