Monday, May 27, 2013

Tradeoffs in Cloud Computing are the New Normal

Tradeoffs in Cloud Computing are the New Normal

After many years of working with business professionals in "enabling" their organizations to make better use of technology, I must say that it is a bit frustrating trying to get folks to understand that this new and wonderful cloud computing model (or Internet-based computing, SAAS, or whatever-you-want-to-call-it computing) is still just technology. It uses computers and disk drives, it runs software, it takes electricity, and it was developed by human beings. It can break. It's not magical and perfect and you can't get the good stuff for free. Swim at your own risk. A sales team I used to work with even recognized this reality and developed a fondness for the phrase "technology happens". So, assess the risks and measure the benefits against them. For many, the benefits outweigh the risks, and cloud computing approaches deliver advanced capabilities at cost levels not previously available to most businesses.

No industry is immune to the considerations surrounding a cloud computing model. Even lawyers involved with ediscovery (!) recognize the potential benefits - and tradeoffs - of the model, as was clearly revealed a few years ago at the ILTA (International Legal Technology Association) 2010 event in Las Vegas. While the discussions at the conference were oriented specifically towards the legal profession, the IT-related discussions were and still are totally relevant to every business. Accounting and finance professionals should pay close attention to this type of conversation, as it relates very directly to accounting's approach to information technology and the application of IT in the business or professional practice.

In a recap of the event entitled ILTA 2010 in Las Vegas: Strategic Unity, Defensibility, and the Cloud, author Chris Dale discussed the reality that professionals in both public and corporate service must work with the IT departments towards a common goal. "IT is no longer just a service department providing an infrastructure, applications, training, and troubleshooting." While these elements still remain as critical aspects of IT, the role has grown to also incorporate considerations for collaboration (collaborative information management), mobility, and social media.

Recounting one session attended, called Defensible Ediscovery Processes, the author related the variety of definitions provided to the general term" defensible", which were pretty amusing.
Definitions ranged from "protected against attack", to "less lousy practices" or "practices which suck the least", and finally, "what you can get away with without being found guilty of spoliation". 
From these definitions then came qualifiers, such as "reasonableness" and "faith". Why would defensible processes be important, and how does this relate to IT or cloud computing? An example of the element of "faith" came up in this context: " how can [lawyers] have faith that the technology is delivering the right answers?" A panelist gave the sample of "an email retrieved from (or possibly not retrieved from [love those lawyers]) a system, with 26.5 pages missing. How can you be sure that the systems which you are using will not do that to you?" These are valid questions in any IT environment, and are no less important when considering a cloud-based technology model. The trade-offs are related to perfection in functionality and performance of the solution versus cost, and should be measured in proportion to one another.

The tradeoffs may come in a variety of areas, with collaboration and connectivity being the primary drivers (collaboration) and barriers (connectivity) to the model. Businesses are more than ready to adopt cloud computing strategies based on the belief in improved collaboration, access to information, and improved IT management, but tend to overlook the offsets in the areas of bandwidth availability (and consistency), application functionality (or lack thereof), and level of support available from the provider. 
In support of this argument, Jerry Justice (IT Director for SS&G - Certified Public Accountants and Advisers) posted in a LinkedIn discussion on the topic that "by design the Internet is 'reasonably' connected, but not the same as a well-connected [local] network. the upside is it gives you the ability to connect from great distances, the tradeoff is that you experience variable connectivity."
"The underlying issues are that there is a paradigm shift to working on the Internet (from working in the office) and then another shift when you add in cloud-based environments (versus local apps). It is possible to be very productive, but .. you have to adapt your approaches".

The idea "that perfect must be qualified by cost and proportionality" was also discussed in an ILTA session on cloud computing which included panelists from Autonomy iManage, Mayer Brown, and Ernst & Young. "Cloud computing remains a contentious area, with no obvious agreement even as to what the term means, let alone as to its implications" wrote Mr Dale in his recap of the event. While the panelists held differing views, the representative from Mayer Brown held a position similar to Mr Dale, in that it is important to "dissect the objections one at a time, accepting that there is room for more than one view, and testing arguments against the alternatives. Arguments based on pure cost are pretty compelling, and if one method of achieving an objective is very much cheaper than the others, then the burden shifts to those who argue for the more expensive route."

