Answers to 5 Common Cloud Questions for Not-for-Profits

With cybersecurity in recent news headlines, more clients are coming to us for advice on accounting software solutions. Cloud systems, especially, have increased in popularity among businesses in the private sector and not-for-profits alike. Organizations with decentralized operations, or with many remote workers that need access to information, can benefit the most from using a cloud system.

Here are the most common questions we encounter in our practices.

Q: What (and where) is the cloud?

A: When we talk about the cloud, it just refers to a system or application that is hosted somewhere outside of your office—usually accessed over the Internet. The term “cloud” comes from the shape used to represent the Internet on network diagrams. 

Some people may also be familiar with the term Software as a Service (SaaS).  The “as a Service” (aaS) suffix also refers to the cloud. There are several flavors of this: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and more keep coming up as additional services are delivered via the cloud.

Another term also often associated with the cloud is “hosted solutions.” This can be software, servers, or even desktop services. Unlike the “as a Service” model, which would be considered “pure” cloud and accessible directly from the Internet in a web browser, hosted solutions usually require a VPN network connection or specially configured client software to access.  However, for most intents and purposes, we can consider hosted solutions as part of the “cloud.”

Q: How does pricing work for cloud software?

A: Pricing for cloud software varies a lot, but the predominant standard is a monthly subscription.  Many cloud vendors offer a discount when purchasing an entire year’s subscription upfront.  Some vendors also offer different tiers of subscriptions and allow you to have different users on different tiers depending on what type of access they need for entry, approvals or viewing. Many cloud vendors also have discounted pricing for not-for-profits, including free lower-tier subscriptions with low-cost upgrades to higher tiers. Some cloud vendors also provide free implementation or other services from their staff as part of their corporate giving programs.

Q: How is the cloud different from an on-premise or a hosted solution (pros and cons)?

A: In general, the cloud reduces the need for hardware and its associated maintenance and replacement.  Many cloud solutions are either completely web-based or emulate the in-office software. Sometimes there are usage differences (for example, the ability to open multiple windows) that may impact the way you work when using a cloud solution, but other than that the functionality is the same.

One benefit is that cloud providers often take responsibility for both hardware and software: maintenance, upgrades and other routine tasks like performing backups.  So when implementing a new cloud solution or migrating to a cloud solution, there is usually cost savings.

Cloud providers utilize teams of security experts to ensure that they are secure.  A single system breach at a cloud provider may result in the breach of many of their customers’ data, so cloud providers take information security very seriously, and you should as well. It’s important to ensure that your cloud provider is reputable, and you should obtain and carefully review their SOC 2®service auditor’s report and implement all recommended user entity IT controls.

Q: Are there privacy and information security risks I need to be aware of, such as protecting my data?

A: Anytime you store data electronically, there are risks involved. Information security and privacy are related, but not the same. Privacy is often mandated by law or industry regulation, the violations of which can carry hefty fines and have additional risks like reputational impact. Data breaches related to privacy are usually required to be communicated to those affected. Information security involves the protection of data and systems from inappropriate access.

The AICPA’s Not-for-Profit Section has a number of resources on information security and IT controls. Check out this article to learn more. 

Cheryl R. Olson, CPA, CGMA, Director of NFP Consulting at Clark Nuber. Cheryl serves on the AICPA Not-for-Profit Advisory Council. For more than 20 years, she has dedicated her career to the not-for-profit sector as a volunteer, consultant, Assistant Executive Director, CFO, auditor and tax accountant. Her personal mission is to help organizations find the best possible outcomes to whatever financial and operational challenges they face.  

Donny Shimamoto, CPA, CGMA, CITP, is Managing Director at IntrapriseTechKnowlogies. Donny was part of the inaugural class of the AICPA’s Leadership Academy program and was awarded the AICPA’s Maximo Mukalebai Award for Outstanding Service to the CPA Profession. His CPA firm is dedicated to helping small businesses and middle market organizations leverage strategic technologies, proactively manage their business and technical risks, and enable balanced organizational growth and development.  

Cloud image courtesy of Shutterstock

     

Related Stories

• Update on Taxes and Terrorism: Why Clients’ Data Could Become Vulnerable
• 5 Cybersecurity Precautions for Small CPA Firms
• CPAs Well-Positioned to Help Manage Cybersecurity Risk