The benefits of moving to the cloud are many and well documented. However, before making the leap of moving your critical financial data offsite, it’s best to understand the risks associated with the cloud. One of the biggest risks is choosing a private cloud provider to manage and support your Microsoft Dynamics system. When selecting your cloud, there are some questions you must ask and some qualification you might want to demand.
Some of the most frequently asked questions by prospects are: Is my data protected and secure in the cloud? Will anyone outside of my business have access to my data? Will support be available 24x7x365? Will my data have regular backups?
Ask any cloud provider these questions and you will receive prompt assurance. Make sure the provider can back up their security claims with an SSAE 16 audit report. Passing an SSAE 16 audit means that an independent auditor examined the cloud provider’s policies, procedures, communications and monitoring related to the following areas: physical and environmental security, confidentiality, availability, privacy and processing integrity.
Carl Hentsch, Solution Consultant at Myappsanywhere, a leading Microsoft Dynamics cloud provider, said that completing an SSAE 16 audit, “gives our clients and prospects confidence that we have demonstrated an environment committed to effective controls and processes.” If a cloud provider has not completed an SSAE 16 assessment, ask to tour the data center and focus on the aforementioned areas included in the auditor’s review.
If your company falls under regulatory compliance, using an SSAE 16 compliant cloud provider is mandatory. RoseAsp, the 2011 Microsoft Dynamics US ERP Cloud Reseller of the Year, provides services to companies that are publicly traded and are subject Sarbanes-Oxley audits. The Rose SSAE 16 compliant data center gives SOX auditors assurance that companies have full control of their hosted financial data.
“We are routinely asked by our public companies to provide the report to their SOX auditors. Not having one is would be a “show stopper” for our clients,” said Linda Rose, President at RoseASP. “And supplementing that report with our own SOX library of policies and procedures is key in being able to allow auditors to verify and audit our processes and procedures.”
Another risk in choosing a private cloud is the Dynamics experience of the provider. Many cloud providers have jumped into the Microsoft Dynamics game and do not comprehend the ramifications of supporting a financial system in the cloud. Financial systems carry an entirely different set of risks than other applications and cloud providers who have experience with ERP systems understand that. Is troubleshooting being done by a named user or by a generic administrative user? Are fixes being completed directly at the database level? If so, how are those completed and documented? Will it be in a best practice manner that is auditable? Make sure the provider you select understands Microsoft Dynamics or at the very least ERP systems in general.
There are several high quality cloud providers that offer Microsoft Dynamics but take a deep dive into their environment and skillsets. Challenge them to demonstrate that they take the security of your financial data as seriously as you do. Make sure they understand not only how to fix issues but how to fix them the right way.