Save content
Have you found this content useful? Use the button above to save it to your profile.
AIA

IRIS OpenSpace targets Dropbox tendency

by
11th Sep 2012
Save content
Have you found this content useful? Use the button above to save it to your profile.

IRIS Accountancy Solutions has staked its claim for a share of the online client portal market with the launch of a free OpenSpace facility.

The aggressive launch tactic is part of a wider strategy to draw more accountants to the company’s online and Cloud-based systems, said managing director Phill Robinson.

“It’s an important product for us. At IRIS World last year we talked about the IRIS Open platform as the base for lots of products. IRIS OpenSpace is one of those products - we’re creating a platform for document collaboration for accounts and their clients,” Robinson told AccountingWEB.

IRIS OpenSpace will take on rival products on two fronts. The need for a more secure way to share files than email and the move to paperless practice processes has encouraged developers including DocuSoft, Lindenhouse, CCH, Digita and PracticeWEB to develop secure online portals - for a price.

At the other end of the market, there are a range of free tools that allow you to share and collaborate on electronic documents, such as Dropbox, iCloud & Google Docs. 

But these are consumer services and do not satisfy a professional accountant’s requirements for security and data integrity, Robinson argued.

“We’ve seen these services cropping up on the net, but they’re not centred on the needs of business. Some accountancy firms do use Dropbox, but every time you want to send information to clients, you’ve got to manually upload it to each client’s account. IRIS OpenSpace automatically creates an account for each client and can automatically upload a file to them,” he said.

IRIS OpenSpace supports transfers in both directions and is available free for any accountancy firm - not just IRIS customers. Some elements already integrate with the IRIS practice suite, and work will continue in this direction.

Robinson denied that the no-fee approach was an attempt to wrest the market away from rival paid-for products. “I wouldn’t say this is a land grab, but we want to make sure we get people using our Cloud products,” he said. “This is an onramp to products of the future - if people use OpenSpace, we feel they’ll continue with us in future.”

[Update - 17 Sept] Alison Jackson, a director at Lindenhouse, noted that the IRIS offer extended to 1GB of space, and questioned the level of functionality users would get from the service in terms of collaborating with clients, managing authorisations and searching stored files. Nevertheless, she added, “I think it’s great IRIS is doing something innovative and encouraging all accountants to use the latest technology.

“It is the way the whole market is going. It’s good to get people to understand what portal technology can do. It’s secure - unlike email - but I don’t see it as a great benefit if you can’t comment on documents, sign them off or collaborate.” I think their clients will use it, but others won’t. There’s not enough benefit.”

IRIS OpenSpace and other Cloud developments will be featured at the 2012 IRIS World events taking place during October.

Tags:

Replies (20)

Please login or register to join the discussion.

avatar
By ThornyIssues
12th Sep 2012 14:09

Arrrrgh!

Does no-one see the flaw in having client data with a handful of cloud based companies that could be subsumed at any time and thereby giving said subsumer (in any country) access to interesting data? Knowledge is power after all.

Come to think of it why not just use Facebook and cut out the middle man!

 

For the avoidance of doubt, that last comment was said with my tongue firmly in my cheek .... but makes a point.

Thanks (0)
avatar
By BigBadWolf
12th Sep 2012 16:31

Only 1GB

They only give you 1GB for free - and obviously don't tell you what they would charge if you exceed the measly 1GB upfront.

Thanks (0)
Stephen Quay
By squay
12th Sep 2012 16:42

Spideroak.com

Having used Dropbox I too was concerned about the site being hacked and lack of secure encryption. Apparently the encryption keys are uploaded with the files making them easy to gain access to. I looked around for a secure alternative and found Spideroak.com. The data is encrypted on your computer and transmitted as such. If anyone intercepted the data and looked at it, including employees of Spideroak, it would make no sense to them. This feature is well publicised on their web site. I now have synchonised and encrypted files on all my computers. The first 2Gb is free. Well worth considering in my opinion.

Thanks (0)
Replying to DJKL:
avatar
By ThornyIssues
13th Sep 2012 12:42

Point of order

squay wrote:

Having used Dropbox I too was concerned about the site being hacked and lack of secure encryption. Apparently the encryption keys are uploaded with the files making them easy to gain access to. I looked around for a secure alternative and found Spideroak.com. The data is encrypted on your computer and transmitted as such. If anyone intercepted the data and looked at it, including employees of Spideroak, it would make no sense to them. This feature is well publicised on their web site. I now have synchonised and encrypted files on all my computers. The first 2Gb is free. Well worth considering in my opinion.

Can I point you to :- 

http://www.zdnet.com/blog/btl/new-cloud-based-hacking-service-can-crack-wi-fi-passwords-in-20-minutes/28224

http://news.hitb.org/content/moxie-marlinspike-announces-cloud-based-encryption-cracking-service

The cloud is indeed very useful .......... to some.

