Organizations considering moves to cloud-based services often debate the relative merits of benefits such as added efficiency, speed, and scalability. But the most valued, a survey confirms, is security. This value is certainly recognized among those who oversee employee reimbursement, who have legal, visibility and even HIPAA challenges to consider when choosing an employee reimbursement solution.
Some 300 organizations, each with more than 100 employees, responded to the survey on cloud providers that revealed the value those groups place on security. It was mentioned as the cloud’s primary benefit by 22 percent of respondents, more than mentioned efficiency (15%), data space (12%), speed and scalability (each 9%).
“Most cloud service providers have a number of security features (stringent access controls including keycards and biometric scanning, 24/7 video surveillance, world-class encryption and other cybersecurity practices) that your business likely doesn’t have,” analyst Alex Miller wrote in an article detailing the survey results. “By using the cloud, you’ll be accessing equipment that’s far better than anything you could afford on your own.”
Improved security obtained through a third party leaves resources free to pursue other, higher-value tasks, such as improving efficiency through automation (which resolves the legal issues inherent in manual processing) and extracting needed information from travel and expense data to improve visibility into expense trends.
HIPAA and employee reimbursement
The IRS standard rates for mileage driven for business purposes are familiar to most people. But there are also rates for miles driven in the service of charitable organizations and miles driven for medical and moving purposes.
This means a mileage reimbursement solution likely will contain information covered by HIPAA, the sweeping Health Insurance Portability and Accountability Act. So, look for software dedicated to maintaining levels of security and compliance that meet or exceed those stringent standards.
CompanyMileage security and compliance
At CompanyMileage, a three-tiered system ensures the highest levels of security. Those measures include:
Data encryption using split knowledge, dual-control passwords; table-level encryption; password rotation management; log file encryption; and privileged user (root) protection. There is compliance with PCI DSS, HIPAA, HITECH, FISMA and other regulatory guidelines for encryption of data at rest as well as PCI certification and secure offsite key management.
Secure facilities and equipment. The primary servers are located at Rackspace’s Chicago data center facility, which has 24/7 management and monitoring. Synchronized servers are located at Softlayer’s San Jose, Calif., data center, which also offers 24/7 management and monitoring. The data centers are SSAE 16/ISAE 320 certified; and backups are daily. Secure servers running RedHat Linux are maintained and serviced daily with any security patches. Firewalls are in place to prevent unauthorized access to the system.
Privacy policies. Client address books can be segregated by individual user, department or division. Client names can be suppressed on physical reports generated by users. CompanyMileage data systems are securely stored and accessible only by authorized company officials.
Security has real value. Achieving it takes experts who can deliver it now and then adapt to the new challenges that will certainly come.