Skip to content

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our privacy policy to learn more.

Close
AICPA-CIMA
  • AICPA & CIMA:
  • Home
  • CPE & Learning
  • My Account
Journal of Accountancy
  • TECH & AI
    • All articles
    • Artificial Intelligence (AI)
    • Microsoft Excel
    • Information Security & Privacy

    Latest Stories

    • Incorporating prompt engineering into the accounting curriculum
    • Create a dynamic to-do list with Excel’s checkboxes
    • Another way to manage authentication texts
  • TAX
    • All articles
    • Corporations
    • Employee benefits
    • Individuals
    • IRS procedure

    Latest Stories

    • Paper tax refund checks on the way out as IRS shifts to electronic payments
    • IRS keeps per diem rates unchanged for business travel year starting Oct. 1
    • Details on IRS prop. regs. on tip income deduction
  • PRACTICE MANAGEMENT
    • All articles
    • Diversity, equity & inclusion
    • Human capital
    • Firm operations
    • Practice growth & client service

    Latest Stories

    • Paper tax refund checks on the way out as IRS shifts to electronic payments
    • Practice mobility update: New NASBA tool tracks changes for CPAs
    • IRS keeps per diem rates unchanged for business travel year starting Oct. 1
  • FINANCIAL REPORTING
    • All articles
    • FASB reporting
    • IFRS
    • Private company reporting
    • SEC compliance and reporting

    Latest Stories

    • SEC accepting Professional Accounting Fellow applications
    • SEC names new chief accountant
    • SEC ends legal defense of its climate rules
  • AUDIT
    • All articles
    • Attestation
    • Audit
    • Compilation and review
    • Peer review
    • Quality Management

    Latest Stories

    • AICPA unveils new QM resources to help firms meet Dec. 15 deadline
    • 8 steps to build your firm’s quality management system on time
    • Auditing Standards Board proposes a new fraud standard
  • MANAGEMENT ACCOUNTING
    • All articles
    • Business planning
    • Human resources
    • Risk management
    • Strategy

    Latest Stories

    • Business outlook brightens somewhat despite trade, inflation concerns
    • AICPA & CIMA Business Resilience Toolkit — levers for action
    • Economic pessimism grows, but CFOs have strategic responses
  • Home
  • News
  • Magazine
  • Podcast
  • Topics
Advertisement
  1. newsletter
  2. Cpa Insider
CPA INSIDER

How to choose a cloud vendor

Here’s what you need to know and which questions you need to ask.

By Jeffrey Streif, CPA
November 14, 2016

Please note: This item is from our archives and was published in 2016. It is provided for historical reference. The content may be out of date and links may no longer function.

Related

October 31, 2016

How to be street smart when budgeting for security

October 1, 2016

Keeping clients’ tax data secure

July 1, 2016

How CPAs can make the most of their tech resources

TOPICS

  • Technology
  • Firm Practice Management

By now, you should be familiar with the cloud, but one question I get time and time again is how to choose a cloud vendor. With so many options, I agree it can be confusing. Here is some basic information to help you determine your needs, as well as a set of questions you can use to assess potential cloud vendors.

Types of vendors and services offered

First, decide how you are going to use the cloud. Depending on your organization’s needs, you have to decide what service or services will help you reduce costs and increase efficiency and accessibility.

The cloud comes in three flavors: infrastructure as a service (IaaS), platform as a service (PaaS), and the one you probably hear about most often, software as a service (SaaS). Let’s take a quick look at what you need to know about each type of cloud offering.

IaaS is the hardware and software that powers it all, including servers, storage, networks and operating systems.

  • As with all cloud service providers, IaaS providers deliver virtual services mostly through a public connection, usually the internet. For more secure but complex connections, some cloud vendors may offer leased lines and virtual circuit services.
  • IaaS vendors offer virtual machines, servers, other types of hardware, storage, and software, if needed.
  • IaaS can also host user applications and handle all maintenance functions, including backup and disaster recovery.
  • IaaS offers a major benefit in its ability to scale up resources due to customer demand. Seasonal or cyclical needs can be adapted to meet user demand, thus reducing excess resource capacity when it’s not needed.
  • IaaS allows for administrative duties to be automated, reducing costs and downtime and increasing efficiency.
  • Some examples of IaaS vendors are Amazon Web Services EC2, Google Compute Engine, Rackspace and Windows Azure.

PaaS is the set of tools and services designed to make coding and deploying those applications quick and efficient.

  • PaaS is similar to IaaS in that it involves the renting of virtual servers and various services to run applications in the cloud.
  • The platform is used to host, develop, run, and manage web applications. This includes virtual servers, networks, storage, and other services needed to host the user’s application.
  • PaaS is differentiated from IaaS in that it is mainly used for software development, and benefits the user from having to purchase various types of infrastructure and software to create a development environment. It also provides scalability.
  • PaaS provides the customer with the tools to develop analytical tools for management to analyze data and to use as monitoring tools of business performance.
  • Some examples of PaaS vendors are Amazon Web Services Elastic Beanstalk, Force.com (customer relationship management platform), Google App Engine, and Windows Azure.

SaaS includes commercial applications designed for end-users and delivered over the web.

  • Because the provider hosts and maintains the software, infrastructure costs are greatly reduced along with administrative burden.
  • Updates and patches are done automatically, so all users have the same version.
  • SaaS is highly scalable and globally accessible.
  • Two of the biggest SaaS product families are Google Apps and Microsoft Office 365.

Costs/pricing models

Pricing of the various cloud vendor types can be very confusing and hard to calculate. Here are the characteristics for all three:

Advertisement
pricing

Questions to ask cloud vendors

Depending on your needs, you’ll want to vet each cloud vendor through a careful, strategic review. Here is a comprehensive list of questions and observations in four areas.

Stability of cloud vendors

  • Are they financially stable and will they be around for a long time? It takes time and resources to switch vendors.
  • Will they have the funds to upgrade hardware and software whenever necessary?
  • Will they have the ability to comply with contract terms for scalability when needed?
  • What would happen if they fail?

Redundancy and availability

  • How redundant are their connections to the internet? If one source is disrupted, you do not want connectivity to be affected.
  • How redundant are the environmental controls in providing power and cooling to the infrastructure supporting the hosted or provided applications?
  • Does increased redundancy cost extra?
  • What are the redundancies already in place and have they been tested?
  • Do they have an external auditor testing these controls to ensure they are effective?
  • Is monitoring in place to actively disclose issues, and do the vendors have policies and procedures in place to address these in a timely manner?

Customer service record

  • What is the vendor’s customer service record? Ask for references.
  • What technical support is offered and how much extra?
  • What is average response and resolution time for events?
  • Do you reach knowledgeable reps or just someone reading a script?
  • Is customer service or technical support outsourced to a foreign country or domestic third party, and how are their services monitored by the cloud vendor?

Security

  • What security measures are in place to secure access rights and access to data from unauthorized users? The list should include firewalls, antivirus detection, intrusion detection, encryption and multi-factor authentication. Does the vendor provide proper data isolation and logical storage segregation?
  • Is privacy, physical security, and confidentiality addressed? Does the service level agreement mention these items specifically and detail how the vendor addresses them?
  • Are there any compliance and legal issues the customer needs the vendor to address? Among the compliance issues that most often need to be discussed before signing any agreement with a cloud vendor: the Payment Card Industry Data Security Standard, the Health Insurance Portability and Accountability Act and the Gramm-Leach-Bliley Act.
  • Does the vendor have a third-party audit their security controls? A good third-party audit to look for is a Service Organization Control (SOC) report. Specifically, you want to see a SOC 2 report
  • What are the security controls in place? Look for these types of controls.  
    • Deterrent: Warning signs, pop-up banners
    • Preventive: Training, firewalls, anti-virus
    • Detective: System monitoring, intrusion detection system, event logs
    • Corrective: Upgrades, patches, backup system
  • Is the data center in the United States or a foreign country? What rights does the vendor have in political situations, fraud situations, and e-discovery?
  • Do the vendors have a private cloud vs. a public cloud? Connectivity plays big part in whether the cloud is more secure.
  • Do and will the vendors continue to comply with all regulations, laws, and compliance requirements?

All of the questions included above should not be considered an all-inclusive list to consider when choosing a cloud service vendor, but they are a good start. When companies are looking to outsource their information technology, they should perform a risk assessment and develop a project plan for transitioning to a cloud vendor. Finally, the project should be managed just like any other major project by monitoring progress during implementation; this helps to ensure the vendor is fulfilling the customer’s needs as the agreement specifies.

Good luck and may the cloud be with you.

Advertisement

Jeffrey Streif, CPA, is the CFO of Koller Enterprises Inc. in Fenton, Mo. He has more than 25 years of financial auditing experience, including more than 12 years as an information systems auditor and consultant. He also is a member of the AICPA IMTA Cybersecurity Task Force.

Advertisement

latest news

September 24, 2025

Paper tax refund checks on the way out as IRS shifts to electronic payments

September 24, 2025

Practice mobility update: New NASBA tool tracks changes for CPAs

September 23, 2025

IRS keeps per diem rates unchanged for business travel year starting Oct. 1

September 22, 2025

Managing teams, managing time: The importance of setting expectations

September 19, 2025

Details on IRS prop. regs. on tip income deduction

Advertisement

Most Read

MAP Survey finds CPA firm starting pay on the rise
IRS finalizes regulations for Roth catch-up contributions under SECURE 2.0
NASBA, AICPA release proposed revisions to CPE standards
Congress passes act allowing tax relief when a state declares disaster
IRS releases draft form for tip, overtime, car loan, and senior deductions
Advertisement

Podcast

September 25, 2025

Professional liability risks related to Form 1065, CPA firm acquisitions

September 18, 2025

‘We’re still the thinkers’ — a reminder for tax pros in the AI era

September 11, 2025

Strong storytelling helps speakers deliver ‘medicine’ without the aftertaste

Features

Calming nervous clients nearing retirement
Calming nervous clients nearing retirement

Calming nervous clients nearing retirement

7 retirement tips for small firm CPAs
7 retirement tips for small firm CPAs

7 retirement tips for small firm CPAs

Building a better CPA firm: Stepping up service offerings
Multi-colored plus signs

Building a better CPA firm: Stepping up service offerings

2025 tax software survey
Smiley, frowney, and neutral faces for Tax Software Survey.

2025 tax software survey

FROM THIS MONTH'S ISSUE

Flip out with the latest Tech Q&A

The September Technology Q&A column shows how to create dynamic to-do lists with Excel's checkboxes and also how to set up multifactor authentication texts that don't rely on phones. Flip through both items and view a video walkthrough in our digital format. 

From The Tax Adviser

August 30, 2025

2025 tax software survey

August 30, 2025

Are you doing all you can to keep the cash method for your clients?

July 31, 2025

Current developments in S corporations

July 31, 2025

Paid student-athletes: Tax implications for universities and donors

MAGAZINE

September 2025

September 2025

September 2025
August 2025

August 2025

August 2025
July 2025

July 2025

July 2025
June 2025

June 2025

June 2025
May 2025

May 2025

May 2025
April 2025

April 2025

April 2025
March 2025

March 2025

March 2025
February 2025

February 2025

February 2025
January 2025

January 2025

January 2025
December 2024

December 2024

December 2024
November 2024

November 2024

November 2024
October 2024

October 2024

October 2024
view all

View All

http://JofA_Default_Mag_cover_small_official_blue

PUSH NOTIFICATIONS

Coming soon: Learn about important news

CPA LETTER DAILY EMAIL

CPA Letter Logo

Subscribe to the daily CPA Letter

Stay on top of the biggest news affecting the profession every business day. Follow this link to your marketing preferences on aicpa-cima.com to subscribe. If you don't already have an aicpa-cima.com account, create one for free and then navigate to your marketing preferences.

Connect

  • X Logo JofA on X
  • facebook JofA on Facebook

HOME

  • News
  • Monthly issues
  • Podcast
  • A&A Focus
  • PFP Digest
  • Academic Update
  • Topics
  • RSS feed rss feed
  • Site map

ABOUT

  • Contact us
  • Advertise
  • Submit an article
  • Editorial calendar
  • Privacy policy
  • Terms & conditions

SUBSCRIBE

  • Academic Update
  • CPE Express

AICPA & CIMA SITES

  • AICPA-CIMA.com
  • Global Engagement Center
  • Financial Management (FM)
  • The Tax Adviser
  • AICPA Insights
  • Global Career Hub
AICPA & CIMA

© 2025 Association of International Certified Professional Accountants. All rights reserved.

Reliable. Resourceful. Respected.