At the risk of beating a dead horse, security continues to be a big deal when it comes to cloud apps, not least because of headline-making security breaches over the past year.
Security is still the number one factor that small businesses consider when choosing a cloud app, according to our own GetData research. But it can be hard to wrap your head around what exactly being a ‘secure’ app means. It’s not surprising small businesses can get overwhelmed among all the certifications, encryption, and user access aspects of security.
When it comes to accounting, the idea of using an accounting app deemed to be secure is even more daunting: you’re putting all your most valuable company data into the hands of someone else, and a nebulous cloud. You want to know what you’re getting yourself into so that you’re not putting your company, and its data, at risk, without getting too lost in complicated tech lingo.
At GetApp, we take cloud app security seriously, so much so that we’ve implemented a security checklist for app developers to be more open about their security practices and policies, as well as making it easier for small business owners to figure out what it means to be secure. Here, I’ll go through which security features your accounting app (and any cloud-based app you use) needs in order to be considered ‘secure’.
The list of certifications that an app can have keeps growing, and depending on which industry you’re in, some are more important than others. Things like SOC 1/SOC 2 for example, which are explained here, are the standard accounting principles for financial institutions, and are certifications that you should expect from your accounting app. Basically, you’ll want to make sure that your app is compliant with the standards in your country (or internationally, if you’re doing business abroad).
The same goes for the Payment Card Industry (PCI) Data Security Standards (DCC), which is for companies that deal with major credit cards like Visa and Mastercard. These become especially important if your accounting app integrates with bank feeds.
The illustrious encryption has a few key components to consider. Encryption in its simplest form refers to data that’s been encoded and can only be read with a ‘key’, but it comes in all different shapes and sizes.
There’s encryption for all web pages, known as HTTPS, as well as encryption when logging into an account, encryption of data when you’re not using it, and encryption of billing and payment information when making a purchase. Again, these are all pretty necessary for any cloud app, but become even more important when accounting and company financial data are concerned.
You’ll want to know where data is stored, and how it’s being handled. Some companies have servers in different locations, and you might want the option to choose which city or country your data gets stored in. It also helps to know that your data can be backed up in various geographical locations.
Another key component is knowing what happens to your data if you decide to cancel service with an app provider– does the vendor hold onto it, keep it for a certain amount of time, or give it all to you immediately after cancellation?
File sharing and security alerts
File sharing, simply put, refers to whether or not your app supports the sharing of files with other users or applications. Sharing with third party apps can be convenient, but it also puts your data at higher risk because you’re opening it up to an outside party.
You should also consider whether or not the app sends you alerts when there’s a potential breach in data. If you’ve ever received an email from eBay or Adobe telling you to change your password because of a security breach, you’ll be familiar with these alerts.
User access controls
Considering that many security breaches happen from within a company, you’ll want to consider a few things when it comes to controls and permissions. The first is whether or not there’s a hierarchy of access to certain types of data within the platform. You might want employees to be able to input their expense forms, for example, but you might not want them to be able to access the entire balance book.
When it comes to logging in and accessing the app, you should also keep in mind whether or not there are two-factor authentication options, like password and text code log-in, as well as how short/long/complex a password must be.
Audit logs refers to the ability for administrators to be able to see who was using the app, when, and what they were doing. The most obvious use here would be to make sure that if and when the books are off, you can check to see that no one’s been doing some book balancing of their own.
How do your favorite apps stack up?
Based on the answers to GetApp’s security survey, and some further research, here’s how some of your favorite accounting apps stack up on security. You can see a breakdown of all these security features on each app’s GetApp listing.
Netsuite, which scored a perfect 20 out of 20 for security on GetApp’s accounting app ranking, ticks all the right boxes when it comes to security. The benefit of a complete financial, accounting, and resource planning platform like NetSuite is that all of its integrations are held by the same security standards and don’t involve opening your company up to risks by authorizing other apps to gain access to information. It also offers role-based security so that you know exactly who has access to what information.
Scoring a respectable 13 out of 20 in security on GetRank, FinancialForce is backed by big player Salesforce as a trusted Salesforce platform. Having such a big name on its side helps credibility, and coupled with two-factor authentication–something which is still trying to pick up steam in the business cloud-app world– put its high on the secure-option scale.
With a score of 12 out of 20, Xero’s dedication to security is apparent on its website, which has a whole section dedicated to what they call “a bank-level of security”. This includes 24-hour physical security, backups in multiple locations, and putting you in control of user access. Being transparent about security might seem like a no-brainer for a cloud-based accounting app, but many cloud app vendors go out of their way to hide security features deep in their website, making Xero’s openness commendable.
With 13 out of 20 on GetRank for security, the financial ERP and accounting software keeps its security in check with robust physical, application, and system security. This includes encryption at every level, user-based access controls, and audit logs.
Security is a two-way street
Your accounting app will only do half the work for you. At the risk of using another cheesy idiom to get the point across, if you want your accounting app to be worth its salt, you have to make sure that things are secure on your end too. Making sure that your browser is up to date, enforcing a BYOD policy, and doing your research to make sure that you’re using a reputable application to manage your accounting will double-up on your security efforts.