Skip to content

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our privacy policy to learn more.

Close
AICPA-CIMA
  • AICPA & CIMA:
  • Home
  • CPE & Learning
  • My Account
Journal of Accountancy
  • TECH & AI
    • All articles
    • Artificial Intelligence (AI)
    • Microsoft Excel
    • Information Security & Privacy

    Latest Stories

    • Incorporating prompt engineering into the accounting curriculum
    • Create a dynamic to-do list with Excel’s checkboxes
    • Another way to manage authentication texts
  • TAX
    • All articles
    • Corporations
    • Employee benefits
    • Individuals
    • IRS procedure

    Latest Stories

    • Treasury posts preliminary list of jobs eligible for no tax on tips
    • Taxpayer’s circumstances do not warrant equitable tolling
    • When does debt become worthless?
  • PRACTICE MANAGEMENT
    • All articles
    • Diversity, equity & inclusion
    • Human capital
    • Firm operations
    • Practice growth & client service

    Latest Stories

    • Treasury posts preliminary list of jobs eligible for no tax on tips
    • California issues draft guidance for climate risk disclosure
    • Business outlook brightens somewhat despite trade, inflation concerns
  • FINANCIAL REPORTING
    • All articles
    • FASB reporting
    • IFRS
    • Private company reporting
    • SEC compliance and reporting

    Latest Stories

    • SEC accepting Professional Accounting Fellow applications
    • SEC names new chief accountant
    • SEC ends legal defense of its climate rules
  • AUDIT
    • All articles
    • Attestation
    • Audit
    • Compilation and review
    • Peer review
    • Quality Management

    Latest Stories

    • AICPA unveils new QM resources to help firms meet Dec. 15 deadline
    • 8 steps to build your firm’s quality management system on time
    • Auditing Standards Board proposes a new fraud standard
  • MANAGEMENT ACCOUNTING
    • All articles
    • Business planning
    • Human resources
    • Risk management
    • Strategy

    Latest Stories

    • Business outlook brightens somewhat despite trade, inflation concerns
    • AICPA & CIMA Business Resilience Toolkit — levers for action
    • Economic pessimism grows, but CFOs have strategic responses
  • Home
  • News
  • Magazine
  • Podcast
  • Topics
Advertisement
  1. newsletter
  2. Cpa Insider
CPA INSIDER

How to choose a cloud vendor

Here’s what you need to know and which questions you need to ask.

By Jeffrey Streif, CPA
November 14, 2016

Please note: This item is from our archives and was published in 2016. It is provided for historical reference. The content may be out of date and links may no longer function.

Related

October 31, 2016

How to be street smart when budgeting for security

October 1, 2016

Keeping clients’ tax data secure

July 1, 2016

How CPAs can make the most of their tech resources

TOPICS

  • Technology
  • Firm Practice Management

By now, you should be familiar with the cloud, but one question I get time and time again is how to choose a cloud vendor. With so many options, I agree it can be confusing. Here is some basic information to help you determine your needs, as well as a set of questions you can use to assess potential cloud vendors.

Types of vendors and services offered

First, decide how you are going to use the cloud. Depending on your organization’s needs, you have to decide what service or services will help you reduce costs and increase efficiency and accessibility.

The cloud comes in three flavors: infrastructure as a service (IaaS), platform as a service (PaaS), and the one you probably hear about most often, software as a service (SaaS). Let’s take a quick look at what you need to know about each type of cloud offering.

IaaS is the hardware and software that powers it all, including servers, storage, networks and operating systems.

  • As with all cloud service providers, IaaS providers deliver virtual services mostly through a public connection, usually the internet. For more secure but complex connections, some cloud vendors may offer leased lines and virtual circuit services.
  • IaaS vendors offer virtual machines, servers, other types of hardware, storage, and software, if needed.
  • IaaS can also host user applications and handle all maintenance functions, including backup and disaster recovery.
  • IaaS offers a major benefit in its ability to scale up resources due to customer demand. Seasonal or cyclical needs can be adapted to meet user demand, thus reducing excess resource capacity when it’s not needed.
  • IaaS allows for administrative duties to be automated, reducing costs and downtime and increasing efficiency.
  • Some examples of IaaS vendors are Amazon Web Services EC2, Google Compute Engine, Rackspace and Windows Azure.