Discussions went on to describe differences between public cloud providers and others, who segregate customer data in "private and identifiable silos". "The key word here is identifiable", writes the author, "which connotes a geographical certainty as well as anything else. I sometimes wonder if the imagery associated with cloud computing (invariably a jagged line disappearing into some cumulus) does not leave some people with the idea that their precious data is indeed floating in some inchoate container up in the air."
"If you neglect to provide in your contract that your data remains in a specified jurisdiction, and if you fail to conduct proper due diligence checks on the provider, then you deserve all you get. Like any risk assessment, it involves weighing cost against other factors; most of these other factors are definable and quantifiable".
I couldn't have said it better myself.

Make Sense?

Tuesday, February 19, 2013

Software vs Service Provider - Barriers to Cloud Hosted Applications

When a user logs in to a virtual desktop, and all their valuable and beloved applications are available to them, fully functional and integrated as they are on the PC, with all their data available to them as well, the reaction is almost always one of excitement, empowerment, and - ultimately - bewilderment. "Why", they ask, "doesn't everyone do this?"

Good question.

The answer, at least in part, is the way software companies license and sell their applications. Now, if you can continue to produce your product in the same way you always have, distribute it using your known distribution channels (which deliver predictable performance), and realize revenue in the manner to which you have become accustomed, why would you actively seek to create disruption in the "normal" flow of things? Especially when status quo seems to be working pretty well.

Another good question.

The adoption of cloud-hosted applications (in this case, hosted desktops and the applications associated with them) is pretty much in the hands of the application software companies. It's certainly not the platform that we are waiting for. The base technology is already proven on the hardware side, with awesome virtualization and high-density machine configurations available. And the software has been proven in a variety of deployments, as demonstrated by Microsoft Terminal Services, Remote Desktops and Remote Apps.

The software companies represent a barrier.

And so it comes down to the application software manufacturers. These guys seem to fall into two main camps when it comes to hosting their applications: redevelop the app with a web framework and deliver a browser-based solution, or pick a single delivery model from the above list, and limit true integration capability. In short - webify or segregate. Either way, it creates severe limitations in the way the software can take advantage of integrations and connections with other applications. And, for most desktop software vendors, integration with other desktop applications is frequently one of the key benefits of the product.

The web-based applications have already come to grips with this reality. Where a download of a document to your favorite word processor was once just fine, the market now demands data re-use and expanded business process integration, forcing the web applications to open themselves to outside connections and 3rd party developments. Just look at the developer network has created. If that doesn't prove that no app is an island, I don't know what does.

On the other hand, many app developers who have chosen to "webify" using application publishing and delivery tools have evidently forgotten that one reality: integration is part of what makes their app popular. No business process is an island, and the data rarely stands alone. Would ACT! be so popular if it couldn't integrate with your Outlook email client, or with your MS Word word processor? Would MS Excel be so popular if you couldn't push almost anything to it as a spreadsheet file? The answer is no. This is why the integrations were developed in the first place - greater functionality and an improved value proposition, resulting in increased use and user productivity.
Too many options?

To complicate the problem, there is not just one delivery method that works for every application, business model, or user. With the variety of technologies available, independent software companies have hard choices to make in determining how their cloud hosted products might be offered, and additionally by whom they might be sold. As of today, though, most of the software companies have approached the problem alone, where opting to use their "hosted" editions frequently eliminates the option of integrating on the desktop with other locally-run applications (like what happened with QuickBooks Online Edition).

Not only does the software maker have to find the best technology/platform fit for the delivery and for their market, but they must also then consider their distribution channel - the "food chain"of promotion and delivery of the product or solution. Often this "who" that can offer the product is just as much of a barrier as the "how".

The maker of a given software package is in the business of selling their software, not other peoples' software. While integration with other products is exceptionally important to the product's value in the market, the software maker is fundamentally concerned with only the sales of their own solution. They tend to promote sales through resellers and consultants who can not only provide the software but offer install, training, and ongoing support as well. Designating sales organizations which are "authorized" to represent a product is a typical software company approach.

Many of these authorized resellers are focused exclusively on selling the software solution, not the ongoing support of the platform. These resellers are often highly skilled at working the specific software application, but may lack in-depth understanding of the platform upon which it runs.

