Are you concerned about the security of your data when using Cloud technology? Your concerns are reasonable since lawyer-client confidentiality is critical to your business and could be compromised if certain security protocols are not followed. Unfortunately, Cloud technology is used by many attorneys but understood by very few. But a shift in understanding is critical because as of November 1, 2017, 28 states have adopted the ABA Model Rules of Professional Conduct Rule 1.1 or a variation of the Model Rule which puts the responsibility of understanding the privacy implications of cloud technology solely in the hands of attorneys.
Comment 8 to Rule 1.1 states:
To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.
So, What is the “The Cloud”?
Think of the Cloud as a place where your data exists outside of your device. Traditionally your data has been stored on your hard drive or on an external drive such as a disk or a thumb drive, but now you can store your data someplace else on someone else’s server, and that server could be in the next town or in another country. Your laptop, your smartphone, your tablet can “talk” to this “cloud” and pull the data so that it appears on your device. The reason that the Cloud has rapidly become so popular is that Cloud technology makes it easier to use simple devices such as a smartphone or tablet to work remotely and be more efficient. Although only 46% percent of small law firms with 2-9 employees and 42% of solo-practitioners are using Cloud computing solutions. Cloud computing solutions often provide a significant cost savings for law firms, allowing them to forgo additional hardware purchases such as a server used to save large amounts of data as provide a network for computers in remote locations. The Cloud can be used by law firms to store data and connect computers/devices no matter where they are located—in the same office or in another state. Reputable Cloud vendors may also house your data in multiple locations which may give you an overnight disaster recovery plan for your business.
It is important that you ensure the Cloud provider you are considering has appropriate security protocols in place and is not some huge nebulous place where everyone’s data sits together. Your firm’s data should be secured behind powerful systems provided by your vendor. Think of the Cloud as your safety security box that sets securely within the Bank of your Cloud vendor.
When it comes to security, you should ensure that the Cloud vendor you are considering uses Secure Sockets Layer (SSL) and RSA encryption. These industry-standard encryption technologies will ensure that all communication between your computer and the remote server where your data is stored cannot be accessed by hackers or data thieves. SSL and RSA are extremely powerful security technologies which act as a complicated lock on your sensitive data stored in the Cloud, and it is a lock that even the most talented and skilled data thieves can’t crack. Remember, it’s the same security technology used by banks to protect your cash and sensitive banking information.
If we think about your data as your own safety security box at the bank, there are three places that need to be considered:
- The armored van getting your valuables to and from the bank – This is the SSL security encrypting your data as it moves between your device and the remote computer server.
- The bank’s vault – This would be the remote servers located in a secure place such as Amazon, where there is multi-layer security including guards, surveillance, flood-proofing and more.
- The key to your safety security box – this is would be comparable to your username and password.
The User Interface
There are two common interfaces for Cloud software:
Many Cloud providers operate solely in a browser. This means you view and manipulate your data in a web page, and your data is only useable when you are connected over the Internet. The positives of this is that you can access the application and your data from any device when connected to the internet.
The negatives are:
- You cannot work offline.
- You are at the mercy of fluctuating internet speeds.
- Integration with desktop applications such as Microsoft Word is limited.
Hybrid Desktop Cloud
This Cloud interface option entails installing a light desktop application which communicates with the remote computer servers. iTunes and Microsoft Outlook are two common examples of this model. This model also stores data locally on your computer and synchronizes automatically with the remote servers whenever you are connected to the internet.
The advantages of this model are:
- You can work offline (with some limitations).
- Your staff are likely to be familiar with these types of applications.
- Integrations with software such as Microsoft Word are fast and reliable.
- Your productivity is not limited by internet speed.
Smokeball’s legal case management software provides a Hybrid Desktop Cloud solution to legal professionals. This has allowed small law firms the ability to maximize their productivity and collaboration more efficiently online as well as offline, it can be used on multiple devices and always has the most up-to-date client matter in a digital file.
As you get closer to selecting a Cloud provider you should also consider the following:
- Which data centers are hosting your firm’s data? Does your cloud provider use reputable data centers such as Amazon that offer top of the line security and provide redundancy?
- Where is your data physically located? Most firms prefer that data is physically located in USA as privacy laws can vary from country to country.
- Do you own your data? It is crucial that your firm retains ownership of the data you put into the cloud provider’s system.
- Does your cloud provider have policies and audit trails in place so that only a small number of people internally have access to your data?
- Can you remove your data from The Cloud if you decide to cease using the service?
- Terms of Service – read these carefully, they will probably answer many of the questions above. They are usually not too lengthy for cloud providers.
Internally, there are security considerations you should also examine:
Security on your Computers
You still need to ensure that each computer you use is properly secured with a firewall, anti-virus protection, and the latest Windows security updates. It’s extremely important that your passwords are not easy to guess or determine by a Google search of your family and situation. You should never share passwords. Ensure you add symbols and numbers as many security experts suggest.
Why Move to the Cloud?
It is extremely likely that your data is safer on a reputable cloud provider’s servers than on a server in your office. You want to be prepared for disastrous situations. You will be using the same technology as those used by leading banks to secure their data.
A reputable cloud provider will provide the following server security benefits:
- Anti-virus and other network intrusion protection systems.
- Data Center physical security including biometric scanning and 24/7 interior and exterior CCTV surveillance.
- Redundancy of power supplies and internet provision.
- Multiple geographic location of servers.
- In-building uninterruptible power supply systems (UPS), battery back-up and multiple diesel-powered generators.
- Fire detection and suppression mechanisms.
- Disaster recovery systems, so in case of flood, earthquake or other natural disasters your data is safe in a separate location and can be recovered quickly and seamlessly.
Most small law firms do not have adequate back-up systems in place.
It is critical to ensure the following:
- You have a back-up system in place.
- The back-ups run successfully.
- All necessary data is backed up.
- The data can be quickly restored.
- Back-ups are stored offsite.
- Your backups are usable in case of disaster.
With a Cloud solution, you no longer need to worry about back-ups. All your data is constantly backed up by your cloud provider.
Cloud software allows you to work from anywhere with no complications associated with remote access to computers. There is no longer any need for VPN’s, remote desktop sessions or Terminal Server set ups.
If you have multiple physical locations, cloud software is a brilliant solution. You will be able to work as one firm like never before, managing your workload more efficiently with access to all the same information in real-time.
Whether you need to work from home occasionally, in another state, at court, or you have staff who need the flexibility to work from home, the cloud makes this simple. Using a cloud solution you no longer need to worry about how to access your office systems while traveling.
If you attend court without the right file, you can access your entire file in your hand on your phone or tablet.
IT Cost Savings
Cloud technology greatly simplifies the hardware needed to run software, requiring no physical server in your office.
There are many resources available online to learn more about cloud computing and cloud security for law firms. The American Bar Association has a number of good articles and you can access individual State Bar Ethics Opinions on cloud software: