Technicians using computer in server room
The Profession

Top 5 questions CPAs have about the cloud

Security, location of data, access and cost are all major concerns, experts say

Technicians using computer in server roomCloud technology has gained in popularity with the shift to remote work (Jetta Productions Inc/Getty Images)

Since the start of the pandemic and the shift to remote office models, more and more organizations have been moving to cloud technology to improve efficiency and stay connected in a socially distanced world.

“Before COVID, most people wanted to see the box in the corner of their office. Now a vast majority are switching to cloud services or at least asking about them,” says Marvin Burnett, CPA, Dyna mics ERP practice director at Endeavour Solutions Inc. in Halifax.

Here are some of the top questions CPAs are asking about the cloud.             

1) Where is my data located?

By definition, moving your data from on-premise servers to data centres hosted by an external service provider means that you may no longer control the geographical location of your data: it could be nearby, but it could also be very far away. That’s why the first question many CPAs have about the cloud is where their data will be stored, says Pinki Kumar, partner, national leader of digital and automation and Atlantic assurance leader for Deloitte Canada in Halifax. “Issues around privacy are huge these days, so they want to know.”

Michael Wong, CPA, senior product manager, Oyster® HR in Toronto, agrees. “With the cloud, it’s important for organizations to know where their data is, as different laws and regulations may come into play. For example, data stored in US data centres would be subject to the US Patriot Act which would require US cloud service providers to provide any requested data to the US government without informing the affected parties, and potentially bypassing the Canadian judicial authority/system.”

2) How secure is my data?

CPAs know that breaches can be costly both in financial and reputational terms, Wong says. “That’s why they usually are most focused on risk management around IT applications. Security is their main concern.”

Even so, CPAs shouldn’t assume the cloud is less secure than an on-premise solution, says Kumar. “Some leading providers have far larger security budgets than many organizations and their security protocols are a lot more stringent.”

Before signing on with a vendor, you should ask if they can provide a service organization controls (SOC) report to prove the effectiveness of their controls with respect to the security, availability and integrity of systems used to process information, says Kumar.

Cyber insurance is also a good idea, she adds. “Insurance can provide some assurance if something does go wrong.”

3) Who can access my data and how?

There is always a concern about who is connecting to the cloud, who grants the access and what applications or data they are accessing.

“You can implement policies and controls on who can access your cloud applications and data within your organization,” says Wong. “But what about those external to your organization? You need to know who can access that data and act accordingly.”

4) What are the cost considerations?

“There is a general notion with clients that if they buy an on-premise solution today and keep it 10 years, it’s cheaper than having an ongoing payment without owning it,” says Kumar. “That sometimes causes a lot of concern for CFOs.”

For Wong, analyzing the costs and benefits of on-premise vs. cloud solutions is similar to making a buy or lease decision for a car. “There is no one-size-fits-all answer,” he says. “The right choice will depend on your own circumstances.”

Wong adds that cost should not be the only factor when comparing cloud and on-premise options. “Cloud brings scalability, adaptability and reliability as well.”

5) What else do I need to consider?

If you do decide to move to the cloud, you’ll face a number of other questions, such as whether to use a public or private cloud service and how to go about moving all your data.

But, whatever vendor and setup you choose, make sure to do everything you can to prepare for the changeover. As Wong points out, “Misconfiguring the cloud is a common reason for breaches. But, with proper training, policies and configuration, most cloud vulnerabilities are preventable.”


CPA Canada has a wealth of tech resources for CPAs, including its spotlight on cloud computing and cloud migration case studies. For more on CPAs’ role in digitization, see Digital transformation: there’s a (big) role for CPAs.

Plus, sign up for the data management foundations certificate or the advanced data management certificate to learn more about the knowledge and skills needed to lead in today’s digital-first world.