Some authorized resellers are actually integrators - companies who sell products from a variety of sources and combine them into "solutions". Historically, integrators have been key players in creating successful markets for certain products, providing the support and other services necessary to keep the products entrenched in the user community.

In many cases, the integrator makes their money on the support element on the arrangement, not necessarily on the product. In these situations, the platform and ongoing maintenance and support are the key revenue drivers, and the integrator may be loathe to recommend a solution to the client that cuts into their involvement and revenue stream. And hosted, managed application services can certainly do that.

So - what is the answer? Well, there isn't just one that jumps out.

One element in the solution is recognition by desktop software companies that their desktop products need to be available in a hosted delivery model. Consumers require choice in terms of their involvement with the business IT infrastructure. Some folks want to control it, others simply need access. The business of hosting applications is growing, but many of the software makers in the market aren't behind the movement.. they are unwilling participants who leave it up to the service providers (the integrators in the datacenter) to make things work. In some cases, end-user licenses are even written to make hosting the software an illegal event.

Another element, equally if not more important, is the service provider community and their approach. With the wide variety of technical standards out there - the different technologies, different approaches, different levels of consideration, and different market sensitivities - it is no wonder that fear and doubt are prevalent in the market.  It would be nice if software developers assisted the hosting service providers with establishing best-practices and standards for implementing the various solutions so that customers didn't have to ultimately bear that burden, too.

And then there is the distribution channel and method of selling licensing. Many software companies work exclusively through their authorized reseller channels. While this may benefit the user from a product knowledge standpoint, it creates difficulties with the new delivery model and frequently puts the software sales channel in direct competition with the hosting providers.

The tweener gets you from here to there.

While the concept of hosting desktop and network applications may seem to be "fraught with peril", it can be done well and deliver significant benefits to the company. By simply changing the way employees access and interact with their applications rather than changing the apps themselves, businesses can introduce an entirely new range of business benefit and capability. Outsourcing the business IT can also represent cost savings and, more importantly, allow businesses to focus personnel and financial resources on the core business. 

For those who see true cloud services as the future, this "tweener" step gets you divested from localized technology and helps to embrace the flexibility and freedom that virtual and mobile computing can deliver without forcing radical change right now.

Make Sense?

Thursday, February 07, 2013

Knowing More: CFO and Accountant Value in Understanding Business Operations

Knowing More: CFO and Accountant Value in Understanding Business Operations

Accounting professionals are being pressured to deliver more value and intelligence to their business clients every day.  The pressure comes from a variety of areas, not the least of which is the fact that a lot of do-it-yourself tools are now available which lead business owners and managers to believe that they know what’s going on in the business.  Lots of charts, graphs, and dashboard presentations make the numbers more readable, but they don’t say whether or not the numbers are even right.  Even more important, they don’t deliver insight based on experience and understanding.  This is where the accounting professional’s value really comes from – providing insight based on good data and quality data analysis backed by experience and understanding of the business.
You can’t be a good CFO or a strategic business partner to your CEO until you thoroughly understand operations and how they drive performance, (
Knowing what makes a business valuable is important, but what many business owners don’t fully understand is how to best increase that value.  Generalized reports which summarize financial information, distilling it into a standard set of metrics, often don’t tell the business owner what they really need to know – how to go about increasing the overall value of their business, whether it is through improved profitability or through growth.
The business owner understands the operations, but not necessarily how operational activities actually impact value and profitability.  Helping owners know more about their enterprises requires that the accounting professional also know more, where gaining a deep understanding of operations and learning what business functions are addressed and how becomes the key to bridging the gap between operational knowledge and business valuation. This is where the accounting professional or CFO can really make a difference, and can help to apply their knowledge in building business value directly towards those areas which fundamentally impact it.
Make Sense?
  • Read more about how accountants need business intelligence, too
  • Read more about how there’s no fear and loathing in accounting
  • Read more about Data Warriors: accounting in the cloud

Thursday, April 28, 2011

Protecting Yourself Against Data Theft

Protecting Yourself Against Data Theft
by Michael Ehart, CISSP, etc.

There has been a rash of reporting of data theft lately that has a very strange effect of causing many to become complacent about their data protection measures because, after all, their system is working.

