Insights: Article

Confidential Data and Third-Party Vendors

By Eric Pulse

August 16, 2016

Cloud computing is one of the latest and biggest technological revolutions to emerge. In general, cloud computing refers to a set of technologies and service models that focuses on IT applications and data storage that are accessed and used through the Internet. Many companies are embracing it—including third-party software vendors who may be handling confidential information for your business. This brings up a question: If your data is accessible through the Internet, how safe is it? How do you even know if your third-party vendor is using cloud-based storage?

Taking Stock of the Situation
There are many different storage solutions offered by cloud providers, and each provides a different level of security. The following are questions you should ask third-party vendors that assist you in network and core back-up solutions:

  • Are they using a cloud-based storage solution?
  • If so, what type of cloud is being used?
  • What type of information is being stored on the cloud?
  • Who has access to the information?
  • Are nondisclosure agreements in place for those third-party vendors that have access to the information?
  • Who is responsible if confidential information is compromised?
  • Is network traffic encrypted to/from the cloud and while stored and/or at rest?


Educate Yourself

It is important to do due diligence by reading third-party vendor contracts to see if they address cloud storage. It is also important to perform a risk assessment on each vendor prior to hiring them for service, and annually thereafter.

You can become more familiar with cloud computing through the FFIEC, which addressed outsourcing cloud computing in a statement in 2012. The statement can be found in the Reference Materials Infobase section available online at  http://ithandbook.ffiec.gov/. The FFIEC Outsourcing Technology booklet also addresses cloud computing.

Latest Insights

September 18, 2018
Article
As the largest tax reform legislation in the past 30 years becomes reality, it is important to stay up-to-date on planning opportunities and how reform may impact you and your business. Our Tax Reform: Practical Insights examples aim to break down…
September 18, 2018
Tool
Get ahead of tax season with the Eide Bailly Tax Planning Guide. A supplemental strategy guide to help guide year-end and make the tax laws work for you.
September 18, 2018
Article
The SCOTUS Wayfair decision has prompted a new focus on state and local tax compliance. The decision to register, report, and comply is important.
September 17, 2018
Article
When an IRS Letter 226J is received, it is important to respond timely and with accurate information to eliminate, abate or reduce IRS calculated penalties
September 17, 2018
Firm News
Tom Goekeler, partner at Eide Bailly LLP, has been named chief practice officer of the South Central region, which currently covers our Oklahoma and Texas offices.
September 17, 2018
Article
The recent US Supreme Court decision that overturned Quill in the South Dakota v Wayfair case has many states making or considering law changes related to sales tax compliance for out-of-state sellers.
September 12, 2018
Article
The Tax Cuts and Jobs Act, signed December 22, 2017, significantly impacted inbound tax planning. Non-U.S. taxpayers doing business in the U.S. will need to consider the new tax laws.
September 12, 2018
Article
Applications have made a huge impact on our lives, allowing us to keep track of the complexities of our day-to-day and save for our futures. But it’s important to understand where we are laying our trust.
September 12, 2018
Article
The following steps outline key considerations for businesses as they work to comply with the new sales and use tax rules.