Last time, I talked about where our firm was (from a software and IT perspective) when we decided to make the switch to the cloud. Today, we begin to turn our sights on how we evaluated the hosted (cloud-based) offerings in the market in a number of different metrics. Specifically we will look at the general Data Security considerations and conclusions I made when we decided to move to the cloud.
Before we begin, I would be remiss if I failed to point out that we were lucky enough to be the first state in the country whose State Bar issued and eventually adopted an ethics opinion on cloud computing for law firms. You can read this opinion here. Even if you don’t live in NC or if your state has yet to adopt an ethics opinion on cloud computing, this opinion might provide some value to you in assessing the ethical implications of this rapidly growing technology.
Security Considerations should be obvious. Attorneys have a fiduciary obligation to protect our client’s confidential data and property from the risk of disclosure or loss. It is important to remember that privilege is not lost if client files are stolen. Your client may suffer other harm, but the attorney-client privilege remains intact. Much has been said about the relative merits and security of various cloud solutions for document storage and practice management. The specifics of any one provider’s security policies and procedures are beyond the scope of this post. If you are considering a specific hosted provider, read their terms of service and other related couemtns carefully. If you have questions, call their support number. Ask them to email you an answer if you don’t think something is obvious from the generally availability information.
In general, there is tons of information available through a simple Google Search, much of it specific to your data security considerations as a lawyer.
After doing my homework on the issue, I believe that the following assumptions are generally true when considering cloud security:
1. The evidence is pretty clear that data is safer in the cloud than it is in your computer. Google executives, among others, have argued that point before . See also Anonymous hacking law firms in particular and law firm hackers in general. Note that the Anonymous attack was on a firm’s server, not one in the cloud.
2. In all reality, our clients’ data is already exposed to a number of different electronic risks on a daily basis through the ubiquitous use of unencrypted email and copiers.
3. Client data is at risk even if it only exists in hard copy and never leaves your office. Natural disasters and cleaning crews come to mind off the top of my head.
Regardless of what you think about Donald Rumsfeld, he fairly eloquently summed up my takeaway from these security considerations in February 2002.
There are any number of potential issues related to client data security of which I am aware and have (at least some) understanding. There are some data security issues which I know I don’t know anything or enough about, but I can find answers if I know who to ask or where to look. The really scary security issues, though, are the ones to which I am totally and utterly ignorant.
So, for the same reason that I don’t take tax advice from my landscaper or ask my CPA to cut my lawn, I decided that it would be wise to turn to those who specialize in data storage, retrieval and security if I ever really wanted to sleep well at night. I wanted to turn my data over to people whose full time job is maintain data continuity and security, provided that I believed that that could satisfy the confidentiality requirements that we have for client data. I studied individual privacy policies and terms of service and narrowed the list down based on security considerations and then moved on to our firm’s other needs in a cloud provider.
Next time, we will turn to other service and technological issues I identified as important to us before choosing providers and deciding to make the move.
(Image via: http://venturebeat.files.wordpress.com/2012/01/ss-cloud-security-lock.jpg?w=558&h=9999&crop=0)
