Thoughts on Xero

, posted: 16-May-2009 18:39

There has been much hype lately about Xero (http://www.xero.com/)

Now, while I don't like to kick sand at any start up, least of all one from New Zealand, I do have to ask..

  "Am I the only one here who sees a problem with entrusting your business' accounting information to a web service?"

there are just so many issues I can see with doing this, not the least of which is what happens if this startup decides to close, taking all your accounting information with it. 

There is no "offline xero" as far as I can see, so if Xero closed it's doors, you are just basicaly out of luck and have to start re-entering your data.

Or if the Xero server should get hacked, don't say "it can never happen", because dollars to donuts it could, the larger Xero becomes, the larger a target it becomes, accounting information would be certainly pretty enticing to neer-do-wells I expect!

Or if the Xero servers should have some brutal failure, what assurances are there that backups are taken properly, at least if you run your own accounts system, you have control over backups, you know they are being taken and are safe.

At least until there is a disconnected offline Xero, there is no way I would even consider moving from the desktop system I use (Quickbooks Pro).

Do you use Xero?  What are your thoughts?



Other related posts:
Xero vs. Quickbooks, from a Quickbooks User
Vodafone Website Failure Fails
CSS namespacing, somebody tell me what I'm doing wrong.




Permalink to Thoughts on Xero | Add a comment (16 comments) | Main Index




Comment by Glen Barnes, on 16-May-2009 19:56

Yep - I use xero for my company and for personal use as well. I've made some notes against your issues below:

>> There is no "offline xero" as far as I can see, so if Xero closed it's doors, you are just basicaly out of luck and have to start re-entering your data.

You can export all of your data to a local backup copy which can then be imported into another system.

>> Or if the Xero server should get hacked, don't say "it can never happen", because dollars to donuts it could, the larger Xero becomes, the larger a target it becomes, accounting information would be certainly pretty enticing to neer-do-wells I expect!

I trust Xero's network team far more than I would some generic IT support person who comes and fixes computers at SME's

>> Or if the Xero servers should have some brutal failure, what assurances are there that backups are taken properly, at least if you run your own accounts system, you have control over backups, you know they are being taken and are safe.

How many small businesses actually take regular daily backups and keep them offsite? How many take any backups at all? We all mean to but not many of us actually do. It is far more likely to be backed up properly with Xero than on most SME's machines. The chance of theft from a small business is far higher than from a company where one of their main aims is data security.

>> At least until there is a disconnected offline Xero, there is no way I would even consider moving from the desktop system I use (Quickbooks Pro).

To bad as Xero rocks. It saves heaps of time and is a rock solid product. I trust Xero far more than I trust MYOB and a local PC based software install.


Author's note by sleemanj, on 16-May-2009 20:20

>> You can export all of your data to a local backup copy which can then be imported into another system.

But is that "in theory you can import to another system" or "you can import this data directly into system XXX"?  It's all very well if Xero provides an export of the data, but the facility needs to be there to import that data into existing accounting systems.


Comment by stuartm, on 16-May-2009 21:58

You're right to approach web-based apps with some caution, as there is a huge amount of trust involved with inputting your accounting data on to someone else's servers that you have no control over. However, I have far more trust in Xero than I do with a locally installed desktop app. Desktops suffer from far more security breaches and data losses than a web-based system that is constantly audited for security and stability issues. Read these notes : http://www.xero.com/security/ and see how your desktop security stacks up against Xero's. I'm not saying that Xero are immune to hacks or security breaches, but they are a hell of a lot more secure than your average desktop pc.


Comment by Glen Barnes, on 17-May-2009 10:16

>> But is that "in theory you can import to another system" or "you can import this data directly into system XXX"? It's all very well if Xero provides an export of the data, but the facility needs to be there to import that data into existing accounting systems.



Yep - CSV and MYOB format and they will support any industry standards as they evolve such as financial XML formats. This would be the same issue you would have if you had desktop software as well.


Author's note by sleemanj, on 17-May-2009 13:54

>> This would be the same issue you would have if you had desktop software as well.

Not really, once you have desktop software, you have it for, well, ever.  There is no need to export into another system. 

If you really wanted to change systems, then just archive the accounts so you can refer to them, transfer the open transactions and new opening balances, and go from there.  Naturally, best to do it at the balance date.

I've done this twice over the last decade, I can still fire up the "old" accounts in those "old" systems and check or report if necessary.


Comment by kris, on 17-May-2009 22:33

I've trialled xero for 30 days. After the trial, I was not able to go into the company i created to export the data. The only option was to pay and get access to export your data. So I sent an email to xero support for them to export the data and send it to me. Its been over 1 month now I don't have my data that I created to test for a month. Very disappointed with them.

So a caution to all xero users.


Comment by Scott McKenzie, on 18-May-2009 09:02

Playing devil's advocate...

An offline version? Not bad. Until your home PC gets hacked. Don't say "it can never happen".

Xero's backup strategy is probably second to very few simply because of the nature of the data it is collecting. I would be surprised if many home users have a strategy let alone a strategy to compete with Xero. Andf f you're own stattegy fails? What then? Don't say "it can never happen".

If Xero were to close its doors it wont happen overnight. There will be time to collect your data and you can probably get it in a format so you can load it into another system. Personally, I don't see this happening.


