My mouth would water on business proposals coming across my desk that had lots of cost savings analysis work shown if certain things were outsourced to a Cloud solution.
The old saying “You get what you pay for” may or may not be in effect, but I surely don’t know what is in effect when signing off your business functions to a third party.
Historically, firms used outsourcing in many different ways, but most of the work would be performed on-site or by software used in-house with collaboration and corrections driven by the business.
I have stated that I haven’t been involved in closing a contract to allow business functions sourced from the Internet. I have been hopeful to find a great service provider, but I think I see the direction of this road.
Exposure. Risk and threats may be better termed and considered in the security minds, but exposure is another little brother who needs to be heard.
There are many independent CPAs who do work for their clients, and that information is sensitive or not publicly available.
A move to store their tax data in the cloud comes from a desire to be able to be stored off-site reliably. Sounds like a sound IT move.
The CPA's clients will first take it up with the accountant if the sensitive data becomes public.
The accountant will go to the provider, and the provider will refer to the contract that may remove any accountability towards their requirements for compliance.
What can the clients and/or companies do? I see that they are going to have to get Cyber Insurance like those for other uncontrolled events that homeowners use.
I surely don’t want to see the main outcome of security and data breaches become lengthy litigation between all involved when the victims are at the bottom of the pile.
If security boils down to he who has the best law team, the direction of security will have an approach of least exposure to litigation versus Cyber threats. This does not settle with me as a valid security driver for improving security posture.