it’s a team approach, not a handoff.
by william murphy
accounting firm operations and technology survey
it seems that everyone is “going cloud,” or soon will be. if you are not already in the cloud, chances are you are working your way toward getting there, or you are at least thinking about it.
one reason you are thinking about abandoning those servers in your back office is to avoid the possibility of cyberattack and the loss of your data, or a “holdup for your data” in the form of ransomware. you think that moving to the cloud is going to give you the ultimate in cybersecurity when it comes to protecting your data and the confidential information within it. you had better think again!
the continuing shift from client-server architecture to cloud-delivered solutions and services does not mean that companies can ignore data security and cyber threats. to the contrary, companies cannot solely rely upon their cloud solution/service providers to “secure” their data and protect their service/solution delivery against such threats.
hosting companies are commonly a source of cyberattack.
i am personally aware of a couple of hosting companies that support quickbooks (desktop) users that have been the target of a cyber attack within the past few years, and those attacks left those quickbooks users without access to “their data” for a considerable time period.
you might be wondering, how could such an attack occur? possibly because an authorized user brought the cyber infection into the environment with them because they were unprotected along the way. the problem is – and always has been – that traditional methods of cybersecurity occur at one place or another. we hope that our antivirus software does the trick when we receive data… and we guess we are sending out uninfected information when we transmit data, or at least we hope “the other guy’s antivirus software will catch it, if it is infected”… right?
but according to microsoft, “security professionals today face serious challenges in their effort to protect company and employee data across existing networks, cloud apps and mobile devices. digital transformation is dissolving network boundaries and expanding the attack surface to new devices, users, applications, and platforms.”
so, while the failure of traditional cybersecurity approaches to prevent cyber threats and safeguard company data has compromised countless bytes of data, it has also served as the basis for the development of an entirely new set of endpoint protection platforms, as well as endpoint detection and response solutions. emerging automation and the use of artificial intelligence in these epp and edr solutions such as those offered by microsoft and palo alto networks not only provide greater sensitivity to potential attacks but provide faster predefined incident response and remediation.
the new tools use advanced analytics and ai to combat cyber threats across all the data landscapes – not just servers and workstations but across all related partner solutions and platforms with which they are integrated, including the inbound and outbound internet gateways. but just as “going cloud” required a new way of thinking to move away from “the box,” solutions of this type require a change of mindset as well because you can’t have this type of cybersecurity for “less than $50 per workstation installed locally for three years with free updates,” and you can’t rely on your hosting company or even your cloud-based saas provider to be 100 percent responsible for the cybersecurity to protect your data. it has to be a team approach between you and your cloud provider, and if your cloud solution provider isn’t up to speed on this level of cybersecurity, then it’s time to start looking for another cloud solution.
in my way of thinking, “cloud computing” means more “cybersecurity” than ever before because we are more exposed to the threat source, the internet, than we were when we focused our attention primarily inside our own little local networks. does that mean you should avoid “going cloud”? no way, but it does mean that you must be ready for the new wave of cyber threats and the new technologies that are designed to protect you – and you must also be willing to pay the price of those new technologies to keep your data safe.
william (bill or “murph”) murphy, is a senior editor for the insightful accountant. he is an advanced certified quickbooks proadvisor with over 30 years of consulting experience. for many years he was the “anchor” of the national advisor network’s online forum. a three-time consecutive winner of the nan online mvp award, murphy has published articles in numerous industry publications and served as technical editor for business analysis with quickbooks by wiley publishing.