Cloud Tech PDF

Historically, accounts were produced using manual systems. Originally this was a series of books called ledgers (and we still keep the names of these ledgers), and in more recent times manual systems gave way to the widespread use of computerised systems based in company offices. Cloud based services This has now developed to the point where software as cloud-based service packages are commonplace, and whilst these services aren’t suitable for every type of organisation, many organisations have taken advantage of the benefits they bring by switching their systems and processes to services held in the cloud. Switching from manual or desktop computer systems to cloud-based systems isn’t always straightforward. When choosing the most suitable accounting system for a business, many factors need to be considered, including the following. Price Most cloud-based systems are based on a subscription model whereas desktop systems are usually based on an ownership model. The number of users How many users will the organisation need to use? The initial cost of any type of software can increase dramatically when additional users are added in. Accessibility for multiple users The ability for multiple users to access software may be a necessity for an organisation, or might not even be a consideration. Individual access rights for users Some organisations will need to have control over the parts of the software that individual users can see, restricting access to what is required for each user by using password protection. The access rights to override passwords should be restricted to senior individuals. Integration with existing systems How well does the proposed software integrate with the organisation’s existing software? Is there a key existing system that takes priority? Functionality Unless an organisation has bespoke software designed, it’s unlikely that any piece of software will meet its exact requirements. Workflow Every piece of software has its own way of doing things. How do these fit with the organisation’s workflow? Will any processes need to be changed to successfully integrate a new system? Security and compliance With ‘the cloud’ basically meaning someone else’s computer, i.e. that data is stored on a server owned and managed by another organisation, organisations need to consider where in the world data is stored and assess compliance with data protection legislation, and determine how secure the data is. Access to real-time data by multiple stakeholders One of the key features of cloud accounting is that users have access to their data and information from anywhere in the world, in real-time. In an increasingly globalised environment this means that users don’t have to worry about not being able to access their information. One other benefit of global access to data is that organisations can take advantage of the global workforce. Offshoring (where organisations employ people based overseas) and outsourcing (where organisations employ other organisations to undertake whole functions of their business) has become more popular. This is because many organisations have realised they can reduce their cost base by recruiting skilled employees who are located in markets and regions where they are cheaper to employ. Technology and data security risks 27% complete 3 of 11 — Considerations when switching Lesson content Benefits and limitations of cloud accounting Section 4 of 11 Access to real-time data by multiple stakeholders One of the key features of cloud accounting is that users have access to their data and information from anywhere in the world, in real-time. In an increasingly globalised environment this means that users don’t have to worry about not being able to access their information. One other benefit of global access to data is that organisations can take advantage of the global workforce. Offshoring (where organisations employ people based overseas) and outsourcing (where organisations employ other organisations to undertake whole functions of their business) has become more popular. This is because many organisations have realised they can reduce their cost base by recruiting skilled employees who are located in markets and regions where they are cheaper to employ. Continued Access to real-time data by multiple stakeholders: benefits and limitations Access to the real-time data isn’t limited to just the workforce. Multiple stakeholders can be given access to the information and with correct use of access rights this can be done whilst maintaining strict confidentiality. Benefits The benefits of access for multiple stakeholders in the accounting profession are widespread. The ability to access the same information as a client allows the professional accountant in practice to remotely view their client data and identify issues in a timely manner. Whether that is seeing that a transaction has been posted incorrectly, or identifying that profitability has risen and therefore tax planning is required before the year end, it’s certain that it’s a significant advantage over receiving records after the fact. There is also a benefit for clients as they can be given access to workflows to see where the accountant is at in the production of their work. Access to real-time data for multiple stakeholders improves communication. Limitations There are few limitations to this, provided that organisations have strong processes around security and compliance, including users and their access rights. For example: ensuring that access is immediately terminated if an employee leaves, which is a requirement for ensuring information is kept secure ensuring that policies for which individuals can input and process data, and which individuals can generate outputs from the system are implemented. Some organisations have had to create policies to restrict access due to individuals accessing data far beyond the working hours in their contract. Real-time data and an ‘always on’ mindset can have severe implications on individual’s personal wellbeing. Remote data storage: benefits and limitations Data storage has become a primary consideration. Benefits Organisations don’t need to back up data manually when using cloud accounting systems as this is undertaken by the service provider, but it needs to be clearly included in the contract arrangements. This not only removes the need to remember to