 

Thanks (0)
By Hosted Accountants Ltd
13th Sep 2012 12:25

@BigBadWolf

We have had a good look around and the system seems very good - to answer your question each additional GB is £5 I believe. There are upgrade options within the application.

HA

Thanks (0)
Replying to evpod:
avatar
By BigBadWolf
13th Sep 2012 16:59

@ Hosted Accountants

Hosted Accountants Ltd wrote:

We have had a good look around and the system seems very good - to answer your question each additional GB is £5 I believe. There are upgrade options within the application.

HA

Thanks - £5 per GB is that annual or monthly? 

Why don't they tell you the price on their marketing website? I hate companies who aren't upfront with their prices!!! 

 

Is it any better than docSafe, which has a digital signature facility as well?

 

Thanks (1)
Replying to Glennzy:
By Hosted Accountants Ltd
17th Sep 2012 12:59

Pricing

[/quote]

Thanks - £5 per GB is that annual or monthly? 

Why don't they tell you the price on their marketing website? I hate companies who aren't upfront with their prices!!! 

 

Is it any better than docSafe, which has a digital signature facility as well?

 

[/quote]

Sorry for the slow reply BigBadWolf.

It is £5 per GB per month - it looks like there is also a 15% off deal for paying for the year but you will need to speak to you IRIS account manager. As discussed by Adrian if you stick to normal documents and PDF's then 1GB should give you plenty - c100,000+ pages, but obviously this depends on many variables.

And yes pricing would be useful but then again it is in the product after a simple sign up...

I have not used docSafe - we use EchoSign (Adobe) for signing up clients and sharing contracts....

Dan

 

Thanks (0)
Adrian Pearson
By Adrian Pearson
13th Sep 2012 13:12

Who cares?

Cloud security / confidentiality issues need to be put in perspective.

Would a chinese, or russian or even teenage british "hacker" have any interest in seeing your client's profit and loss account? Or a copy letter you sent to HMRC about car benefits?

If your desktop PC or office server has a connection to the Internet, it is just as vulnerable (probably more so) to hacking as a cloud server. The fact is your office server is not being hacked because the sort of people with the skills and motivation to do so have no interest whatsoever in your client's data.

Thanks (7)
Replying to mbee1:
avatar
By growson
15th Sep 2012 17:44

"who cares?" -- well, employees for starters

Adrian Pearson wrote:

Cloud security / confidentiality issues need to be put in perspective.

Would a chinese, or russian or even teenage british "hacker" have any interest in seeing your client's profit and loss account? 

 

True, however, often client data includes employee privileged information -- including information ripe for identity theft (birth dates, close relatives, social insurance/ID numbers, earnings information).

 

And in some cases, the information may contain credit info for customers, including credit card numbers.  Clients aren't supposed to retain this information A) for very long and B) in an unencrypted state and C) not outside of the credit card processing system but, that doesn't mean that the client has actually DONE any of this -- especially the small clients).

 

So, it does matter -- or at least some diligence has to happen before we assume that *all* data is appropriate for upload to networks outside of the control of the accountant.

 

Regards,

R. Grant Rowson, CISA, CGA

(Canada)

 

Thanks (0)
Stephen Quay
By squay
13th Sep 2012 13:46

SpiderOak.com

To quote SpiderOak's website

"SpiderOak uses industry-standard SSL encryption to secure communication channels from end-to-end. Data is encrypted locally, uploaded encrypted, stored encrypted, and sent back to a user’s registered device encrypted. This provides the foundation for our ‘Zero-Knowledge’ Privacy environment."

"Our 'zero-knowledge' privacy environment ensures we can never see your data. Not our staff. Not a government. No one. The myth about 'online' and 'privacy' has been dispelled - leaving an environment whereby it is impossible for us to betray the trust of our users."

I am quite satisfied that SpiderOak have taken sufficient measures to protect my data and I believe it is all too easy to become paranoid about hacking and data theft. Provided you have taken all security steps possible I see no reason why the cloud should not be used to store and sync data and I shall continue to use SpiderOak do so. 

Thanks (0)
Replying to Paul D Utherone:
avatar
By growson
15th Sep 2012 18:17

SpiderOak

squay wrote:

I am quite satisfied that SpiderOak have taken sufficient measures to protect my data and I believe it is all too easy to become paranoid about hacking and data theft. Provided you have taken all security steps possible I see no reason why the cloud should not be used to store and sync data and I shall continue to use SpiderOak do so. 

 

While I do feel that SpiderOak has given attention to the issue, I'd feel a heck of a lot more assured if they actually posted the audit opinion of an information systems auditor (along SAS70 or SSAE16 standards -- even though these relate more to financial system internal controls, audit opinions can be issued for non-financial systems too).

