Beyond the balance sheet

Where is the data in your online accounting software being kept?

Ercan Demiralay 27/7/2016 6 minute read

Ercan Demiralay FCCA explains the complex world of where your financial data is held when using online accounting software.

We live in an age of online information and unfortunately also one of data breaches. You only have to think back to the Talk Talk saga to realise that while storing data in the cloud and accessing it on the move is very advantageous, it also comes with potential risk and downside.

Online accounting software has revolutionised both transaction processing and analysis of financial performance. As a business owner however, you need to understand that access to this intelligence is made viable via the cloud and therefore you’re placing the storage of your business data in the hands of a third party provider.

With that in mind we’ve constructed this blog post to provide you with a basic understanding of how the cloud works. That way you’ll have a better idea of where your company’s financial data is being held and, how securely. If you’re looking to move to a new online accounting product, and comparing providers, then this is definitely an area of any potential solution that you need to investigate. Remember, knowledge is power!

The cloud – how it works

In the past storing information (data) in a computer, an external hard drive, or even your own server at your work premises worked quite well. It meant any of these devices effectively became your own mini- library. Over time however, we’ve ended up storing and doing more things on computers via the internet.

The need for more space thus grew rapidly and resulted in the rise of the cloud computing. The cloud allows you to save data to an off-site storage facility (known as a hosted server) which is operated and maintained by a third party. Accessibility for you as a user is obtained by the cloud provider installing the software on their server and you then accessing it and your data via the internet through a connected device.

This means people in your team and your accountant (assuming they have an account username and password) can view and edit your accounts (subject to their user rights) from potentially any location and hardware. Responsibility for items such as security and backing up the data rests with the 3rd party cloud provider. Accounting providers including Xero, Kashflow, Sage One and many others offer their software on this hosted basis.

The interaction between your software and the cloud

Cloud storage takes place on servers in facilities known as data centers. Depending on their purpose, some data centers can be quite small while others are huge and can take up warehouses. As we described earlier, the server is connected to the internet and it hosts your software. You then send files to it online so that the data server can record this new information. Then when you need to retrieve information, you enter the cloud to both access and edit the files held there.

What about backing the data up?

As you will no doubt be well aware, computers go wrong and so data needs to be stored in more than one place. This dual storage means in the event of an IT disaster your files can be retrieved. It's why cloud storage systems can have a vast number of data servers that use different power supplies so that the same information can be saved and accessed from multiple machines. Should one data server suffer an outage then the others are still available because they use a different power supply. It is this method that allows you as the user to access your files at any one time.

Where exactly is your data kept?

You’re unlikely to ever find out exactly where your data is being stored. A cloud service may be based in a country such as the United States, but that doesn’t mean all the servers are. Data centers can be located around the globe! You can start by doing a little bit of digging into the cloud provider your online software uses.

Thankfully we’ve done some of this work for you in the below comparison of the common online accounting software products we come across. Cast your eyes down the left column of questions to, “how secure?” You will then see some basic information as to what each provider does in relation to storing your company accounts.

Table comparing online accounting software providers


Xero for example, is hosted by Amazon Web Services (AWS). A basic search online then reveals that Xero migrated their customers' data over to AWS from their previous host Rackspace in May 2016.

To give you an idea of how much data needs to be stored in this process and thus backed up, a zdnet article in 2015 revealed that Xero ran 625 servers in 2014 and had to issue 729 updates to its platform in that year. So you can see why the answer to the question, where is my data kept, is anything but straight forward. Your data could be held on several different servers, in different locations and even territories.

How safe is it?

More and more information being held in servers connected to the internet opens everything up to hacking. Put simply, hacking is when someone obtains unauthorised access to data in a system or computer. The problem is hacking has developed into an increasingly common issue and the scale of attacks along with their implications have become more severe in recent years.

Infographic Large Scale Data Breaches Affect Millions of Users Statista

So not only do you need to know who is hosting your software and data but also the security provisions they have in place. What firewalls do they use to deal with things like spyware, Trojans and Malware? Do they hold safety certificates such as ISO27001, BS10012 or ISO22301?

Ideally in the terms and conditions of your contract you’ll see that they are compliant with principle 7 and principle 8 of the data Protection Act 1998. Of course it’s not all quite as simple as that. It never is in life. That’s because legal requirements in terms of your data are governed by the territory (country) where the server is held.

Your data is backed up on other servers that may be based in different locations which in turn have their own laws. Furthermore rules may exist between territories to protect your data where it is transferred from one place to another such as the recent EU-US privacy shield.

These are complex matters and the natural response of most people is that the worst case scenario won’t happen to me. You might think that even if it did, what could someone really be able to do with your accounts data? But what if you have valuable intellectual property that generates income or could generate income in the future? That’s highly competitive and sensitive information that you wouldn’t want to end up in the wrong hands!

So as with any product or service you purchase, do your homework and dig for answers to the questions we’ve raised in this post. That way you can have confidence that you’ll make a well informed decision as to which accounting provider to go with. If you’re already using online accounting software then it’s vital you understand where and how your accounting data is being treated.

New Call-to-action

The content of this post is up to date and relevant as at 27/07/2016.

Please be aware that information provided by this blog is subject to regular legal and regulatory change. We recommend that you do not take any information held within our website or guides (eBooks) as a definitive guide to the law on the relevant matter being discussed. We suggest your course of action should be to seek legal or professional advice where necessary rather than relying on the content supplied by the author(s) of this blog.


leave a comment -

Popular posts

What should my management accounts look like?
How to understand the different types of shares & class of shares
Payment on account - what it is & how to pay your tax bill