If you haven’t already, you must review the previous lesson on security. If you don’t, you will have no context for what I am about to explain.
Coral Tree, the makers of Qbox, in and of themselves do not have any SOC certifications.
Here is their page with information on security:
You have to scroll down to the bottom, and you have to pay attention.
Coral Tree references an SOC 1 certification, but it’s not theirs. It’s Amazon’s. They use Amazon Web Services (AWS). This is where your data is going, and the SOC 1 certification attests to the security of financial information. This is appropriate, since most of you are going to use this for QuickBooks Desktop company files. All good there.
What we don’t have assurances about, is the security of user data. For that we need SOC 2 or SOC 3, and that would have to be done at Coral Tree, because that’s who’s handling the user data on your account. Even if Amazon had it, it would not protect YOU unless you are a customer of Amazon’s.
Coral Tree does reference AES-256 Encryption used by financial institutions. If you search Google for “AES-256 Encryption Security” you will see a lot of results. All of them point to this level of encryption being among the very top. I saw at least one reference to the fact that this is the level of encryption the government uses to protect “classified” information.
You have to do your own research, and always check your sources. You want to make sure that your sources are not biased, and I don’t trust Wikipedia, because anyone can submit information there.
I am not here to tell you what to do. I am here to give you the facts. Do your research, set your standards, and vet your applications for security accordingly.