physically run the backup but it also removes the need to have physical data storage capabilities on site. On site physical data storage can be expensive to maintain, both in terms of equipment cost, and also the physical space it inhabits. Physical backups and security also require on site attendance in many cases. Limitations Access to data may be impacted if the service provider has unscheduled 'down-time' or other technical issues. Also, if the provider were to go out of business, is it clear how an organisation would regain access to it's data? If you were to change software then it could be difficult for an organisation to transition its data to an alternative software package. Automation capabilities: benefits and limitations Increasing the volume of transactions that can be automated can free up considerable time for the user. benefits The ability to automate day to day processes and tasks generates genuine time saving benefits for an organisation. This is a crucial feature of computerised accounting, as organisations continue to look to increase their profits through cost saving. It can also provide a competitive advantage if organisations can harness the additional time saved by their workforce and apply it towards revenue generating initiatives that increase market share. Another benefit is that by automating certain processes, this will result in consistent outputs for stakeholders, as well as a reduction in potential human error. Limitations Organisations need to be aware that automation doesn’t mean that the end result is necessarily correct. Though machine learning has evolved significantly, automation still requires manual intervention to set up and monitor processes to ensure the results produced are accurate. Availability of app/plug ins: benefits and limitations Apps and plug-ins are common place. Benefits Apps and plug-ins allow organisations to tailor their cloud accounting package, enhancing its basic functionality to be more reflective of the organisation’s own processes and workflow requirements. Apps and plug-ins also help organisations to enhance inter departmental communication, as computerised accounting can be integrated with software used by other departments such as CRM software, or stock management software. Limitations Apps and plug-ins are constantly being created, but there is the drawback that they also are removed from the market and may become unsupported with limited notice. An organisation may find it has become dependent upon a third-party plug in that is being withdrawn. Apps and plug-ins may also represent security risks to data. Organisations need to be confident of the provenance of any third-party apps or plug-ins they use, particularly ones that access confidential data that is regulated under the Data Protection Act (2018). Cloud accounting packages are off the shelf, mass market products that may not meet the requirements of certain organisations, regardless of how many apps or plug-ins there are available. Some organisations will benefit from bespoke packages that are tailored to their exact needs. Automated processes have their limitations and organisations will still need to set up and monitor processes to ensure the result is accurate. Access to real time data enables an organisation to more easily take advantage of offshore outsourcing. Organisations need to ensure they know what apps and plugs ins they are installing and must be confident in the safety of their data. Data protection definitions First, a few definitions: The General Data Protection Regulation (GDPR) is data privacy law that applies to most UK organisations. Brexit resulted in the UK adopting its own version of the GDPR, referred to as the UK GDPR1 meaning that all organisations in the UK must comply with the UK GDPR and also the EU GDPR if processing personal data relating to individuals in the EU. Likewise, organisations outside the UK will have to comply with the UK GDPR if processing personal data relating to individuals in the UK. 1Enacted in the UK by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. The Data Protection Act (2018) is the main data privacy law in the UK. Some sections apply specifically to law enforcement authorities and the intelligence agencies. Data Controller The data controller has a specific requirement under data protection legislation to be responsible for, and be able to demonstrate compliance with the data protection principles. The data processor means any person (other than an employee of the data controller) who processes the data on behalf of the data controller, for example, a cloud computing provider. The data subject means any living individual whose personal data is collected, held or processed by an organisation. The importance of data protection As the volume of data available to organisations increases, the importance of data protection also increases. Individuals expect that the data that organisations hold on them is kept safe and only shared appropriately. The data protection legislation sets out specific principles that organisations must adhere to if they process personal data. Organisations that process personal data must also register with the Information Commissioner’s Office under the Data Protection (Charges and Information) Regulations 2018, unless exempt. Most commercial organisations will fall under this category. Breaches of data protection are taken seriously and carry heavy penalties of up to £17.5 million, or 4% of an organisation’s total worldwide annual turnover, whichever is higher, as well as costs associated with incident management, compensation to data subjects, lost business and reputational damage. The principles of data protection Article 5 of the GDPR sets out seven key principles which lie at the heart of the general data protection regime. Lawfulness, Fairness and transparency Processed lawfully, fairly and in a transparent manner in relation to individuals. Purpose Limitation Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes. Data minimisation Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. Accuracy Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay. Storage Limitation Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods in so far as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals. Integrity and security Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Accountability