The problem is that there is no way to know if your data is bulletproof. You can only be certain when it is not, and you have evidence that your security has been breached. The vast majority of data theft is undetectable and unprosecutable, because unlike physical theft the stolen data is still there. If someone sneaks into a museum in the dead of night, dressed in spandex and night goggles and makes off with a Bottecelli, in the morning there is a big square of unfaded wall, an empty nail, a light dusting of tracked-through laser-detection talcum powder and no painting. 

The problem with stolen data is that most of the time there is no way to know that your system has been breached, or if it has been, that anything is missing because nothing is actually missing.
So what do you do to keep your data secure? The threats come in three flavors, and there are steps that you can take to protect yourself from each one.

1. The Barbarians at the Gates. There are people out there who don't like you. There are people out there who don't care about you, but want what you have. And there are people out there who don't care about you, or what you have, but want inside just because they can. These are the folks that firewalls were invented to thwart, and I assume that you have covered this loophole. Firewalls, encryption, strong passwords, and some sort of Intrusion Detection System (IDS) cover you there. If you don't understand or like this stuff hire someone who does. A competent IT security consultant can set up security for most small offices in a few hours of system hardening. Do make sure that the contract includes some basic training for your users concerning the changes and best practices.

2. The Enemy Within. Far more likely to cause you grief is the viper cherished in your bosom. No one knows for sure, but I would guess that the retail model applies here--- 90% internal theft. After all, who else holds the keys to your kingdom? Training, monitoring, set usage policies and careful terminal check-out procedures can help, but you never know. If you have 20 employees and they all seem perfectly content, either you are the shining example all other bosses should aspire to or at least 5% of your workforce is adept at hiding their dissatisfaction. I know which one seems most likely to me.

3. Stupid is as Stupid Does. And Stupid seems to be doing more than his fair share lately. Data theft is the classic crime of opportunity. "It was just laying there, so I took it." Or "The web site was unsecured" or "The safe was left open" or -one that I recently was asked about- "I left the box of records in the back seat, and someone borrowed my car." I love consulting, but dang, please make it harder for me, will ya? No more post-it notes with passwords conveniently stuck to the monitor, or so cleverly stuck under the keyboard. No more backup tapes on a shelf behind your desk, or stacked on top of the server. No more shared passwords for the entire office. 

Once again, if you don't know about this stuff contract someone who does. It is so very much cheaper and less stressful to spend a few bucks and a few hours hardening your system and providing a few hours of common sense training for your crew than it is to learn about your data disclosure from the guy with good hair and too many teeth holding the mike and standing sideways in your lobby so his cameraman can get a good shot.

Michael Ehart is a Certified Information Systems Security Specialist (CISSP) and carries certifications as a HIPAA Professional and HIPAA Security Specialist (among other things). Visit Michael Ehart's HIPAA blog Comply With Me

Wednesday, February 16, 2011

Finance and Accounting Support in Franchise Systems

Finance and Accounting Support in Franchise Systems

There has always been somewhat of a love/hate relationship between franchise operators and their franchisees.  While many entrepreneurs elect to leverage a known brand, documented operating procedures, and combined purchasing power that is often a benefit of a franchise operation, the reluctance to “open the books” to the franchisor is largely based upon a fear that “big brother” will use the information to take advantage of the business owner.  

Logic would indicate that both parties would recognize the validity of sharing financial and business performance data for the benefit of the entire system, where benchmark data and performance comparisons can become the basis of tremendous business intelligence.  But some franchisors, as their networks expand in size, find that their success in selling units begins to outweigh their concern for individual unit performance, and the brand value creates sufficient momentum to overcome a few bad business experiences.  Especially in larger systems, the franchisors don’t often consider the benefits of providing back-office and accounting support for their franchisees, because they simply don’t feel they have to. Reliance on quality accounting and financial data, however, may begin to take on an entirely new meaning, given the nature of the economy right now. 

High unemployment and low consumer confidence have caused spending decreases which have impacted even the strongest of established businesses.  With credit markets being as tight as they are, business owners are unable to obtain the financing required to expand their businesses when required, to new locations or with additional personnel.   The 2010 Franchise Business Outlook[1]  suggests that, even as the economy starts to recover, franchised small businesses will continue to face these financing struggles.  The forecast is for “a slow recovery with marginal increases in the number of establishments, jobs and output.”