Considering that we're all accountants and/or auditors, I think part of the diligence process should include examination of a cloud provider's system by a third-party who can attest if they actually A) have controls to protect access/privacy/disclosure/etc. and B) whether the company follows them and C) are they effective.  If a major cloud service hasn't gone down this route, then I would be concerned if they are serious about their business.  This is akin to putting your bank deposits in a nationally-certified/monitored/regulated bank vs "giving the money to Vinny down the street who will hold it safely for you" (no offences meant to the Vinnys of the world).  It's also a differentiator between consumer vs business services.

Regarding the "belief" that one can become paranoid about hacking and data theft - I know what you're saying - but my CISA professional development requirements have me monitoring the topic as part of general concerns about system security and governance.  There are whole security professional conferences out there (Black Hat, in particular) where they have competitions to break all of the "industry standard SSL" stuff, etc.  It's not a question if the security is solid/impregnable but rather how FAST the teams can do it.  Combine that with the number of botnet systems (home/business computers that are actually hijacked and remotely "owned" by a system somewhere else and thus used for identity theft, espionage or other purposes), and one can see that the problem is a bit more insidious than what might first appear.

A few years ago, BBC did a really good story on the subject -- they "bought up" a criminal botnet on the black market -- a small one, where only 20,000 computers were controlled -- and on television had a security professional show how the net could be used to take control of victims' computers, etc.and use it to gather information.  I believe they actually got sued over this, even though they didn't actually do anything criminal with it and actually contacted all of the victims to let them know that their machine was "compromised and now liberated."  Bottom line:  you need to make sure that ALL pieces of your information system -- local OR cloud -- have the proper protection in place to prevent "unintended access/disclosure of sensitive information."

 

ps:  I use various cloud services extensively (DropBox in particular, though have used SpiderOak and SugarSync, too) - but I do have regulatory requirements (in health care) that restrict what type of data I can put on such cloud services (or anywhere else, for that matter).

Regards,

R. Grant Rowson, CISA, CGA

(Canada)

 

Thanks (0)
avatar
By roblpm
13th Sep 2012 14:20

Digital Signature

Not much use at the moment as you can upload a tax return to someone, then they have to print it out, sign it, send it back, we have to scan it....................

When they add signatures so we can just publish, get it signed and then we can submit it will be great!!

Another issue I can see with this is that if we store the signed returns on this system and dont archive them manually the storeage will grow forever along with the monthly fee.

Thanks (0)
Replying to thatsnumberwang:
Stephen Quay
By squay
14th Sep 2012 12:50

HMRC do not need a signature

roblpm wrote:

Not much use at the moment as you can upload a tax return to someone, then they have to print it out, sign it, send it back, we have to scan it....................

When they add signatures so we can just publish, get it signed and then we can submit it will be great!!

Another issue I can see with this is that if we store the signed returns on this system and dont archive them manually the storeage will grow forever along with the monthly fee.

Provided you have received approval for the client's SAR from the client then HMRC will accept that when you submit the SAR electronically. We use this method where clients choose or who may live abroad. Especially useful as the deadlines approaches. In these cases we email the client's SAR to them (if they want it encrypted we can do so) and then ask them to approve the SAR in an email back to us quoting the HMRC IRMark so they approving a specific SAR. We keep this email on file with the return. Have done this for many years without any problems.

Thanks (0)
avatar
By daveforbes
14th Sep 2012 11:33

@roblpm

Why all the printing, signing and scanning ?

The HMRC say at http://www.hmrc.gov.uk/softwaredevelopers/2013-copyspec.pdf

2) Receive confirmation in writing from the client that the information is correct and complete to the best of the client’s knowledge and belief. The client may give their written confirmation in electronic or non-electronic form.

Thanks (1)
Replying to ishani:
avatar
By roblpm
14th Sep 2012 17:38

Signing
Thanks for the answers.

However what I was getting at was that it would be even better long term to have the returns and confirmations all together without the hassle of filing emails etc. As the previous poster points out they get the client to quote the IRmark in the email. Much simpler for the client to electronically sign. We then get notified and submit the return with no filing at all.

Thanks (0)
Teignmouth
By Paul Scholes
14th Sep 2012 18:28

Security & signatures

I'm in the real world with Adrian over security, everything I have is now hosted and I feel a lot safer that I did when I had my own box & cables running into the wall.  I use Dropbox extensively for my own and client stuff and anything sensitive deposited up there is encrypted by us.  Same goes for anything sent out on emails.

It's worth mentioning that in several cases it's clients that invite me to link to their dropbox rather than the other way around.

I've also signed up for Iris OpenSpace and it looks well designed and slick and I like the idea that we & clients get notified as soon as anything goes up there.  Unless you or clients are silly enough to deposit Sage type data files then 1GB should be ample for many small practices (even with loads of photos I struggle to use over .8GB on DropBox).  I don't see OS as being a permanent archive, ie once a filet has been used/approved it can be copied to local drives & deleted.

