Recently, I was working with an accounting firm that wanted help in assessing their technology roadmap. They’d been hearing about the benefits of the cloud for years. But they weren’t sure they were ready to take the leap. They knew there were some advantages, but couldn’t definitively list them, and the risks they’d heard were all worst-case scenarios and fears rather than reality. But with an impending server refresh to replace older and unsupported hardware looming, and the associated capital costs set to wipe out their IT budget, they wanted to reevaluate.
They were surprised to learn how far “the cloud” has come. Many services they needed but didn’t think would be affordable (such as data protection services, real time backups and versions and better remote access options) have been commoditized and are more accessible through cloud services. The costs and the security benefits of the cloud were also very enticing. They were ready to start right away. Then the Managing Partner called me aside and said “Great! The cloud is here! Now, where is it?”
It’s a question a lot of people in the industry ask. Fortunately, like the firm I was working with, you have some options.
What type of cloud is right for me?
Cloud systems generally fall into three categories, organized around the location of the cloud: private, public and hybrid. But there are also newer terms that are coming into the discussion these days: “outsourced cloud” and “true cloud.”
The nomenclature varies as different people and companies have different definitions for some of the variables in each. But the general categories and descriptions below are enough to get everyone moving in the same direction.
‘Private’ comes from the distinction of the remotely located environment not housing any other companies or their data. In this scenario, the intention is to keep as much control and minimize risk as much as possible, while still providing some of the benefits and ‘feel’ of being in the cloud. Often, the company moves servers and applications to a firm-controlled data center. This centralizes the data, making it easier to consolidate storage, run proper backups and plan for business continuity scenarios. Employees access the information either directly over the local network or through a variety of remote access tools, including RDP, Citrix or VMware. Firms with private clouds frequently leverage VPNs and information portals.
One of the misconceptions about building a private cloud is that it is the most secure option available. In fact, it is considerably riskier from a security perspective. To gain remote access benefits, the data must be accessible from anywhere. That makes it a target. And the security and compliance responsibilities still fall on the firm’s technology team, which often doesn’t have specialized security experts.
Another drawback of this setup is that it still requires a large amount of capital expenditure. Servers, storage, routers, bandwidth, licenses and repair warranties will all continue to be the responsibility of the firm. It may be cheaper and more efficient than a local distributed server system. However, it doesn’t save nearly as much as people initially think.
Note: Firms can implement a private cloud at one of the firm’s physical locations instead of 3rd party data center.
|Centralized data||Have to purchase and support equipment|
|Virtualized systems||Doesn’t save as much as expected|
|Increased remote access||Responsible for security|
|Better DR/BC options||Additional bandwidth node|
|Single tenant system|
In this model, resources like storage, applications, connectivity, memory and processing power – the complete computing structure – are available via the internet to anyone who subscribes to the services. Your firm’s data, while segregated and heavily restricted for accessibility and security, is stored on servers that house the data of other companies as well (multi-tenant). Due to the prevalence of encryption (in-transit and at rest) and the capability to privately control encryption keys, this poses much less risk for data privacy and security than it once did. And because these are essentially distributed data networks, economies of scale keep costs low and scalable. Providing additional resources is simple and straightforward.
As accountants, we often see the public cloud offerings as a subscription to a specific application (Software as a Service). Examples would be GoSystems RS or CCH Axcess.
|Controlled costs – Pay for what you use||No control over the infrastructure|
|Increased performance over private cloud||Multi-tentant|
|Scalable||Data may be located anywhere|
|No capital investment in hardware or software||May have long SLAs|
|Data security is provided by an expert team and is a priority|
This model is the most common. It can be any combination of on-premises, private cloud, or third party public cloud service integrations. The firm and the vendor are each responsible for maintaining some parts of the system.
Some services migrate into either a private or public cloud. Others (particularly legacy systems or applications with low latency tolerances) might remain installed locally on site.
An example would be outsourcing some functionality, such as backups to a data center or email to the public cloud while retaining some localized services (like legacy or specialty applications) for performance or compatibility reasons.
|Can be done in phases||Extra effort needed to ensure compatibility between local/cloud based systems|
|Leverages best-of-breed approach||Costs not completely controlled (Capex and Opex)|
|Can balance risk and accessibility||DR/BC concerns must be addressed|
|Keep legacy systems, but gain some cloud benefits||Can be worst of both worlds if done poorly|
|Take advantage of commoditized services with low entry barriers|
True Cloud (or Infrastructure as a Service)
This solution entails taking virtualized servers and migrating them directly into a high accessibility, pay-as-you-go computing environment such as AWS or Azure. Firms can do this to remove or reduce physical servers. Innovative IT teams leverage this method to move servers (data and applications) out of the firm and into the cloud when there is no vendor-provided cloud solution.
Firms must weigh the benefit of purchasing only physical computers against the lack of physical accessibility. The only means of remediating any issues are through software management tools or the vendor’s support desk.
The term “true cloud” may also apply to software vendors who offer applications through a browser-based interface with no software download requirements. In concept, it should be the same experience on an iPad or Chromebook as on a Mac or Laptop.
An example of this is Office 365 and Exchange Online residing in the Public Cloud based on the Azure environment. There is no hardware to buy, no servers or software to maintain. However, there is no way to resolve issues except through the admin console or Microsoft support. Another example is virtualizing an older on-premise-only tax application and migrating it into the Azure or AWS cloud where users can accessed it remotely.
“True Cloud” or IaaS
|Controlled costs – pay for what you use||Less control over the location of the data, may be in any number of data centers|
|Scalable – easy to expand on demand||Multi-tenant|
|Simplified provisioning||May have long support SLAs|
|No capital investment costs||Biggest security risk remains your employees|
|Back-end data security is provided at a very high level|
“Outsourced Cloud” is one final variation. Leveraging this entails moving all server functionality off-site for another company to manage. Staff accesses all resources remotely, even when they are working from an office. Most applications and services run in a virtual environment hosted by the provider.
The most common example of this is XCentric, which specializes in providing this service to accounting firms.
|Everything is handled by the provider||Support times can vary|
|Simplified management||Updates need to be cleared and scheduled in advance|
|Support included||Bandwidth needs must be provisioned and planned for properly|
|Built in backup and DR||No internet = no access or applications|
|Costs are known and predictable|
|Easy to get started with conversion help to their systems|
The time has come to move your practice into the cloud. The benefits of the cloud can be enticing and there is a path forward for every firm. Once you’ve determined your tolerance for risk, available budget and project timeframe you can choose which of the cloud solution models work best and start your journey into the cloud!
Future-ready firms will use cloud-based technology to stay efficient and competitive. For more reasons to move to the cloud, download “The New Firm Transformation: Technology, Growth and the Future.“
Reprinted with permission from Boomer Consulting, Inc.