Marvin (2015) interviews Dr. Chandra Bhansali about cloud-based accounting systems, discussing a couple of issues. The first is the way that cloud-based solutions are changing the way SMBs do business, and the second is the role that security plays in this. Most small businesses become interested in cloud-based solutions because of the efficiency gains, and in particular solving the pain point related to payroll, but they are concerned about security Bhansali is clear that security is an essential component for a cloud-based system, because the market demands it. Accounting data is sensitive, and companies that utilize cloud-based solutions insist that this information be protected to the highest standard.
Bhansali notes that his company moved to Amazon Web Services, which has one of the more secure platforms. Sensitive data is encrypted, in particular things like bank information, social security numbers and employee identification numbers. Bhansali then points out, without getting into specifics, that "we layer a lot of information technology and security (ITS) technologies on top of that to reduce the risk." This approach is something of a shotgun approach, and Bhansali is not specific in the article about what particular apps are utilized. He is also not specific about whether cloud-based accounting companies should gain specific security certifications or not.
Comment 1: The security aspect of this article -- and most others I found -- is quite thin. It doesn't talk about multi-factor authentication, security certifications, or even what apps were in Bhansali's stack, despite alluding to the fact that his company uses them. For the practitioner -- either the end user curious about security or for the mobile AIS company -- the article underdelivers on its promise of useful information about security. All it really says is that security is important, but we already knew that. One would have preferred to find more illuminating information out there.
Comment 2: One mobile AIS app is Bench Accounting. On their website, they talk about security in terms of the human element -- background checks and not outsourcing their staff. That the human element is critical in information security is a known thing; these issues might help a little but the wording doesn't directly address issues like phishing or Trojans that rely on human error to gain access to information.
Ideally, you'd want to see the application have passed some sort of security audit to get certified, and that there would be things like MFA included. So again, there is this issue of lack of detail -- security is important to the end user of mobile AIS, yet even companies trying to sell that service are not willing to market their security credentials, or perhaps do not have them. This raises the question of whether or not security is viewed as a legitimate pain point by those in the business.
Reference
Marvin, R. (2015) How accounting is evolving for a cloud-first world. PC Mag. Retrieved January 31, 2017 from http://www.pcmag.com/article2/0,2817,2493872,00.asp
Bench.co (2017) website. Retrieved January 17, 2017 from https://bench.co/
You’re 100% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.