Comment by Cecil Chen, on 18-May-2009 10:01

Yes, all your concerns about the data safety on a service provider's web server are always valid in all circumstance. But let's think out of the box and take a look at the company office. A business office is usually sitting in a commercial building where these buildings may be managed by a building management company and guarded by a security company. The management and security company as a service provider are holding this building's keys and they can actually getting into the building whenever they like. Now you can see what the risk is. Any single item in the office including your accounting data (either on a local machine or paper) can be possibly stolen by these people if they become nasty. And what if the company office building is on fire and get burned down. Would you think that putting the important data online would become rather advantage in terms of prevent data lost from unexpected disaster?


My point of view here is that putting your accounting data online is just like putting all your company stuff in a office building. It is all about the trust. Of cause Xero is a young company and it may not deserve a greater trust then a good build security company. But if the company does provide a great service to the small business, I guess trust can be built up.


Comment by Elspeth McMillan, on 18-May-2009 11:00

Hi Kris,

I am sorry that our attempts to resolve this for you have not been to your satisfaction. We will be in contact today to sort this for you. - Xero Customer Care Team Leader


Comment by Adam, on 18-May-2009 20:10

The level of care Xero's taken on it's security is; 100% guaranteed; more than you would have thought about your installed MYOB/Sage/Whatever instances security, sitting on boxes at the office.

Outside security professionals audit the code, procedures, and all aspects of security, on a regular basis at great expense.

So the level of effort required to steal your financial data from your work PC's hard drive is far easier; throw a brick through a window, jimmy a lock, and unplug a couple of cables and you're away.


Author's note by sleemanj, on 18-May-2009 21:11

> So the level of effort required to steal your financial data from your work PC's hard drive is far easier

But, similarly, the level of reward for somebody doing that is far less than somebody getting into Xero, this will make Xero a big target because the potential for use of such information is great. 

Whilst Joe the Cobbler's PC running Quickbooks isn't a very rewarding target at all - on it's own.

I think it would be fair to say that criminals who want financial information, have got a few more clues than your average opportunist, and the risk:reward ratio is something that they would certainly consider.


Comment by Adam, on 19-May-2009 00:15

> But, similarly, the level of reward for somebody doing that is far less than somebody getting into Xero, this will make Xero a big target because the potential for use of such information is great.

That's like saying Fort Knox is more at risk than your wallet while strolling around Barcelona on a sunny afternoon.

It's not risk/reward ... it's effort/reward.


Comment by Bert, on 21-May-2009 20:37

Xero is far from the only online accounting solution. The fact is some of these will go broke - taking their customers with them.

Over time, say the next 5-10 years, some of them will become well respected and trusted names. I hope Xero is one of them. But I won't be putting my businesses financial information in Xero, until this "battle" has sort itself out.


Comment by Valvert Thompson, on 29-May-2009 03:35

We've been using Xero almost 2 years, kind of "illegally" when Xero was for NZ customers only, but now the global version's online we're slowly making the tedious switch over. I'm willing to bet our company was the 1st American-Chinese based company using the service? All in all, we are extremely pleased w/ the security, the timely upgrades, and personal care level Xero provides!



My dream? if Xero could team up w/ the likes of salesforce.com or 800app.com (both leading CRMs), so our sales team (and myself) can seamlessly work across applications w/o browser jumping.



We're looking forward to growing our business with Xero. We would pay double the price we are currently paying- Xero's that good!





Valvert R. Thompson

Sales Manager ww.egpromotional.com Business Development www.reunionbasics.com


Comment by Carrick Hill, on 17-Jun-2009 16:26

Well I use MYOB to run my business accounts and I get in trouble because I run this business from home and subsequently my business accounts are at home and guess what? I never get around to updating them till EOM.



So I would one day like to use an online system so I can do anywhere. One thing I have to agree with is Id like to see how the security and backup issues get resolved... I notice the interface is very much like Google Analytics. Anyone tried that great bit work? I'd be very unsurprised if thats where this product ends up...



In that case I would have no problem relying on Google as a double backup for my accounts data.


Comment by John Sheridan, on 27-Aug-2009 19:04

James

You are quite right with your concerns. Anything mission critical needs to live in house. And be backed up and stored safely somewhere else - regularly.

More businesses are doing this today than ever before. And it only takes one screw up for people to take backup seriously - a bit like it used to be for viruses "I'll never get a virus" - Oh yeah?

SaaS has many hurdles to overcome and will never become universal - control of destiny is a huge issue for SME as well as big business. That doesn't mean to say that it won't become a valid part of what's on offer. It will. But mainly for non mission critical activities.

And for some businesses accounting may well be non mission critical and Xero will suit. It won't matter if somebody gained access to their accounts.

But 50%-70% of any business population - are risk averse and worry a lot.

So adoption will be slow...and rely on solid proof of reliability and risk minimisation (can never be 100%) - and it only takes one horror story of a denial of service attack on a Telstra server like the recent story of the attack on the online betting business in Alice Springs that Telstra could do nothing about, or yet another young hacker stealing hundreds of thousands of credit card account details for us all to think again and postpone action on SaaS.

That's the trouble. One mistake and it takes a long time to forgive and forget.

Xero may well have to review their business plans and include a boxed set as part of their expanded offering if they want to take the world by storm.

Good luck to them...but your concerns are all still very real and nobody posting so far has actually addressed them.


Add a comment

Please note: comments that are inappropriate or promotional in nature will be deleted. E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.

Are you a registered Geekzone user? Login to have the fields below automatically filled in for you and to enable links in comments. If you have (or qualify to have) a Geekzone Blog then your comment will be automatically confirmed and placed in the moderation queue for the blog owner's approval.

Your name:

Your e-mail:

Your webpage:

sleemanj's profile

James Sleeman
Christchurch
New Zealand


PHP Programmer Extraordinaire

All views expressed are held by the poster, not necessarily any person or organisation associated therewith.