Looking to Washington for help, a number of small business organizations, along with The International Franchise Association, are “calling upon Senators to include more provisions in new job creation legislation to help small businesses access credit.” [2] The fear is that if credit access for small business isn’t made available now, the best opportunity to create sustainable business and subsequent job growth will be lost.  Reliance by small businesses upon credit is unquestionable.  

According to the IFA, “the depletion of [SBA loan] funds last fall is proof that the SBA programs were, and continue to be, critically important for our nation’s credit-worthy entrepreneurs”.  However, without sound business accounting and provable data, even the most business savvy entrepreneur may find their business “unbankable” and must therefore rely upon personal credit guarantees to support business growth.

Possibly the strongest point in the argument for franchisors facilitating accounting and financial management assistance to the franchisee centers on Item 19 of the FTC and state Franchise Disclosure Documents (FDD)/Uniform Franchise Offering Circular (UFOC).  Item 19 is the Earnings Claim, which are estimates or historical figures detailing sales, expenses, and income a prospective franchisee might realize as the owner of a particular franchise.

The Earnings Claim is often considered to be the single most important factor in buying a franchise.  As with purchasing any business, it is critical to have a realistic and supportable projection of sales, expenses, and profits earned.  Particularly in a case where a potential new franchisee has no experience running a business, or no applied experience in that particular type of business, the earnings claim becomes the only guidance available.  Unfortunately, the only source for this information is the franchisor itself, which often introduces doubt as to the veracity of the data.  It is difficult to determine which could raise more doubt about the sincerity of the franchisor: using unverifiable data, or not providing an earnings claim at all.

When a franchisor elects to provide services to their franchisees, such as back-office accounting support or financial management oversight, then the opportunity to obtain data for the earnings claim, performance benchmarking, and royalties verification become realistic goals.  Further, the ability to verify and substantiate the data can prove invaluable in a tough franchise market where buyers want good, verifiable information, and Item 19 helps sell units.

Offering accounting support to small business owners isn’t a new concept, but the technology to facilitate a truly seamless relationship has only become available in recent years.  As Internet and Web-based application services emerged on the market, businesses flocked to them in order to gain the benefits of anytime, anywhere access to applications and data.  However, the poor performance and lack of features left some business users without the tools they needed to handle all their requirements efficiently, so many returned to manual or local PC-based systems. 

Application hosting approaches offer a technology model which adapts trusted and proven software and systems to a cloud-based, collaborative online working model.   This technology model allows the businesses to continue use of applications with the functionality required to support the business, but improves the IT environment by managing and securing the systems within a secure facility, and utilizes the resources of the service provider to facilitate the ongoing management and support of the systems.  

Owners are able to retain their investments in software applications and processes, while introducing new efficiencies and flexibility in their working model.  The evident benefits are the ability to access information from any location, to have multiple locations work seamlessly together, and to allow outside accountants or other service providers to work seamlessly in the organization.  

Application hosting services also offer centralized management and administration, professionally-secured systems, and deliver reduced costs of IT management, predictability in ongoing IT costs, and an improved ability for the business owner to focus on the business.  Further, the solutions delivered allow for the integration of data with reporting systems designed to assist in the translation, analysis, and comparison of data from a single business to an entire franchise system.

In summary, the franchisor market must look more closely at the fiscal management and reporting systems of their franchisees, and provide avenues to better-address accounting and bookkeeping responsibilities in order to gain credible performance data and useful benchmark metrics.   Only through the ongoing participation of accredited accounting and financial personnel can the business financial data provide the information – and the insight – required to support aggressive business growth in this difficult economy.   

The key is seamless integration, and the technology solution is the cloud-enabled model.


[1] Report that measures the economic impact of franchising in the United States, prepared by PricewaterhouseCoopers (PwC), and commissioned by the International Franchise Association Educational Foundation.

Thursday, June 10, 2010

QuickBooks POS in a Hosted Environment
QuickBooks Point of Sale in a Hosted Environment

Retail operators and multi-location store owners often face difficulties in attempting to bring cohesion to their accounting, financial, and operational data.  In so many situations, the retail location –  where inventory is sold and money is exchanged – is far-removed from the administrative location where the financial systems and business reporting exist.  It seems that the best case scenario is to create a means for the remote (retail) locations to operate with real-time access to centralized customer, inventory, and financial data from a primary source. Application hosting services can provide this centralization,  and a platform for standardization, of systems.  Further, the application hosting model can deliver security and managed service which ensures that the systems are available and performing as required. 

Even though hosted applications and centralization of the systems and processes in a POS environment may appear to be the right answer, there are caveats and considerations that speak to the realities of today’s technologies.  These caveats should be strongly considered prior to undertaking any reformation of systems and processes relating to the retail locations.

The first fundamental reality which must be addressed is connectivity.  While a retail or store location may enjoy Internet or network connectivity, there should be great consideration given to the wisdom of connecting these locations only and exclusively via remote access systems.  Retail is a dynamic business, and the sale is made when the customer is ready and willing to buy.  Any retail location must be able to process this sale in order to meet the immediacy of customer demand.  If the systems in use are exclusively accessed remotely, then the connectivity to those systems become of paramount importance in the ability to do business.  At the very minimum, any remotely-served retail location should have redundant connectivity options, with local personnel being familiar with the connection failover process.

A second strong consideration for a hosted or remotely-deployed POS or retail system is local device support.  Devices, such as card readers, scanners, cash drawers, receipt printers, etc. typically require local PC/computer drivers in order to function.  When served by a remote system, this connection between the host and the local devices may not function.  Limited device support for POS hardware can significantly impact the location’s accuracy and efficiency.

Another area of consideration for POS and retail systems centralization is integration or synchronization of POS data with core accounting and financial data.  Depending on the software solution in use, this integration may require that the POS software/data and the financial software/data reside on the same computer and/or within the same network.  This may be one area where a hosted implementation may offer a great deal of benefits, but the benefits to be derived are often a function of the design and behavior of the applications integrating.

QuickBooks Point-of-Sale, for example, was designed for use on a single-user PC environment.  The application is not well-suited to a hosted deployment for multiple users, as the software only allows one instance of itself to run on each computer. While there is a “multi-store” option for this solution, the option requires all stores be connected via a LAN/WAN connection to the same network. RDS (remote data sharing) functionality might possibly be used to allow communication between locally-run POS locations and the “master location” at a hosting service provider, but this method of communication has previously been found to be somewhat problematic and platform-specific (see notes following relating to multi-user/store configuration and Vista OS).  Further, the potential poor performance of RDS connections often negatively impacts the value of the integration.  

In many cases, the suitable answer is to keep the POS systems running on the local computers and network, and run the financial applications and the POS integration at the host.  With an installation of the QuickBooks financial application and the point-of-sale solution with the hosting service provider, the core financial data is able to be secured and protected in the virtual environment without risking lost productivity (and lost sales!) due to connectivity failures at the retail locations.  The end-of-day process at each location is to then move a copy of the POS data file to the host system, where it would be integrated with the QB financial data.  In environments where is is desirable to have the POS systems reading customer and/or inventory data directly from the QuickBooks financial data files, the recommendation is to keep an available copy of the financial data file in the POS network, on the local computers.  This copy of the data file provides the point-of-sale systems with necessary customer and product information, and would be copied/updated during the same end-of-day process where POS data is moved up for integration on the host system. 

This process is very similar to the way in which a localized system might be utilized, where the POS application runs at the front counter and the accounting application and data run from a back-office system.  In this scenario, many businesses elect to simply log off from the front counter system so that they can launch the POS application from the back-office computer, and then integrate the POS data with the QB financial data on that same computer.  Even in remote network configurations (WAN configuration), this is often a method which delivers better performance and stability than utilizing the remote data sharing service.

Wednesday, June 09, 2010

CRM Solution Gets High Marks from QuickBooks ProAdvisors

Results CRM offers robust features, yet is simple to use for small business users

Results CRM Solutions offer more functionality and features than most CRM solutions oriented for small businesses.  In most cases, a robust solution like this would require lengthy configuration and training efforts in order to make the system useful.  With Results CRM, however, a business can be up and operational within minutes.

The solution was recently reviewed through Intuit's ProAdvisor program, and got a rating of 9.75 out of 10!

From the review:
Results is extremely full-featured. Products with this level of functionality often have a complex architecture making them hard to learn and use. With Results, navigation and search functionality are simple and allow you to easily and rapidly access the data you desire.