Experts Offer Tips for Safe Flying in the Cloud
Cloud computing—the act of using software and storing data on the Internet versus a private computer—is an innovation of exploding popularity, and why not? It can boost efficiency, improve work product and cut costs at firms large and small.
However, uncertainty about the ethical responsibilities of client confidentiality and privilege makes many lawyers hesitant to fully embrace the cloud for their computing needs. The silence from ethics committees on the topic and vague guidelines issued by state bars add confusion, not to mention the rise of global hackers seeking to infiltrate the outdated security measures at many U.S. firms.
While some await the cyber equivalent of a Deep Horizon breach, ABA Techshow presenters Brett Burney, Sharon Nelson and Dan Siegel offered plenty of tips, precautions and advice to keep client data safe at a Tuesday session that discussed the ethical breaks in the cloud-based services.
“Lawyers have an ethical duty to … be knowledgeable about how providers will handle data entrusted to them,” Burney says. While a strict guarantee of invulnerability is impossible, Burney and his co-presenters encourage lawyers to treat cloud providers in the same manner as other legal outsourcers–investigate their security measures, policies and methods. A few of the most important questions to ask include:
How often is data backed up by the provider?
Is data stored in multiple data centers that are geographically dispersed?
What security measures are implemented at the data centers?
Has there been an audit of the provider’s security conducted by a trusted third party?
Does the service level agreement clearly state who owns the data?
If cloud data is subject to a litigation hold, what is the process to comply with the hold?
Does the provider have an uptime guarantee to ensure access to the data?
In addition, firms can take their own in-house precautions to limit potential breaches, such as installing firewalls, limiting access to information and verifying the identities of individuals who are provided information.
As for critical data, keep it out of the cloud. “You won’t see the formula for Coke in a cloud,” Nelson said.