Can firms handle possible risks of cloud computing?

By Steve Thorpe
Legal News

In the near future many attorneys may have their heads — or at least their documents — in the clouds.

Cloud computing, where data, applications and processing can take place “off-site” on computers and servers that may be halfway around the world, is growing rapidly.

The advantages of cloud systems for law firms include reduced hardware and software costs, automatic updates of digital tools, and the ability to access documents and tools from anywhere you have a good Internet connection.

The current infrastructure model used by most firms is to buy or lease software and hardware and hire IT professionals — in house or contracted — to make it all work.

With cloud computing those costs and the associated headaches are greatly reduced. This makes the cloud option especially attractive to new firms or established firms that are on the verge of a tech makeover.

“You don’t have to rent a server or lease time on a server,” expert Richard Stiennon says. “You just use a web service with a nice ‘front end’ (interface that the user sees) and you have much fewer infrastructure issues.”

Stiennon is a senior fellow at the think tank International Cybersecurity Dialogue and also covers the IT security industry for IT-Harvest.

He is the author of “Surviving Cyberwar,” published by Government Institutes, and has addressed conferences and industry events in 26 countries.

He warns that the move to the cloud is not without risk.

“If you store all your critical information, legal documents and customer information in the cloud, those are very attractive targets for some big attackers,” Stiennon says. “A group of cybercriminals in Russia or even the Chinese government could decide that Apple’s iCloud, for example, was a target of interest and they could attempt to penetrate it.”

But why would these “big attackers” bother with a relatively modest sized law firm? Stiennon stresses that it probably won’t be about you, but about your clients.

“The problem with law firms is that they tend to fall into the realm of the unsecured third party,” he says. “The principle target could be the client, who has sophisticated security and is hard to penetrate, but the attacker may discover who is their legal representation and attack them.”

There is also the responsibility for preserving a client’s data and ensuring that it’s secure.

That issue becomes complicated when an attorney can’t point at a file cabinet or a server. The cloud is everywhere so, in essence, it’s nowhere. At least nowhere you can readily identify.

Dr. Ursula Widmer of Dr. Widmer & Partners, Attorneys-at-law, in Berne, Switzerland, talked about the inherent paradoxes in an article she authored.

“Data protection law is based on the premise that it is always clear where data is located, by whom it is processed and who is responsible for data processing,” she wrote. 

“Cloud computing appears to fundamentally conflict with this evidence. For example, if a customer uses an e-mail service based on cloud computing, the customer’s data can be stored anywhere in the world. Therefore, with cloud computing it is no longer possible to say where the data is at a certain moment and by whom and how it is being processed. This means that it is doubtful whether those responsible for data processing, in accordance with data-protection regulations, are in a position to effectively assume their responsibility at all.”

The security claims of cloud providers can be reassuring, but occasionally misunderstood. Most of them tout their encryption, but don’t thoroughly explain how it works. Encrypting your data before sending it to the cloud can be the key to keeping it secure.

“If you read any of the assurances of any of these cloud providers, they talk about data security in terms of encryption,” says Stiennon. “That means that someone sharing a WiFi hotspot at Starbucks isn’t going to see your data. But quite often the data isn’t encrypted when it’s residing in the cloud. They decrypt it at the web server and then store it in their big data centers. So all that data is just sitting there unencrypted.” 

The cloud providers have a perfectly valid reason to be coy about their security arrangements. Much like the Secret Service protecting the President, the more you reveal about your defensive measures, the easier they are to penetrate. Still, it is incumbent on the purchaser of cloud services to learn as much they can about the provider’s security.

After all these risks are weighed, does it still make sense for law firms to consider the cloud option?

Ask the man who looks for digital spooks under the cyberbed for a living.

“The cloud is working,” Stiennon says. “I’ve moved my consulting firm over to close to 100 percent cloud over the last three years.”
 
__________________

WHAT IS "THAT CLOUD"?

“Cloud Computing” is using the Web server facilities of a provider on the Internet (the “cloud”) to run applications.

There is so much buzz about the cloud that the terms “cloud computing” and “cloud” may appear to be synonymous.

However, the average user views the cloud from a different perspective than the IT professional.

For example, users increasingly employ the Internet for backup and media storage.

The cloud provides a central location from which to upload and download documents, photos and videos from any Web browser on any computer. This is “storage in the cloud” rather than true cloud computing.

To the IT department, cloud computing is really about two approaches to serving applications to the end user.

It may be “software as a service” (SaaS), which delivers the entire application. Or, it may be “infrastructure as a service” (IaaS), where only the servers and operating systems are provided, and customers deploy their own applications on the hardware.

Cloud computing’s distinguishing features are self-service, scalability and speed. Self -service means that everything is done online from start to finish, although human support is always available.

The cloud is scalable, meaning that it can be quickly set up to handle extra workloads, such as increased holiday Web traffic or when new products are launched.

In addition, Internet cloud providers may be connected to multiple Tier 1 backbones for fast response times and availability.

– Source: PCMag.com
 

––––––––––––––––––––
Subscribe to the Legal News!
http://legalnews.com/Home/Subscription
Full access to public notices, articles, columns, archives, statistics, calendar and more
Day Pass Only $4.95!
One-County $80/year
Three-County & Full Pass also available