HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED ABOUT A MINUTE AGO.
You are here: Home / CRM Press Releases / Data Security and Cloud Computing
Build Apps 5x Faster
For Half the Cost Enterprise Cloud Computing
On Force.com
Data Security and the Cloud: Get Up to Speed
Data Security and the Cloud: Get Up to Speed
News as reported by the company Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
MARCH
26
2012

Data Security and the Cloud: Get Up to Speed on Service Organization Control Reports

NEW YORK, March 26, 2012 -- Most people are wary of electrical devices that don't carry a seal of approval from Underwriters Laboratories, or a bank that isn't FDIC insured. Wouldn't it be great if there was something similar that businesses could rely on when choosing a cloud computing vendor?

With the marketplace still evolving, however, there isn't a single "thumbs up, thumbs down" standard for cloud security. Yet business technology leaders still have to make the right call on outsourced IT vendors and the integrity of data centers they use to deliver information to the cloud. The dilemma: many decision-makers are unfamiliar with or lack confidence in choosing the best services to make those assessments.

To address this need, the American Institute of CPAs has developed a series of services for data centers that, once completed, lead to documents called Service Organization Control (SOC) ReportsSM. SOC 1SM reports refer to controls of centers that impact customers' internal controls over financial reporting, while SOC 2 SM reports cover system reliability criteria, including data security, privacy, confidentiality, system availability and operating integrity. A SOC 3 SM report, meanwhile, is a short-form version of the SOC 2 report and the only one of the three that's designed for public consumption.

Making sure a vendor uses data centers that have gone through the proper audit engagements is critical for businesspeople who plan to use cloud-based services. Information security is the leading IT concern for small firms and large companies alike, according to the recent 2012 Top Technology Initiatives Survey by the American Institute of CPAs. Yet survey takers, speaking on behalf of their firms and clients, said they felt less confident about correctly using SOC reports than they did almost any other technology priority.

What should decision-makers do to make the right choices? Here are some tips:

  • Don't assume all cloud vendors are created equal. Security precautions can vary widely.
  • Question the credibility of firms that use inaccurate terms. Many vendors tout their data centers as "SAS 70 certified." But SAS 70 is an AICPA audit standard that has been superseded by SSAE 16 (which is covered by a SOC 1 report), and there is no such thing as a uniform certification process in this area.
  • Ask for SOC 3 reports, where available, and whether a SOC 2 engagement has been performed. If a vendor doesn't have one, make sure you understand the degree to which the firm uses encryption, storage redundancy, password rotations and robust physical security so you can gauge how well your data will be protected.
  • Make sure you have clear remedies spelled out if you suffer outages, data breaches or other issues regarding your critical business information.
  • Learn more about SOC reports and other security standards. For CPAs and other financial professionals, the AICPA has an array of publications, webcasts and study courses available on the topic.

For more information about cloud computing and data security, or to interview experts at the AICPA or CPA2Biz, the organization's technology subsidiary, please contact Jeff May, (212) 596-6122, jmay@aicpa.org.

About the AICPA

The American Institute of Certified Public Accountants (AICPA) is the world's largest association representing the accounting profession, with nearly 377,000 members in 128 countries and a 125 year heritage of serving the public interest. AICPA members represent many areas of practice, including business and industry, public practice, government, education and consulting.

The AICPA sets ethical standards for the profession and U.S. auditing standards for audits of private companies, non-profit organizations, federal, state and local governments. It develops and grades the Uniform CPA Examination and offers specialty credentials for CPAs who concentrate on personal financial planning; fraud and forensics; business valuation; and information technology. Through a joint venture with the Chartered Institute of Management Accountants (CIMA), it has established the Chartered Global Management Accountant (CGMA) designation to elevate management accounting globally.

The AICPA maintains offices in New York, Washington, DC, Durham, N.C., Ewing, N.J. and Lewisville, Texas.

Tell Us What You Think
Comment:

Name:

Scott:
Posted: 2012-03-28 @ 10:56am PT
Something else that should be considered is ISO 27001 or FedRamp for Cloud Security. You can read about both on our website. http://www.pivotpointsecurity.com/risky-business/egovernment-cloud-security-fedramp

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
ISACA® offers a global community of more than 115,000 IS/IT constituents in over 180 countries. We develop and deliver industry-leading certifications, education, research and business frameworks. We equip individuals to be leaders in the fast-changing world of information systems and IT - Learn More>
MORE IN CRM PRESS RELEASES
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
In late breaking news on Thursday, an unnamed U.S. government official told the press that investigators have solved the vexing question of how Sony’s computer network was hacked.

ENTERPRISE HARDWARE SPOTLIGHT
Almost half of consumer, industry and life sciences manufacturers are expected to be using 3D printers within three years and now 3D printing services are aiming to help companies experiment.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.