Please ensure Javascript is enabled for purposes of website accessibility

Just Because Cloud Companies Pay For a SAS 70 Doesn’t Make It Any Less Legit, Does It?

Confession: not 100% sure on the hype surrounding SaaS, cloud computing, living in the cloud and whatever but apparently it’s the next big thing (if it’s not already) and might make our lives just one notch short of Jetsons flying car awesome.

Ask guys like Geoff, he’ll tell you all about it. I buy it and I don’t even need to use it, have heard amazing things, and have even evangelized it once or twice.

But it’s your data so instead of jumping on the SaaS/Cloud bandwagon without asking what happens to it once you do, it might be wise to check out the SAS 70 certification and the strange relationship that legitimizes it.


Complying with the AICPA lends a certain bit of credibility to vendors who want to show how tight their control systems are so auditors can rely on them, right?

Perhaps not, says Jay Heiser via Gartner in “Analyzing the Risk Dimensions of Cloud and SaaS Computing,” who is concerned by a sense of deja vu between the faulty systems that collapsed throughout the financial crisis and cloud computing. In an extremely risk-adverse environment, a bit of caution is due before jumping head first into the unknown.

Or you can just trust the shiny marketing materials and forget that it’s your data.

Now back to cloud computing and SAS 70. Okay, let me get this straight: So the cloud companies pay accounting firms for SAS 70 certifications just as the financial organizations paid Moody’s for an investment-grade rating?

“Yes, if you see someone who claims to be SAS 70, they have paid an accounting firm. Not only have they paid an accounting firm to go do the test, but they’ve told the accounting firm what processes need to be tested,” Heiser says.

And that’s different from an audit client paying an auditor how?

In a financial crisis corollary, Big 4 opinions are fetching less these days than they used to. Cloud computing marketers don’t really get what they are pushing but cloud provider clients certainly should understand what this means for the shift to life in the cloud.

Better start updating those marketing materials.

How Cloud Computing Security Resembles the Financial Meltdown [Datamation]

Confession: not 100% sure on the hype surrounding SaaS, cloud computing, living in the cloud and whatever but apparently it’s the next big thing (if it’s not already) and might make our lives just one notch short of Jetsons flying car awesome.

Ask guys like Geoff, he’ll tell you all about it. I buy it and I don’t even need to use it, have heard amazing things, and have even evangelized it once or twice.

But it’s your data so instead of jumping on the SaaS/Cloud bandwagon without asking what happens to it once you do, it might be wise to check out the SAS 70 certification and the strange relationship that legitimizes it.


Complying with the AICPA lends a certain bit of credibility to vendors who want to show how tight their control systems are so auditors can rely on them, right?

Perhaps not, says Jay Heiser via Gartner in “Analyzing the Risk Dimensions of Cloud and SaaS Computing,” who is concerned by a sense of deja vu between the faulty systems that collapsed throughout the financial crisis and cloud computing. In an extremely risk-adverse environment, a bit of caution is due before jumping head first into the unknown.

Or you can just trust the shiny marketing materials and forget that it’s your data.

Now back to cloud computing and SAS 70. Okay, let me get this straight: So the cloud companies pay accounting firms for SAS 70 certifications just as the financial organizations paid Moody’s for an investment-grade rating?

“Yes, if you see someone who claims to be SAS 70, they have paid an accounting firm. Not only have they paid an accounting firm to go do the test, but they’ve told the accounting firm what processes need to be tested,” Heiser says.

And that’s different from an audit client paying an auditor how?

In a financial crisis corollary, Big 4 opinions are fetching less these days than they used to. Cloud computing marketers don’t really get what they are pushing but cloud provider clients certainly should understand what this means for the shift to life in the cloud.

Better start updating those marketing materials.

How Cloud Computing Security Resembles the Financial Meltdown [Datamation]

Latest Accounting Jobs--Apply Now:

Have something to add to this story? Give us a shout by email, Twitter, or text/call the tipline at 202-505-8885. As always, all tips are anonymous.

Related articles

sketch of a robot among business people to signify AI replacing workers

PwC Chief Products & Technology Officer Says Not to Worry, They Don’t Want to Replace You With AI

A couple days ago, NYT published a piece asking an important question: Who will protect the workers losing their jobs to AI? The article references a May 16 senate subcommittee hearing chaired by Senator Richard Blumenthal at which OpenAI’s Sam Altman is told Mr. Blumenthal’s greatest nightmare is AI causing massive job loss. “There will […]

man holding a phone speaking to a chatbot

ChatGPT Can Pass the CPA Exam But Here’s What It Can’t Do (Yet)

If the headlines are to be believed, humanity is mere months away from being enslaved by artificial intelligence or, at the very least, being permanently unemployed (cue sounds of the Going Concern audience celebrating here). You may have seen clickbait articles about entire marketing departments being turfed in favor of ChatGPT (we never liked the […]