Electronic approval &/or signature functionality is available at a price from other systems but, as with so much in the IT world, give it a year or two and all file sharing systems will provide this as standard.

Thanks (0)
Adrian Pearson
By Adrian Pearson
16th Sep 2012 12:29

Why the focus on cloud security?

@growson I hear what you say and, of course, you are correct in many of the points you make regarding data security generally.

What always surprises me though is that any talk of hosting data remotely seems to attract an inordinately negative commentary about perceived security concerns; compared to "controlled" systems such as a physical server in one's own office.

Professionals have been storing confidential client data on their own servers, PCs, laptops, portable hard drives, USB sticks, DVDs, CDs, floppy disks AND paper files for decades (centuries in the case of the latter). This data is, indeed, capable of being used by the unscrupulous for many nefarious purposes. Yet there is no hand-wringing over the (lack of) security these media provide. This is because we are all familiar with these traditional methods and, by comparison, cloud storage is new.

If you challenged me to get my hands on your confidential data, offered me a substantial cash sum (and immunity from prosecution) I would attempt real-world physical access to your data in preference to the much harder digital attack every time. Unless you have data centre (i.e. almost military) levels of physical security over your office and/or home premises I would opt to engage the services of common criminals to break-in, put your server under their arm and walk right out again. Whilst ransacking your offices, they could also collect assorted portable drives, disks (and paper files) that will likely be pretty easy to find and pick up.

Hell, it might not even be that difficult. If you conscientiously take your DAT tape backup from the server home with you each evening, my newly-hired unsavoury cohorts could simply mug you in the office car park.

The point I am trying to make is that if firms undertook the same kind of audit on their existing security vulnerabilities as they demand in respect of prospective cloud storage solutions, they would quickly realise that data is much safer with professionals: in a secure, purpose-built facility that a) makes physical access impossible and b) employs professionals whose only job is to employ the most robust digital security available and monitor it 24/7 365 days a year.

Adrian

Thanks (0)
Replying to lionofludesch:
avatar
By growson
16th Sep 2012 18:24

Why focus on just cloud security - back door wide open at home

Adrian Pearson wrote:

The point I am trying to make is that if firms undertook the same kind of audit on their existing security vulnerabilities as they demand in respect of prospective cloud storage solutions, they would quickly realise that data is much safer with professionals: in a secure, purpose-built facility that a) makes physical access impossible and b) employs professionals whose only job is to employ the most robust digital security available and monitor it 24/7 365 days a year.

 

Adrian, you're completely right here.  The "fuss" over the hosted storage sites results because those entities are OUTSIDE of our DIRECT CONTROL -- meaning, we really don't know what access controls, security processes, containment processes, disaster/continuity management plans, etc. that they have.  But I'd agree entirely that MOST local environments haven't really considered all of these points also.  And as I think it's already been said here by someone (you? - can't see the response thread as I reply), your sensitive data might actually be BETTER PROTECTED in the cloud than on a local network:  how many places are using replicated virtual servers within their own networks?  And even if they are, how many site IT managers can call up, in the pinch of a disaster, the THOUSANDS of servers that Amazon has for their cloud offering?  Or Google/Microsoft?  Again, I think the big issue is making sure that your cloud company of choice has all of the right assurances in place to give you the operational flexibility and security that you require of your data . . . .

. . . . and the same diligence should happen with local networks as well.  We're a long way from the old adage "oh, the tape backup is capturing everything" (presuming that someone has actually TESTED the theory :-/ ), and some false delusion that the local network;s security is sufficient just because there's a wal-mart-grade firewall and antivirus software installed (which is only stage one preparedness out of three - the other two being intrusion detection and data loss prevention).

 

Regards,

R. Grant Rowson, CISA, CGA

(Canada)

 

 

Thanks (0)
Replying to lionofludesch:
avatar
By daveforbes
17th Sep 2012 10:14

hypothetical criminal

Adrian Pearson wrote:
If you challenged me to get my hands on your confidential data, offered me a substantial cash sum (and immunity from prosecution) I would attempt real-world physical access to your data in preference to the much harder digital attack every time.

If there was only a small chance of a cash reward and no immunity from prosecution, would you change your strategy ?

Thanks (0)
Adrian Pearson
By Adrian Pearson
18th Sep 2012 09:02

No, but I'd have to do it myself

@daveforbes - the cash and immunity were merely required for me to put my case in the first person. The cash allowed me to pay criminals and immunity would let me sleep at night.

Of course, in reality, our hypothetical criminal would be comfortable breaking into premises or mugging individuals and would do so only for the potential rewards to be had from selling or misusing the data. Likewise, they would be familiar with the risk of being caught.

Thanks (0)