The data controller shall be responsible for, and be able to demonstrate compliance with the principles. The data controller has a specific requirement under GDPR to be responsible for, and be able to demonstrate compliance with the data protection principles. At this point in the information age, it's commonplace to carry out many of our day to day individual and organisational activities using digital methods. This means that we need to think about digital safety in just the same way that we think about physical safety. Cyber security is the practice of protecting networks, systems, hardware and data from digital attacks. Types of cyber-attack Individuals and organisations need to be alert to the threat faced by digital attacks and should have in place measures to reduce the risk of attacks. Data is an expensive commodity, and cybercriminals will try many methods to access or compromise data. These are just some examples of cyber-attacks, there are many more and cybercriminals are constantly evolving their methods. Protecting your organisation against cyber-attacks isn't an optional activity. Phishing This is when fraudulent communications that appear to come from legitimate sources try to steal information, spread viruses or ransomware. It is referred to as phishing when via email, smishing via SMS message and vishing via voicemail or phone call. There is also what is known as ‘spear-phishing’. This is a targeted attempt to steal information where malicious actors research their targets, for example, communications may appear to come from an organisations senior leadership and even mimic the language they use. Pharming A blending of the words "phishing" and "farming". This is when an individual is redirected to a fake website, which mimics a legitimate one, like an online bank website, to steal information. Malware A blending of the words "Malicious" and "Software”, When installed malware can severely disrupt or damage data and hardware. It can also be used to gain unauthorised access to computer systems. Denial of Service A denial-of-service attack is an attack intended to disrupt or shut down a service making it inaccessible to legitimate users, for example, a website, network, or even a programme. Protecting against attacks Individuals and organisations need to be alert to the threat faced by digital attacks and should have in place measures to reduce the risk of attacks. Data is an expensive commodity, and cybercriminals will try many methods to access or compromise data. Access control Cyber criminals use electronic and physical methods – such as compromising passwords or just walking into an unsecured building and inserting a USB into an unattended computer or plugging a laptop into an unattended network port. admin Rights and Management Manage admin rights, disable accounts when staff leave or change roles and block your staff from installing or even accessing certain data on your network. Have robust password policies, such as having secure passwords, turning on two-factor authentication wherever available, and ensure these polices are enforced. For help creating strong passwords take a look at the National Cyber Security Centre’s password guidance #threerandomwords. Firewalls and gateways Putting your network behind a firewall is one of the most effective ways to defend yourself from any cyber attack and is effective against brute force attacks. Malware and virus protection Malware and virus protection software helps keep your data safe from attacks from infected files and sources. Patches and updates Keeping software and systems fully up to date removes weaknesses that cybercriminals exploit. Training and awareness All staff should be made aware of the risks and how to protect themselves and the organisation. For example, teach staff how to look out for social engineering, such as phishing and to think before they click, particularly with emails that are unexpected, contain links and/or imply a level of urgency. contain links and/or imply a level of urgency. Continued There are many methods by which cybercriminals attack their targets, and organisations need to use just as many methods to defend against those attacks. Cyber-security practices can be expensive and it can feel like they are unnecessary, but with most organisations now relying on their digital collateral to operate, it’s more important than ever. Many methods that cybercriminals use include physical attacks such as accessing unattended premises. Draw up a plan In order to make the transition, Beverley needs to draw up a plan of what it is that BBB will need in cloud-based software and whether it will be suitable for all clients or whether some will need to remain on on-premises software. Evaluate software Once Beverley has done this, she can start to look at specific software in the market and consider which has the most features and benefits that will be suitable for BBB. For example, their existing on-premises software may have a cloud based version and this may be easier to transition to. Consider additional benefits Other things to consider are that some cloud based software may provide features that will improve the efficiency of the service the BBB provides or may allow them to generate revenue in other areas. Check data protection and information security compliance Beverley needs to ensure that her data protection policies are robust and understood by her team as BBB will have less control over data held in the cloud than it does in its on-premises software. Evaluate Finally, Beverley needs to ensure that she has a process to ensure the software is working as it should be. The move towards cloud-based systems has opened up opportunities for many individuals and organisations to improve their efficiencies, and streamline their operating practices. It does come with downsides, and one major factor is the need to be even more alert to the threats posed by holding individuals' data. Compliance with the requirements of the data protection legislation is not optional and breaches carry significant risks and can be heavily fined. Additionally, as more information is held digitally, this opens up more avenues for cybercriminals to be able to illegally gain access to this data. Strong cybersecurity policies help reduce the risk of threats posed by cybercriminals.

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue