In 2009, The American Institute of Certified Public Accountants (AICPA), its subsidiary CPA2Biz, and Intacct formed an alliance to bring the benefits of cloud accounting to CPA firms. In my book project this summer, the CEO of DATEV told me about a number of accounting firms in Germany that take advantage of its cloud financials. It's allowing them to service clients from anywhere and breaking down traditional geographic boundaries. NetSuite tells me their Accountant Program is growing by leaps and bounds. Accounting firms such as Deloitte and McGladrey are very visible at many cloud events.
But when it comes to clients, auditors (internal and external) may actually an obstacle to cloud adoption. This article in InformationWeek (registration required) provides several examples:
"Security auditors don’t distinguish between the controls at a well-run on-premises data center and the security at, say, an Amazon Web Services or Rackspace data center, even though that difference is usually massive. In the most extreme cases, we’re talking a keypad lock and someone casually perusing logs versus military- grade perimeters, data integrity monitoring, maybe even guys with M16s."
"Generally, as long as your company does criminal background checks, auditors give your employees the benefit of the doubt. Vendors, however, are treated like common criminals by default; IT organizations must prove their innocence for pages and pages. Amazon matches the criminal background check standard, plus it requires employees to explicitly request access to all AWS cloud components through a ticketing system. It reviews accounts every 90 days or when a job function changes. The default is explicit reapproval, or access is automatically revoked. How many private data centers have that level of control?"
There is more in the article on privileged users, identity management and data from InformationWeek's Cloud Security and Cloud Survey like in chart below.