PaaS is the set of tools and services designed to make coding and deploying those applications quick and efficient.

  • PaaS is similar to IaaS in that it involves the renting of virtual servers and various services to run applications in the cloud.
  • The platform is used to host, develop, run, and manage web applications. This includes virtual servers, networks, storage, and other services needed to host the user’s application.
  • PaaS is differentiated from IaaS in that it is mainly used for software development, and benefits the user from having to purchase various types of infrastructure and software to create a development environment. It also provides scalability.
  • PaaS provides the customer with the tools to develop analytical tools for management to analyze data and to use as monitoring tools of business performance.
  • Some examples of PaaS vendors are Amazon Web Services Elastic Beanstalk, Force.com (customer relationship management platform), Google App Engine, and Windows Azure.

SaaS includes commercial applications designed for end-users and delivered over the web.

  • Because the provider hosts and maintains the software, infrastructure costs are greatly reduced along with administrative burden.
  • Updates and patches are done automatically, so all users have the same version.
  • SaaS is highly scalable and globally accessible.
  • Two of the biggest SaaS product families are Google Apps and Microsoft Office 365.

Costs/pricing models

Pricing of the various cloud vendor types can be very confusing and hard to calculate. Here are the characteristics for all three:

Advertisement
pricing

Questions to ask cloud vendors

Depending on your needs, you’ll want to vet each cloud vendor through a careful, strategic review. Here is a comprehensive list of questions and observations in four areas.

Stability of cloud vendors

  • Are they financially stable and will they be around for a long time? It takes time and resources to switch vendors.
  • Will they have the funds to upgrade hardware and software whenever necessary?
  • Will they have the ability to comply with contract terms for scalability when needed?
  • What would happen if they fail?

Redundancy and availability

  • How redundant are their connections to the internet? If one source is disrupted, you do not want connectivity to be affected.
  • How redundant are the environmental controls in providing power and cooling to the infrastructure supporting the hosted or provided applications?
  • Does increased redundancy cost extra?
  • What are the redundancies already in place and have they been tested?
  • Do they have an external auditor testing these controls to ensure they are effective?
  • Is monitoring in place to actively disclose issues, and do the vendors have policies and procedures in place to address these in a timely manner?

Customer service record

  • What is the vendor’s customer service record? Ask for references.
  • What technical support is offered and how much extra?
  • What is average response and resolution time for events?
  • Do you reach knowledgeable reps or just someone reading a script?
  • Is customer service or technical support outsourced to a foreign country or domestic third party, and how are their services monitored by the cloud vendor?

Security

  • What security measures are in place to secure access rights and access to data from unauthorized users? The list should include firewalls, antivirus detection, intrusion detection, encryption and multi-factor authentication. Does the vendor provide proper data isolation and logical storage segregation?
  • Is privacy, physical security, and confidentiality addressed? Does the service level agreement mention these items specifically and detail how the vendor addresses them?
  • Are there any compliance and legal issues the customer needs the vendor to address? Among the compliance issues that most often need to be discussed before signing any agreement with a cloud vendor: the Payment Card Industry Data Security Standard, the Health Insurance Portability and Accountability Act and the Gramm-Leach-Bliley Act.
  • Does the vendor have a third-party audit their security controls? A good third-party audit to look for is a Service Organization Control (SOC) report. Specifically, you want to see a SOC 2 report
  • What are the security controls in place? Look for these types of controls.  
    • Deterrent: Warning signs, pop-up banners
    • Preventive: Training, firewalls, anti-virus
    • Detective: System monitoring, intrusion detection system, event logs
    • Corrective: Upgrades, patches, backup system
  • Is the data center in the United States or a foreign country? What rights does the vendor have in political situations, fraud situations, and e-discovery?
  • Do the vendors have a private cloud vs. a public cloud? Connectivity plays big part in whether the cloud is more secure.
  • Do and will the vendors continue to comply with all regulations, laws, and compliance requirements?

All of the questions included above should not be considered an all-inclusive list to consider when choosing a cloud service vendor, but they are a good start. When companies are looking to outsource their information technology, they should perform a risk assessment and develop a project plan for transitioning to a cloud vendor. Finally, the project should be managed just like any other major project by monitoring progress during implementation; this helps to ensure the vendor is fulfilling the customer’s needs as the agreement specifies.

Good luck and may the cloud be with you.

Advertisement

Jeffrey Streif, CPA, is the CFO of Koller Enterprises Inc. in Fenton, Mo. He has more than 25 years of financial auditing experience, including more than 12 years as an information systems auditor and consultant. He also is a member of the AICPA IMTA Cybersecurity Task Force.

Advertisement

latest news

September 4, 2025

Treasury posts preliminary list of jobs eligible for no tax on tips

September 4, 2025

California issues draft guidance for climate risk disclosure

September 4, 2025

Business outlook brightens somewhat despite trade, inflation concerns

September 3, 2025

New: Digital assets practice aid addresses auditing of lending, borrowing

August 29, 2025

Guidance on research or experimental expenditures under H.R. 1 issued

Advertisement

Most Read

The No. 1 risk to retirement – and one way to guard against it
Tax provisions in the One Big Beautiful Bill Act
Billy Long out as IRS commissioner after less than two months
Calculating AI’s impact on CPAs: New study quantifies time savings
AICPA unveils new QM resources to help firms meet Dec. 15 deadline
Advertisement

Podcast

September 4, 2025

Summing up economic sentiment and concerns about inflation and tariffs

August 29, 2025

Take a bold leap instead of a tentative step

August 28, 2025

Mark Koziel Q&A: Talent, sense of community, profession opportunities

Features

Calming nervous clients nearing retirement
Calming nervous clients nearing retirement

Calming nervous clients nearing retirement

7 retirement tips for small firm CPAs
7 retirement tips for small firm CPAs

7 retirement tips for small firm CPAs

Building a better CPA firm: Stepping up service offerings
Multi-colored plus signs

Building a better CPA firm: Stepping up service offerings

2025 tax software survey
Smiley, frowney, and neutral faces for Tax Software Survey.

2025 tax software survey

SPONSORED REPORT

Smart Strategies in Data Security and Risk Management

In an increasingly digital profession, data security has become one of the most critical challenges facing finance and accounting professionals today. Stay up to date with practical guidance to help you mitigate these risks and strengthen your security posture.

From The Tax Adviser

August 30, 2025

2025 tax software survey

August 30, 2025

Are you doing all you can to keep the cash method for your clients?

July 31, 2025

Current developments in S corporations

July 31, 2025

Paid student-athletes: Tax implications for universities and donors

MAGAZINE

September 2025

September 2025

September 2025
August 2025

August 2025

August 2025
July 2025

July 2025

July 2025
June 2025

June 2025

June 2025
May 2025

May 2025

May 2025
April 2025

April 2025

April 2025
March 2025

March 2025

March 2025
February 2025

February 2025

February 2025
January 2025

January 2025

January 2025
December 2024

December 2024

December 2024
November 2024

November 2024

November 2024
October 2024

October 2024

October 2024
view all

View All

http://JofA_Default_Mag_cover_small_official_blue

PUSH NOTIFICATIONS

Coming soon: Learn about important news

CPA LETTER DAILY EMAIL

CPA Letter Logo

Subscribe to the daily CPA Letter

Stay on top of the biggest news affecting the profession every business day. Follow this link to your marketing preferences on aicpa-cima.com to subscribe. If you don't already have an aicpa-cima.com account, create one for free and then navigate to your marketing preferences.

Connect

  • X Logo JofA on X
  • facebook JofA on Facebook

HOME

  • News
  • Monthly issues
  • Podcast
  • A&A Focus
  • PFP Digest
  • Academic Update
  • Topics
  • RSS feed rss feed
  • Site map

ABOUT

  • Contact us
  • Advertise
  • Submit an article
  • Editorial calendar
  • Privacy policy
  • Terms & conditions

SUBSCRIBE

  • Academic Update
  • CPE Express

AICPA & CIMA SITES

  • AICPA-CIMA.com
  • Global Engagement Center
  • Financial Management (FM)
  • The Tax Adviser
  • AICPA Insights
  • Global Career Hub
AICPA & CIMA

© 2025 Association of International Certified Professional Accountants. All rights reserved.

Reliable. Resourceful. Respected.