Todd Colvin

Director, Enterprise Data Security, Paychex, Inc.

Happily, a cloudy forecast for cyber security

It's every accountant's nightmare: A hacker breaks into your computer system and steals clients' personal and financial information. Your firewall proved inadequate, your data encryption failed. The security you promised your clients was no security at all.

Cyber security — the protection of computers, networks, programs and data from unauthorized access — is mandatory in our technology-dependent society. It's not only large companies such as retailers Target and Home Depot, and health insurer Anthem that have suffered grave and embarrassing data losses. Businesses of every size are vulnerable to data theft.

If your accounting firm still hosts data in-house or on a locally hosted server, your sensitive client files are at risk from:

  • Computer viruses, malware and other invasive programs that can erase or corrupt information;
  • Breaches resulting in data theft, which can damage your firm's reputation and bottom line; and
  • Disasters, such as fire, flood, tornadoes and hurricanes, which can wipe out local storage, disrupting business operations on a major scale.

So dire is the threat to the safety of the nation's digital information that President Obama, in February 2016, directed his administration to implement a Cybersecurity National Action Plan to take near-term action and establish long-range tactics to "enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security, and empower Americans to take better control of their digital security."

CNBC listed the top five current cybersecurity risks as:

  • Ransomware – malware that restricts access to the computer system that it infects;
  • The Internet of Things – the connection of physical devices, such as home appliances and cars, to the internet;
  • Cyber espionage by foreign governments;
  • Cyber theft of personal and financial information; and
  • Insecure passwords.

Here are a handful of reasons why the so-called "cloud" offers a much safer haven for your company's data than on-site servers. An easy way to think of the concept of the “cloud” is to think of it as your electric provider – it’s always on whenever you need to use it. Not only that, it’s hosted outside of your office and allows 24/7 access to your data from anywhere.

Benefits of cloud service offerings

For businesses of any size, cloud-based safeguards include:

  • Automatic backup;
  • Dedicated firewalls;
  • Fraud protection;
  • Electronic audit trails;
  • Encrypted data storage; and
  • Off-site servers.

For CPA firms, for example, the security benefits of cloud-based accounting application can exceed those provided by locally hosted software. Businesses recognize those benefits and are reacting: As of October 2015, more than half of small to midsized U.S. businesses had adopted cloud-based service offerings.

Other research shows that:

  • 56 percent of companies are still identifying information technology (IT) operations that fit with cloud hosting;
  • Security, IT integration challenges and information governance are the three biggest issues delaying organizations from going to the cloud; and
  • The three departments that fund cloud initiatives outside of IT are marketing, sales and human resources.

Some organizations prefer to take a hybrid approach to data security, using cloud services from several vendors, rather than just one, and using both public and private clouds. A 2015 RightScale survey found that 82 percent of enterprises reported a multicloud strategy, compared with 74 percent in 2014. This can be helpful when trying to avoid the risks that can be association with putting “all your eggs in one basket.”

Cloud services yields significant ROI

Moving data to the cloud is cost-efficient as well as security-wise. Return on investment (ROI) can mean average annual savings of more than 20 percent annually. Cost effectiveness comes in a number of ways:

  • Lower cost – No need for in-house servers or staff to maintain data on site. No more budgeting for in-house technology, such as servers, routers, software and support. With cloud services, you pay a monthly hosting fee and the cost of a dedicated internet connection. A DC Velocity survey found that 50 percent of business cloud users decreased IT expenditures by 25 percent by leveraging this strategy.
  • Ease of use – If you use the software as a service (SaaS) model supplied by online application service providers, you interact with your data via a web browser. (SaaS is any software you run that's not located on site, and makes the most sense for business.) The application, as well as data storage, is securely outsourced.
  • Anytime access to data – Cloud storage with SaaS often allows authorized personnel to securely access the firm's data at any time via computer, tablet or smart phone.
  • Vendor-managed upgrades, backups and security – Because the vendor hosts the software, it's responsible for its maintenance, enhancements and reliability. Data-center hosting of your company's information yields the added benefit of at least some disaster recovery. The DC Velocity survey found that 94 percent of respondents stated tangible security benefits from moving their business data to the cloud.
  • IT staff freed for other work – Employees who once supported in-house data storage and reacted to problems can now shift their focus and help your business with expansion, data analysis and other proactive tasks.

Choose a vendor for the long haul

When choosing a contractor for cloud-based services, do your research and make your selection thoughtfully. Ensure the vendor has a sterling reputation, an established presence in the marketplace, financial stability and exemplary customer service. Get in touch with other accounting firms to learn about their experiences with cloud services and particular vendors.

Peruse the details of potential contracts. Ensure you understand what vendors offer regarding data security, data ownership and data access — and data recovery, if the relationship ends.

