Posted: May 06, 2013
Getting comfortable in the cloud: Part 1
Outside advisors can help allay fearsJeremy King
If you haven’t noticed, there’s a rush to “get to the cloud.” For most companies, this means that instead of maintaining their own hardware and software programs in-house, they are outsourcing those functions to someone else and accessing them via a web browser. If, as the research firm Gartner predicts, cloud computing will be a $149 billion industry by the end of 2014, it seems everyone will be on the cloud.
There’s a long way to go, however, as cloud adoption has been estimated at as low as 5 percent. Certainly there are early adapters, but as cloud implementers, we constantly meet client companies that are hesitant to move to the cloud for their sales, financial reporting, customer service or a myriad of other functions. We’ve observed a number of psychological barriers to the cloud. What’s more, these same barriers exist with their advisors, including management consultants, investment bankers, private equity groups, outsourced CFOs and attorneys. Many advisors don’t have a good working knowledge of the cloud, let alone its benefits and risks.
Businesses have been using the cloud for years
Cloud computing isn’t new; it’s just being used for more functions. It’s interesting how comfortable business owners are using Google Apps, banking online or even sharing intimate details of their personal lives on social networking sites. There’s a ton of sensitive and personal information floating around the internet, and most business owners don’t give it a second thought. But when it comes to business information, the mindset is completely different.
The question is, why?
Business owners understand their business decisions impact many individuals, not just themselves. Therefore, they are more cautious in their approach to the adoption of the cloud for business applications. They want to stick a toe in before making the full leap.
There is also a correlation between age of the business owner and cloud adoption. Older business owners have more hesitation and doubt than young ones. Members of the video game and internet generation don’t believe there’s any other way to do business than through the connected life that is possible with their tablets and smartphones.
However, even within the younger demographic, psychological barriers exist, and for good reason. Migration to the cloud generates as many questions as it does answers, especially in regards to business data: Who owns it; who has access to it; where is it and what happens when the relationship with the cloud provider ends?
Clearing the uncertainty
Without the aid and counsel of a cloud-savvy advisor, a business owner may struggle to overcome the psychological fear factor and risk being left in technology’s dust. Advisors are in a position to help them evaluate cloud vendors and advisors should be familiar with cloud computing issues. In general, a good cloud provider:
Will be there the next day. There is little a company can do if a cloud provider closes shop or fails to pay its data center bills. Advisors should ask to review the financial statements of all potential cloud providers, under a Non-Disclosure Agreement if necessary, to determine risk.
Has hundreds, if not thousands, of customers. They have a track record that can be verified. Advisors should speak not only with the references provided, but also with other companies that are known to use the service. These non-vendor-provided references usually provide a more accurate depiction of how the vendor operates, what it does well and where it needs improvement.
Effectively handles the outsourced operations. These operations include security, scalability, availability, data replication, backup, disaster recovery, process integrity, compliance and regulatory controls. A good cloud provider will invest heavily in these areas to prevent potential service issues, security breaches or compliance shortfalls. They will also document and audit these processes and safeguards in the form of a Service Organization Control (SOC) report and other compliance assessments. SOC 1, 2 and 3 reports are prepared by an independent CPA firm and should be readily available for software-as-a-service (SaaS) vendors to provide to prospective customers. Advisors should ask to review these reports, the absence of which should immediately raise a red flag. Advisors should also closely evaluate reports and advise clients about their quality and adequacy.
Jeremy King is the National Cloud Solutions Practice Leader for Hein & Associates, a full service audit, tax and advisory firm with offices in Denver, Houston, Dallas and Orange County. He specializes in the implementation and support of cloud solutions, for which his broad financial background and hands-on experience as both a CFO and COO offers him a unique, user-driven perspective. Jeremy can be reached at email@example.com or (303) 298-9600.