Why should you consider moving services to the cloud?
Most accounting firms have their run-of-the-mill issues such as finding the right staff, a decline in loyalty from clients, and downward pressure on how much you can charge for services, but the same can be said for many in the service industry.
Add to this the growing threat of cyber crime (and of course accounting firms being juicy targets for cyber criminals) and the accelerated pace of technology, accounting firms are facing greater pressure each month.
So how does Cloud computing fit into all of this? Many accounting firms are switching to Cloud infrastructure for the following main benefits:
When it come to cost, the first question you should probably ask is: Is the service a pay-as-you-go, or will you be locked in a contract for a certain period of time? PAYG has the advantage of easy scalability, while contract represents a fixed cost making budgeting easier. Ultimately, you need to ask: “What’s best for the business?”
Remember that PAYG could be seen as a fixed cost as long as you don’t make any changes or upgrades, which means budgeting isn’t really that much of an issue, so perhaps consider PAYG as an option. I’ve seen a few very sneaky tactics some Cloud providers use to indefinitely lock you in – such as resetting the 3-year contract duration each time a new user is added or removed. A PAYG service, however, gives you the flexibility to add or remove users as they join or leave the firm, and you only pay for the actual usage (caveat: make sure this is in your SLA or contract).
One way of looking at costing is to add all expenses of your IT infrastructure and then dividing that by the life expectancy of the infrastructure. Because different machines have different life cycles, you’re probably better off breaking this down into smaller chunks, e.g. ‘Desktops’, ‘Servers’, ‘Firewalls’etc.
Remember to consider staffing when doing this exercise – if you have virtual cloud-hosted servers, support & maintenance is someone else’s problem; support & maintenance of your own servers is your problem and requires a higher level of technician/engineer to look after them.
Other prorated items to add to your costing is UPS, electricity consumption, fire protection, air conditioning for the server room, floor space occupied by the server room, and licensing costs, to name the most obvious ones. Having your own servers generally cost more than what most people realise
Let’s take servers as an example. When expressed as a monthly figure, the total costs divided by life expectancy of owning, managing and maintaining your own fleet of physical servers, is often quite a bit more than renting virtual cloud-hosted servers. The cost benefit of cloud services hinges on economies of scale.
Another factor to consider is whether the cloud offering is focused on consumer service or business service. Consumer-aimed cloud services often have very limited functionality but costs less, making it the shiny apple for smaller practices. Business grade cloud services, however, typically offer more flexibility, easy expansion, better security and full support.
An example of this is 365 mail vs. Hosted Exchange. The former (supplied directly by Microsoft, albeit via resellers) seems cheaper at a glance, but once you add support, third-party backup and third-party archiving (remember you don’t get those features with 365 but, as an accounting firm, you definitely need them) you’ll quickly discover that hosted Exchange (provided by Microsoft partners such as Expert IT) will probably serve you better.
Think long-term when making this decision and make sure you’ll have the right functionality at the end of the day.
The two middle letters of GDPR stand for Data Protection. Ultimately, that is what it’s all about – keeping data safe, in particular the Personal Data of your clients and the sensitive data of your firm. Make sure you are dealing with a reputable Cloud provider. We recently heard of a person who has a single server in his office, and was renting out space on this server as “cloud hosting”. By definition, a single server sitting offsite could be called ‘cloud’, but only at a pinch. In my mind, ‘Cloud’ with a capital C is a proper data centre with several server clusters to provide fail-over, with at least one duplicate data centre to provide full replication, so that if something happens to the one data centre, the other one can seamlessly take over. The lesson here is to check the credentials of the cloud provider:
- Do they have ISO 27001?
- Do they have multiple data centres? If one data centre (DC) goes down, there should be a second ‘fail-over’ site located in a completely different geographic area.
- What Tier rating does the DC have? Tier 4 is currently the highest, but most Tier 4 DCs are dedicated to military, governmental or banking operations. Tier 3 is, however, very close to Tier 4 in terms of security, making it an attractive and more cost-effective choice.
- Is there proper physical security at the data centres? IL3 or IL4 should be a minimum.
- Do the data centres have proper UPS systems in case of protracted power failures? What about fire suppression technology?
- What is the encryption level? A standard office server uses 256-bit encryption, a good Cloud server uses 1024-bit encryption,and a superior Cloud server uses 2048-bit encryption.
GDPR is not the only regulatory compliance to consider –there are various industry-specific compliance regulations as well. There is increasing pressure on accounting firms to be Cyber Essentials certified, and the PECR and DPA 2018 add further layers of regulatory compliance.
If you are thinking of moving onto the Cloud purely for the sake of GDPR compliance, consider the following:
Are the cloud data centres ISO 27001 certified? This is the main component for the technical aspect of GDPR compliance.
Is the Cloud services provider itself (i.e. their offices) also ISO 27001 certified, adhering to either ISO 27017 or ISO 27018 code of practice?
Where are the cloud servers located? And who owns the cloud servers?
The GDPR wants to keep everything within the EU or the ‘white listed’countries such as Canada, Jersey, Guernsey, Isle of Man, New Zealand and Switzerland, to name a few. Although the United States is also considered to provide adequate data protection under the EU-US Privacy Shield, it has recently come under scrutiny yet again for amongst others, Facebook & WhatsApp being investigated by Belgium, the Netherlands, Germany and Spain for data privacy violations.
Can your apps run on the Cloud? Most off-line accounting apps can, whereas others are already cloud-based. Either way, the data you would normally store on your desktop/laptop still need to be protected, and the manner in which you access your cloud-based apps needs to be secure. A unified, centrally managed Cloud platform, such as a full Platform-as-a-Service (PaaS), could well be the answer to that.
Considering the plethora of devices and operating systems out there, and the fact that very often these different systems don’t really like talking to each other, moving to the cloud makes sense from a very different perspective: Cloud-hosted desktops, for instance, puts everyone on the same platform. This improves manageability, scalability and communication.
Going Digital and Collaboration
Cloud platforms offer various solutions that can help you streamline operations, thereby saving costs. Team discussions are easier across different locations with e.g. Skype for Business, emailing yourself important documents is something of the past due to built-in cloud backups, emailing a colleague a document is also a thing of the past due to cloud-based file sharing, and collaborating with your client’s bookkeeper/admin person is so much easier for the same reason. Proper data warehousing becomes achievable and managing user access rights also becomes easier.
Balancing the Ledger
Prohibitive costs, and the ongoing support and tech skills needed, prevent most accounting firms from investing in truly high-end IT equipment. Take for example a high-end firewall, like the ones we use in our data centres. It will open emails, check for web links, click on them, check the target website for malicious content, open attachments, check them for links and do the same – click & check – and check the attachment for viruses. All within 300 milliseconds, at a cost of about £80,000. This type of firewall is simply out of reach for the average accounting firm, but by moving onto the Cloud, you could potentially have access to such protection, at a fraction of the cost, fully managed and supported.
In the final tally, you get:
- Better security.
- Better failover.
- Cheaper on a like-for like basis.
Please talk to us if you are interested!