Data theft and security breaches represent pervasive threats, regardless of the size of a business. That's why, after a systematic appraisal of the risks and benefits involved, it's easy to see why many accounting firms are opting for a cloud-based software solutions to increase ease of access, cost effectiveness and data protection.

Todd Colvin is the director of data and systems security for Paychex, Inc., a leading provider of integrated solutions for payroll, HR, retirement, and insurance services.

Erik Asgeirsson

President & CEO,

Tech Leaders Get Their Say: Wrapping up the AICPA/ Executive Roundtable


We concluded another successful AICPA/ Executive Roundtable on Jan. 21-22, an event Seth Fineberg of AccountingWEB rightly called the “U.N. of accountant-focused tech companies.” It’s a unique crowd and each year I come away with fresh perspectives on what’s brewing in the technology companies that serve CPA firms and their small business clients. Here some themes I took away from the 2016 Roundtable:


  • Call it – the cloud debate is over. Attendee after attendee said it’s no longer a question of moving to the cloud and adopting new technologies. Firms and their clients now simply ask, ‘How?’ That’s an important change in mindset. The tech community recognizes its responsibility to make systems easy to setup and to help with the transition from on premise to the cloud.
  • Automation in accounting is becoming more sophisticated, but a human touch is still required. The concept of the Trusted Business Advisor will always be in vogue, as long as CPAs continue to acquire new skills and develop an ease in wielding technology.
  • No magic bullet yet for practice management woes. Vendors are working on many exciting ways to help CPA firms manage their clients and improve productivity. There seems to be general consensus, however, that there isn’t a single practice management solution that solves every problem. Many participants say there is still too much time wasted with duplicate entries and other software integration hiccups.
  • A shakeout is coming in some vendor categories. There are a lot of innovative companies in expense management, payroll, billing and other fields, and many vendors predict significant consolidation over the next few years. That’s good news for practitioners, as it indicates continuing development that ultimately should lead to better product offerings.
  • Training and strategic planning must evolve. CPA firms need to realize that innovation is a firm-wide initiative, not just the province of senior leadership or the IT department. Don’t place this responsibility on one person in the firm, but create a team composed of staff from various levels of responsibility.
  • Cybersecurity and risk aren’t just topics to keep you up at night. AICPA executives Ash Noah and Sue Coffey underscored that, when it comes to assurance, these categories represent significant opportunities for CPAs in management and public accounting.

Over the next few months, we’ll be releasing videos of conversations with some Executive Roundtable participants, and we hope you’ll visit to watch and respond to them. Let’s continue the conversation.

SaaS vs. Cloud – What’s the difference?

If you've been keeping up with the latest advances in online or web-based technologies, you have probably heard about SaaS (Software as a Service) and Cloud Computing. What's the difference? Or, rather, is there a difference?

Conceptually, you will find definitions for these two terms vary from web site to web site. One expert says one thing, another expert says another. To add to the confusion, you'll discover there is often a lot of overlap in these definitions. For the purposes of this web site, you can consider "cloud" just another word for the Web. The Internet and the Web are up there in the clouds, so to speak. Hence, "Cloud Computing." All of which means if you are using an online, web-based service or financial program, you're effectively using a cloud-based service.

So where does SaaS fit in? Any software company that offers their business and/or financial programs or services on demand through the Web can be considered Software as a Service. Contrast SaaS with traditional packaged desktop software products such as PowerPoint, Quickbooks, Excel or Word. In the old software model, you purchased a product and installed it on your computer. Of course, with on-site desktop software came the ongoing headache and hassle of installing and maintaining the product, getting updates, fixing bugs, purchasing upgrades, etc. In many cases, your firm might have to dedicate an IT or tech person to provide endless tech support for your on-site software. In addition, if you have 10, 20, 30 or more users in your firm, you would have to purchase a software license for each user or desktop. The costs can grow quickly!

SaaS or cloud-based services can eliminate or significantly reduce all of those problems for your firm and your clients. What's more, the program you access through the Web is always up to date because the provider can install updates on their own servers as often as needed. The SaaS provider takes care of security, software updates, etc. All you need is an Internet connection to start using a SaaS (or cloud-based) program.

Another thing to keep in mind with cloud or SaaS programs is that you don't own the software, you simply pay for the right to use it online for a given period of time. (Think "buy" versus "rent" as an analogy.) Cloud and SaaS solutions can be provided on a subscription or pay as you go service. They are usually scalable as well, which simply means as your business needs grow, the SaaS program can grow with your needs, too. It's all up to you, the provider of the service, and the contract you agree to.

How do you define SaaS and cloud-based programs? Do you disagree with the definitions described here? No matter how you define these terms, the key point to take away is that SaaS (or cloud computing) is transforming the way we interact and do business with our clients. And, ultimately, that's what truly matters most.