During the MOMENTUM conference two weeks ago, I was posed with an excellent question regarding my opinion on the security of accounting data stored on a foreign file server. I probably should have been a little more prepared for this question as it is an understandable concern of some individuals. My initial response was that as far as I knew Xeroâ€™s data was stored with Amazon and as far as I knew it was safe. I admit, my response was a little weak, but I decided to reach out to my account manager, a peer and do some of my own research.
Xero is very serious about data security. Their data is hosted in Amazon Web Services (AWS) data centers and data is stored in the United States. Xero has architected their platform across multiple data centers for disaster recovery purposes. This means that if something were to happen to one data center there is a backup stored in another data center. As well, AWS provides adequate protections that have been approved by the European Union which have very strict data policies. Their software is fully encrypted, and security is on par with the top banks. Xeroâ€™s backups are also happening in real-time. Another point of note is that if someone were to cancel their Xero subscription, their data is stored with Xero for 7 years.
How do I protect my clientâ€™s Xero data from being accessed by someone else? I use dual authentication. This means that when I log into Xero I first type in a strong password with at least one special character, one numeric character, one lowercase and one uppercase letter. In addition to the password I have an authentication application on my smartphone that generates a random password that changes every 30 seconds that also needs to be inputted. Therefore, the odds of someone unauthorized accessing my client data stored via Xero is slim to none.
I also like to recommend to my clients that a backup of their data is also saved and stored on their local computer especially if they ever decide to unsubscribe from Xero.
Want to know more?