Is OneDrive safe to use for your Accounting Practice?

We recently had a query in this regard and, we didn’t want to simply give an off-the-cuff answer or an over-simplified ‘Yes’ or ‘No’. Therefore we decided to do some digging by reading numerous forums, discussion boards and such, in order to understand the real-world problems people are experiencing with OneDrive.

The Out-and-out Good Stuff

  • You get a lot of storage space on the cheap.
  • Microsoft has really good security measures in place, such as triple replication and two-factor authentication. As long as you actually make use of them, and have good security on your end of the line, you probably don’t need to worry too much about hackers breaking in and stealing your company records.
  • Sharing of files with colleagues or external partners is easy, and you can even step things up a notch with real-time collaboration if you also have an Office 365 subscription (which costs extra of course).
  • Yearly or month-to-month subscription. One year is not too long to commit to if you decide to switch to another platform, and month-to-month gives you the flexibility to add or remove users as and when needed.

The Double-edged Swords

  • Synchronisation. While it’s great being able to sync files to not one, but several devices, the problem you now have is your data being exposed on several fronts. In IT we call this ‘an enlarged attack surface’. If just one of those devices gets lost or stolen, you could get docked for a data breach.
  • Sharing, unsharing and de-sync. Although you can share and unshare your files as required, we found several complaints on various forums about files appearing to have been shared or unshared, but not actually being such. Similar problems were reported when desyncing a device – sometimes the files remain on the device (when they shouldn’t), and sometimes desyncing something from the cloud inadvertently deletes it from the device as well, leaving you with no copy of your files. To be fair, most of these complaints sounded like a very old IT term – ‘user error’ – but the fact remains that there seems to be ample room for disaster if you’re not entirely au fait with all the settings.
  • Document censorship. That’s right, Microsoft censors everything you upload, to check for things like copyright violations, hate speech and pornography, but the problems with that are (a) infringement of your privacy and (b) autocratic deletion of your files if they are deemed unfit. On one of the forums mentioned earlier, there was a complaint from a 3D-designer whose entire portfolio was deleted because of the way she had named the files, making the search algorithm think that they were some sort of digital contraband.

Genuine Concerns

Accidental or malicious deletions are harder to prevent and to roll back.
  • Accidental/malicious deletions can happen, and there is not much by way of rollback. If it’s gone it’s gone. There is a recycle bin, but it has a very short retention span, and a malicious user could empty the recycle bin if they really wanted to.
  • Technicalities surrounding GDPR compliance. Although your data is encrypted whilst being sent, it is not encrypted once it is ‘at rest’ – i.e. stored on their server. To be honest though, if someone wanted to lift some of your data, they’d need to know exactly which data centre to break into, which server to attack (out of zillions) and exactly which hard drive(s) to steal – statistically a very small chance.
  • File size limits apply to pretty much all cloud services, but OneDrive is quite small – only 15GB. For the average accounting firm, that’s probably not an issue, but people like engineers, surveyors and 3D developers regularly generate files that are 10-20 times the maximum size, in these cases people will resort to other online mediums that might not be GDPR compliant but can handle the file size(s).
  • In case of dispute, you’ll have to fly to the US if you need to go to court due to data sovereignty. To be fair, there is a very small chance of this ever happening, so it’s probably not worth losing sleep over, but you should be aware that any non-UK-based service would require this.

The Solution

Venom IT has been a Microsoft Partner for many years now, which means we understand their modus operandi rather well.

We’ve come up with two unique suites of solutions that either mitigate or completely remove the above-mentioned issues.

Venom IT’s Agile Office bundle is an excellent alternative to OneDrive and Office 365. In essence, it is a bespoke Microsoft Office premium solution that includes Office, storage, email, antivirus, web filtering and more, with nifty things like:

  • 365-day rollback
  • Collaboration and file access based on user rights (rather than files having manually-assigned sharing rights), which means employees will automatically be either excluded or included on certain file types, with the option to share individual files if needed
  • Agile Office also includes our award-winning, UK-based, free support
  • Optional long-term retention of files for regulatory compliance (max 30 years)
  • Unlimited file size (storage)
  • Fully UK-based
  • GDPR-compliant storage & email
  • No censorship
  • Month-to-month subscription

V-Care is an add-on package designed to augment Office 365, SharePoint and OneDrive. It gives:

  • Protection against accidental/malicious file deletions
  • V-Care also includes our award-winning, UK-based, free support
  • Optional long-term retention of files for regulatory compliance (max 30 years)
  • Unlimited file size (storage)
  • Fully UK-based
  • GDPR-compliant storage
  • No censorship
  • Month-to-month subscription

Now, let’s get back to the original question: Is OneDrive safe to use for your Accounting Practice?

If you’re a smallish practice (e.g. fewer than 10 users) OneDrive could work for you – it’s a great product, especially if it’s been augmented a little.

If, on the other hand, you’re a medium-sized firm, think carefully. A bespoke solution would probably be better for you in the long run anyway, and could cost less than what you think.

If you’re a large firm, then definitely go for a bespoke option that really drills down to what your exact business needs are – no two businesses are the same, and a one-size-fits-all approach doesn’t always work.

Watch out for sneaky contract clauses that enslave you to your Cloud provider almost indefinitely.

In conclusion – whenever you consider any cloud services of any kind – do your due diligence and make sure of what you get and what you don’t get. Watch out for things like loopholes in service contracts, sneaky clauses that enslave you to the same supplier basically forever, and sharp practice like cloud providers trying to take ownership of your data.

Remember, the Cloud can be a tremendous boon to your business, as long as you use it right.

Get in touch with us today to enquire about V-care or any of our Cloud-based services.