White paper

More Security, More Control: How the Cloud Beats On-Premise Tax Tech


The benefits of cloud computing are too great to ignore— particularly for the indirect tax departments of mid-sized to large companies.

Cloud solutions eliminate the burden of system administration and maintenance so management can focus on value-added activities. They remove the need for IT teams to manage implementations that are tough to forecast from a resourcing perspective. They reduce costs significantly while providing better service, more agility and greater security.

Companies receive a high level of expertise and near-certain uptime when they select a tax technology platform that also operates best-in-class data centers. Reliability and scalability are key. In-house IT teams can rest easy knowing they won’t be pulled off their projects because something suddenly happened to a server rack in a warehouse.

The cloud is designed to always be online and to never lose data. This makes it well-suited for indirect tax because those taxes must be calculated, retained and collected on a transaction-by-transaction basis. A company can only properly conduct business if the platform it uses for indirect tax is always on and can move at the speed those transactions occur. Indirect tax software has a real-world impact on the experience a company delivers to customers.

Moving indirect tax into the cloud can therefore support the indirect tax department’s growing jurisdictional needs by alleviating pressure on IT, reducing enterprise technology costs, scaling and encouraging a positive customer experience.


Cloud computing is the dominant form of IT infrastructure for companies everywhere. Ninety-five percent of respondents to Right Scale’s 2016 State of the Cloud survey said they use the cloud, and the data indicates that more companies are now fully invested in the many benefits of both public and private clouds.

IT departments at large companies use cloud computing to lower enterprise technology costs, better manage workflow by integrating into ERP solutions and improve organizational efficiencies. Smaller businesses use cloud computing for these reasons, as well as to gain access to the IT expertise and capabilities of indirect tax platform providers— particularly those that own the data centers in question.


The data centers that cloud providers use can vary significantly in their technical specifications, security profile and levels of service.

Some common features that high-quality data centers offer include multiple locations, fully redundant sub-systems, compartmentalized security zones, biometric controls, geographically separate mirror sites, disaster recovery capabilities and extremely low latency. These features maximize both security and uptime.

Tax departments have generally been hesitant to ask for cloud-based tax technology platforms, and IT departments have generally been reluctant to add yet another implementation to their ever-growing docket of responsibilities. Tax departments do not frequently elevate requests for IT budgets. The challenge isn’t complacency. The challenge is that the two business units are either unfamiliar with each other, have different objectives or see different challenges. They’re somewhat unaligned on securing the technological tools and solidifying the technological process that tax needs.

The benefits of cloud computing for tax are real. It reduces costs, fuels better resource management and has the flexibility to improve workflow throughout the organization. Drawbacks are scarce. For organizations that are now moving toward a more technology-oriented approach to tax, using cloud computing is the obvious choice. For organizations that are already using tax technology, one would be challenged to find a reason not to move those platforms into the cloud.

Despite the fact that virtually all enterprises use cloud computing for some element of their IT, there have been barriers that prevented tax departments from leveraging the full benefit of the cloud to the extent that they should. These barriers no longer exist.


In the past, there were legitimate concerns about performance and security when switching to the cloud. IT departments were therefore hesitant to host systems in the cloud that simply had to work all of the time or that were bound by regulation to certain security standards. For tax, cloud platforms were thought of as potentially risky to implement.

However, in today’s computing environment, cloud computing is the most secure option that companies have.

Applications are constantly being updated with fixes for previously unseen vulnerabilities, called zero-days. New vulnerabilities are discovered all the time because even the most well-written, secure code needs to communicate with poorly written, insecure code. The weak links in a network create vulnerabilities and the potential for security breaches.

On-premise installations require corporate IT teams to install the patch. In reality, this does not always happen immediately because IT teams tend to be tasked with multiple projects at once. But with cloud systems, those patches are made the moment they’re made available by the vendor because ensuring a stable, secure computing environment is the cloud provider’s only essential duty to its customers.

The cloud can also monitor the ebbs and flows of network traffic, looking for suspicious activity. This intrusion detection activity can potentially spot nefarious traffic before a vulnerability has even been flagged by the vendor.

The bottom line is that, while the cost of mitigating all known attack vectors is too great for corporate IT, that is exactly what the cloud is for. Distributing the cost of security across many users so that it is affordable is an element of the cloud’s business model.

Other developments, such as faster networks, better infrastructure, more secure encryption, new security standards and certifications, and new data architecture standards, have worked together to turn cloud computing from a question mark into a necessity for IT departments. And sales, use and value-added tax data is not proprietary, a fact that makes indirect tax a perfect foray into the cloud for tax departments.


