Why cloud software for lawyers offers improved security
This post on cloud software for lawyers who are interested in learning more about security is the first in a series of blog posts designed to help demystify cloud security, translate technical buzzwords into language a lawyer can understand, and to answer questions that lawyers frequently ask us about cloud security.
Cloud computing adoption continues to increase across every industry, and according to Gartner, will become the bulk of new IT spending by 2016. Even though the legal industry lags behind other industries when it comes to technology adoption, adoption of cloud software for lawyers is on the rise. According to a survey conducted by Lexis-Nexis of 275 law firms, over 70% said they were more likely to use cloud software this year, with adoption expected to hit 40% in smaller firms by the end of 2014.
Ethical considerations for lawyers
While this trend is both encouraging and exciting, there are ethical considerations that are specific to the legal field when it comes to cloud software. While IT departments across the globe have reservations about the security of data that is hosted in the cloud (even if mainly for self-preservation reasons), this is even more prevalent when it comes to cloud software for lawyers, due to the fact that they are bound by professional rules of responsibility to protect their clients’ confidential information. The courts have spoken, and there is a certain level of accountability that a lawyer must take on when using cloud software. Unfortunately, most lawyers don’t have a technical background, and even those who are tech savvy don’t understand (and don’t really need to understand) the technical nuances of cloud security.
But that doesn't absolve them of their responsibility. They still need to be aware of the risks, and should perform their own due diligence and make reasonable efforts to ensure the security of their clients' data before storing it in the cloud.
Cloud software for lawyers is not inherently insecure
The most basic lesson that attorneys need to learn is that the "cloud" (i.e. the internet) is not inherently insecure, but rather that it is poor implementations of security by software vendors that are insecure. And with the potential to steal such a wide array of lucrative data, cloud providers make an attractive and prime target for nefarious individuals or criminal syndicates. That’s why you see stories like LinkedIn being hacked (due to its poor implementation of security coupled with its valuable personal data).
But when done right, cloud software can actually be more secure than on-premise software. The reason is that with cloud software, security can no longer be an afterthought, with expectations that putting up a firewall at the firm will prevent data from being compromised. Cloud software companies that have a breech can lose the trust of its customers and potential customers, and risk having such negative PR that they end up shutting down. It has happened, and even companies like DropBox have hurt their brand within the legal community. Yes, many lawyers still use DropBox, but many are taking extra steps to ensure their data is secure on DropBox, and it may not be that easy when it comes to the new cloud provider you are considering.
So how does a law firm (or attorney) know if its cloud provider has developed a secure application? When choosing cloud software for lawyers who want to perform their own due diligence, what are reasonable efforts that the attorney can take to prevent the inadvertent or unauthorized disclosure of information related to a client? Thankfully, you don't need to be a security expert or hacker to figure it out. In my next post, I highlight some of the main risks you need to think about.
Interested in cloud software for lawyers, or just want to dig deeper? Sign up for one of our FREE webinars on cloud security:
- Legal Ethics of Using the Cloud and Ensuring Security for Your Clients
- Evaluating Legal Technology Vendors