The Right Question About Tally Cloud Security
The question "is Tally on Cloud secure?" cannot be answered with a simple yes or no, because the security of a Tally cloud setup depends entirely on the specific technical configuration — not on the fact of being "in the cloud." A Tally cloud server with no firewall IP restriction, running unpatched Windows, with no off-site backup, is dramatically less secure than a well-managed local server. A Tally cloud server with IP-whitelisted access, daily off-site backups, managed patching, and encrypted connections is dramatically more secure than the typical Indian SME's local Tally setup.
This analysis covers every security control that matters for a Tally cloud deployment — what it protects against, how it works technically, and what to look for when evaluating a provider.
Threat Model — What Indian Businesses Actually Face
| Threat | Frequency for Indian SMEs | Primary Defence |
|---|---|---|
| Hard drive failure on local server | Very High — HDDs fail 1–4%/year | Off-site backup |
| Accidental file deletion | High — especially multi-user environments | Point-in-time backup restoration |
| Power surge / data corruption | High — Indian power quality issues | Data centre UPS + stabilised power |
| Automated brute-force on RDP | High — all internet-facing Windows servers | IP-whitelisting firewall |
| Ransomware via phishing | Moderate and increasing | Backup + no data on local devices + patching |
| Insider data theft (staff) | Moderate | Access control + audit logs |
| Sophisticated targeted attack | Low for SMEs | Multi-layer controls |
The highest-frequency threats for Indian SMEs are hardware failure, accidental deletion, power damage, and automated internet attacks. A security configuration that addresses these four well serves the vast majority of Indian SME security requirements.
Control 1 — IP-Whitelisting Firewall
An internet-facing Windows Server that accepts Remote Desktop connections from any IP address receives an estimated 3,000 to 15,000 automated connection attempts per day from bots scanning the internet for exploitable servers. IP-whitelisting eliminates this threat category entirely.
The firewall is configured to permit RDP connections only from a specific list of authorised IP addresses — your office connection, each team member's home broadband, any authorised branch office. Every other IP address — including every automated bot — is dropped at the network level before the connection reaches Windows.
If a Tally cloud provider does not offer IP-whitelisting or offers it as an optional paid extra, this is a critical security red flag. Ask specifically: "Is RDP access IP-whitelisted to authorised IPs only, and is this included in the plan?" M A Global Network configures this as standard on every plan.
Control 2 — Data Encryption in Transit
Remote Desktop Protocol uses TLS (Transport Layer Security) encryption for all data transmitted between your device and the server. The screen images, keyboard inputs, and mouse movements that travel between your device and the Tally server are encrypted — an interceptor on the network path cannot reconstruct what is displayed or entered. M A Global Network configures TLS enforcement on all hosted servers — connections that cannot establish an encrypted channel are rejected.
Control 3 — Daily Off-Site Backup With Monitored Completion
The key details that separate effective from inadequate backup:
- Off-site storage: Backup data stored on separate infrastructure from the primary server. A backup on the same physical server that fails does not help.
- Daily frequency: Daily backups limit maximum data loss to approximately one day's work in a worst-case scenario.
- 7-day retention: The ability to restore from any point in the past 7 days means accidental deletions — often discovered days or weeks after they occur — are recoverable.
- Monitored completion: A backup job that schedules but fails silently provides no protection. Backup completion is actively monitored — failures trigger an alert. This is not universal among hosting providers and should be explicitly confirmed.
Control 4 — OS Security Patching
Unpatched Windows systems are among the most common initial access points in ransomware and data breach incidents. Microsoft releases security patches monthly and occasional emergency patches for critical vulnerabilities. Each unpatched vulnerability is a potential entry point for attackers who specifically target unpatched systems.
On a managed cloud server, patching is handled by the provider on a scheduled basis. M A Global Network applies Windows security updates regularly to all hosted servers, outside business hours to minimise disruption.
Control 5 — No Financial Data on End-User Devices
A frequently underestimated security advantage of cloud RDP hosting: no Tally data ever exists on any end-user device. Because Tally runs on the server and only the screen image travels to the user's device, a staff member's laptop contains no actual Tally database files. If a staff member's laptop is stolen, infected with malware, or lost, the Tally database is completely unaffected.
This contrasts sharply with the common practice of staff copying Tally data files to personal laptops for home working — an arrangement that creates an unmanaged copy of your financial data outside any security perimeter.
Cloud vs Local Server — Security Comparison
| Security Control | M A Global Network Cloud | Typical Local Office Server |
|---|---|---|
| Firewall IP restriction | Network-level IP whitelisting | Usually no firewall restriction on RDP |
| Off-site backup | Daily, geographically separate, monitored | Usually external HDD in same office |
| OS security patching | Managed, regular schedule | Frequently deferred |
| Data on end-user devices | Zero — data stays on server | Staff often copy files to personal devices |
| Physical server access | Data centre — restricted physical access | Office — accessible to anyone in building |
| Power protection | Data centre UPS + generator | Office UPS only — insufficient for extended cuts |
| Hardware failure recovery | Data centre hardware + off-site backup | Replace hardware + restore from backup (if it exists) |
Frequently Asked Questions — Tally Cloud Security
If a staff member's Windows credentials are stolen or guessed, an attacker would need to connect from an authorised IP address to access the server — the IP-whitelisting firewall blocks all other connection attempts regardless of valid credentials. This is why IP whitelisting is the most impactful single security control: it means stolen credentials alone are insufficient to gain access. M A Global Network also recommends strong password policies and, where possible, two-factor authentication for Windows user accounts, which can be configured on request.
M A Global Network's technical staff have administrative access to the Windows Server for maintenance, patching, backup management, and support. Your Tally data files are on the server's storage. Your Tally data is additionally protected by Tally's own security — company-level passwords and user access controls. For sensitive client environments, enabling Tally's company-level security so that accessing company data requires Tally-level credentials is recommended.
There is no specific regulatory requirement about where Tally must run — GST compliance relates to the accuracy of accounting records, not the infrastructure on which the software operates. Tally on Cloud generates the same GST-compliant reports, supports the same e-invoice integration, and maintains the same audit-ready record structure as a locally-installed Tally. M A Global Network's servers are located in India — relevant to broader data governance considerations.
Tally Hosting With Security Built In — Not Bolted On
IP-whitelisting · Daily off-site backups · Managed patching · Encrypted RDP · No data on end-user devices. All included at ₹700/user/month.
Ready to get started?
Fully managed cloud hosting, 99.9% uptime, NVMe SSD, 24/7 support.
Trusted by 1000+ Indian businesses — based in Indore, MP.