0 Comments Published on November 12th, 2014 by Thomas Allen
Cloud software is not less secure, but it is riskierAs a general rule, I don't subscribe to the notion that cloud software is inherently less secure than hosting applications on your own servers. However, I do believe that using a cloud provider is riskier for 2 main reasons:
- You and your firm have less control. With your own IT department, you most likely have very clear policies and procedures that must be followed, with written documentation in case there is ever a suspected breach. With a cloud provider, you have very little to no control over the measures that they have taken, or know whether they are even following their own procedures on a regular basis.
- Cloud providers are more attractive targets for hackers. It's unlikely that your law firm or practice is a target of hackers, because the benefit of having only your data isn't that great. But a successful breach of cloud software can provide hackers with data from hundreds or thousands of their clients.
Risks you need to mitigateIf you are already using or decide to use a cloud provider for your law firm or practice, you should be aware of and try to mitigate the following risks.
- Unauthorized access to client data The biggest risk when it comes to your ethical obligation is that your clients' data will end up in the wrong hands.
- Loss of client data If the only copy of your clients' data is stored with a cloud provider, you're at the mercy of the cloud provider to back up your data so you never lose it. You’re obviously going to have a very hard time representing clients if you lose data, whether it is your own internal data or your clients’ data as part of ongoing case management.
- Inability to access client data When using cloud software, any downtime will also mean you will not have access to your data. Depending on the data that is stored with your provider, the risk varies from not being able to send out an invoice to not being able to effectively represent your client in trial.
- Vendor lock-in If your data is stored with a cloud provider in a proprietary manner, and it is difficult to export, then you will have a hard time switching vendors if there is a major data breach or if they simply end up being the wrong solution for you.
- Regulatory compliance Depending on who your clients are, you may also be responsible for complying with certain regulations, so in that scenario you will need to find out if the vendor you use complies with those regulations too.
Why you should you care about minimizing risksThe "ethical responsibility" verbiage isn't just a mantra. The ABA has issued guidelines on your responsibility as an attorney in protecting client information. Specifically, ABA Rule 1.6 (c) states that:
A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.In addition to this rule, there may be other common law duties, state laws, or contractual duties that apply to you or your practice. When it comes to cloud computing specifically, 19 states have issued ethics rulings on using cloud software. While they differ somewhat, they all agree on 2 important points:
- All opinions affirm the right of an attorney to use cloud software
- All opinions place responsibility on the attorney to take "reasonable care" to ensure that client data is protected and doesn't end up in the wrong hands
Interested in cloud software for lawyers, or just want to dig deeper? Sign up for one of our FREE webinars on cloud security:
- Legal Ethics of Using the Cloud and Ensuring Security for Your Clients
- Evaluating Legal Technology Vendors