Insights: Article

Confidential Data and Third-Party Vendors

By Eric Pulse

August 16, 2016

Cloud computing is one of the latest and biggest technological revolutions to emerge. In general, cloud computing refers to a set of technologies and service models that focuses on IT applications and data storage that are accessed and used through the Internet. Many companies are embracing it—including third-party software vendors who may be handling confidential information for your business. This brings up a question: If your data is accessible through the Internet, how safe is it? How do you even know if your third-party vendor is using cloud-based storage?

Taking Stock of the Situation
There are many different storage solutions offered by cloud providers, and each provides a different level of security. The following are questions you should ask third-party vendors that assist you in network and core back-up solutions:

  • Are they using a cloud-based storage solution?
  • If so, what type of cloud is being used?
  • What type of information is being stored on the cloud?
  • Who has access to the information?
  • Are nondisclosure agreements in place for those third-party vendors that have access to the information?
  • Who is responsible if confidential information is compromised?
  • Is network traffic encrypted to/from the cloud and while stored and/or at rest?


Educate Yourself

It is important to do due diligence by reading third-party vendor contracts to see if they address cloud storage. It is also important to perform a risk assessment on each vendor prior to hiring them for service, and annually thereafter.

You can become more familiar with cloud computing through the FFIEC, which addressed outsourcing cloud computing in a statement in 2012. The statement can be found in the Reference Materials Infobase section available online at  http://ithandbook.ffiec.gov/. The FFIEC Outsourcing Technology booklet also addresses cloud computing.

Latest Insights

November 15, 2018
Article
Until recently, many businesses weren’t overly concerned about sales tax. They knew they needed to collect and remit in the state in which they resided, but beyond that, their compliance burden was limited.
November 12, 2018
Article
This insight explores what dealerships can expect from the proposed section 199A regulations under tax reform.
November 8, 2018
Article
Are you a business taxpayer with annual gross receipts of $25 Million or less? If so, you may be eligible to take advantage of new Small Taxpayer Safe Harbors that could generate significant tax savings and simplify your tax returns in future years!
November 8, 2018
Article
Considered the most significant tax code overhaul in over three decades, the Tax Cuts and Jobs Act passed in 2017 includes provisions affecting both individuals and businesses.
November 7, 2018
Recorded Webinar
State and local sales tax compliance is always evolving, making it important to stay up-to-date on changes affecting your tax liability and responsibilities. This session will cover what you need to know regarding the recently enacted state and…
November 7, 2018
Article
“Why is my portfolio underperforming the market?” This question may be on your mind.
November 5, 2018
Article
Identify your implementation methodology. There are four practical expedients available. We'll explore each option.
November 5, 2018
Article
Deeper dive into ASU 2016 liquidity.
November 5, 2018
Article
There are many forms individuals and businesses need to consider as they work to comply with the ACA. Receiving and completing the appropriate form at the right time is key.