Cloud-delivered software is essentially subscribing to software services delivered via the Internet without the need to install it in your data center. It’s not a new concept; companies have been renting IT services for decades, hosting software and using services like

Cloud software can be either hosted by the company itself or through a third-party cloud provider.

Using third-party cloud providers is similar to white-labeling: the cloud provider uses third-party infrastructure, such as Amazon Web Services, for the cloud offering it provides to clients. The depth and breadth of a third-party cloud provider can be leveraged by a cloud software provider to accelerate bringing their software to market and focus their investment on adding features their customers want.

Cloud software has two basic architectures: multi-tenant cloud and private cloud. Multi-tenant architecture has one software application serving multiple users, or tenants, while private cloud architecture is dedicated software installed on dedicated hardware for a single organization.

Regulations regarding how indirect tax teams should use cloud systems vary from country to country, state to state and even city to city. Some jurisdictions have complex legal and regulatory requirements regarding how transaction data is collected and retained. They can even go so far as to stipulate where the data center in question is located.

Regardless, having options regarding cloud architecture is crucial, and Thomson Reuters ONESOURCE™ offers both architectures and has data centers located strategically around the world.


Cloud computing is a broad term that refers to an assortment of different services made available by a connected network of remote servers that store, manage and process data. Cloud computing is often referred to in terms of its “stack”— the various services that, stacked together, compose a bespoke solution.

  • Software as a service (SaaS): Software that is deployed over the Internet. SaaS applications offer convenience and accessibility because they can be operated from any device with a data connection.
  • Platform as a service (PaaS): Hardware and software tools commonly used for application development made available on demand to software engineers and developers. This makes it easier and quicker to get web services and databases to “talk” to each other, or to create multiple applications that feature a consistent structure to the data.
  • Infrastructure as a service (IaaS): The hardware and software that deliver servers, storage and network capacity as an on-demand service. The multi-tenant cloud architecture is an example of infrastructure as a service, and private clouds have some IaaS elements.

To sum it up, SaaS applications are for end users, PaaS applications are for developers, and IaaS applications are the hardware and software that power it all.


Network latency, the amount of time it takes for an application to do what the user asks it to do, is an important measurement for tax departments. Keeping it low is imperative when managing real-time data. The latency can slow down ecommerce applications, causing prospective customers to leave the site and decreasing visits from return customers.

Ecommerce applications need to make near-instantaneous calculations of sales tax in order to show the customer the proper price point. High latency is often the difference between a happy customer and a frustrated customer. For example, think about when website traffic is high, such as the Monday after the Thanksgiving holiday, or for complex applications that aggregate many different offers to find the best price.

Latency illustrates how the functionality of tax technology reverberates through the enterprise. The right approach to indirect tax can ensure a customer never clicks “Close Tab” because, for example, the website can’t figure out how much their movie tickets are.

Not all cloud platforms are created equally; the cloud does not automatically keep latency low. Because so much traffic runs through the cloud, it is a massively complex web of servers, virtual machines and network devices. Virtualized machines and network infrastructure can create latency even before data leaves the server on its rack if it isn’t correctly set up and managed. Both the infrastructure and hardware need to be tuned to ensure the best performance.


A true test of latency is when the actual service is tested for performance. Important points to consider are:

  • A “Ping Test” is not a true test of performance. Some providers may offer a ping test, but it uses the ICMP protocol, which will skew results.
  • Geography may impact latency. Sometimes the impact is acceptable. In testing performance for tax calls from the United Kingdom to the U.S., one tax provider saw only a 70ms increase in latency compared to a domestic US test.
  • Duration of the test is important. A single test of the service doesn’t show how the service will perform over time. Performance test results should include the overall duration of the test.
  • It is important that the performance test reflect real-world performance. A provider should detail if the test was done against the actual production service or if it was theoretical testing where a dedicated testing system was used.


Cloud technology has hit a tipping point for businesses of all sizes, and tax can and should use the cloud to improve processes and lower costs while maintaining a positive experience for the cloud user’s customer base.

Tax professionals should use this valuable guide to talk with IT about the many benefits of bringing tax technology into the modern computing era, which heavily leverages the cloud for business processes.

Indirect tax software solutions

Take control over your company's tax strategies and confidently manage global sales and use taxes, VAT, and GST — no matter where in the world you do business.