So let’s get straight to the point. You are looking for a family office accounting solution or an ERP Financial management software product. The major objection in considering SaaS – regulatory compliance aside - as a viable business option, is SECURITY. The big question is: Will my data be safe enough sitting on a server outside my control?
Well let’s put this into perspective. On the 27th August 2014 the N Y Times reported that “A number of United States banks, including JPMorgan Chase and at least four others, were struck by hackers in a series of coordinated attacks this month, according to four people briefed on a continuing investigation into the crimes.
The hackers infiltrated the networks of the banks, siphoning off gigabytes of data, including checking and savings account information, in what security experts described as a sophisticated cyber-attack.”
Point is, if these companies with multimillion dollar budgets each allocated to security failed to protect themselves, what chance does a Family Office IT manager have to assure its management and members that their systems and underlying data are safe? At the end of the day the reality is that if someone wants your data that badly, he will get it.
On the other side there is the famous story about Edward Snowden who has caused the biggest embarrassment ever to US intelligence. And guess what: there was no cyber-attack involved. He just walked out of the National Security Agency with thousands of documents. Back in 2010, HSBC officials alleged that one of its employees copied thousands of files of wealthy clients of its Swiss private-banking arm, which ended up in a number of hands, including the French tax authorities. There are many other documented and apocryphal examples of such events, where employees stole company data.
My view is that the biggest risk for loss of data comes from internal misappropriation of information, rather than cyber theft. You are much more likely at the end of the day to have your data blown out by a disgruntled employee than to have them stolen from a well-protected database in the cloud. And at the end of the day, you need to ask yourselves if you are really allocating enough resources to your IT department to give you some reasonable confidence that you are better off keeping data in house than externally – and whether the cost is really justified!
Tony is a member of the Institute of Chartered Accountants in England and Wales and has worked for many years both in accounting practice as well as in the finance industry. He has a long track record in the application of financial and other software both as an end user as well as a provider of software and services to third parties.