Cloud computing is essentially an extension of the ‘just in time’ concept; it allows companies to purchase IT services as needed, and the provider manages those services. This allows the company to get what and how much they need, when they need it, without having to invest in additional software or support. A very basic example of a ‘cloud computing’ type of application is Google Docs.
The security of documents is obviously a major issue for law firms and their clients. Does the use of cloud computing, wherein documents are stored in the cloud - the internet - jeopardize this security?
Arlen Tanner, an attorney at Shook, Hardy & Bacon in Kansas City, Missouri, and an expert in business records management, was quoted as saying in the November 1st abajournal.com article, “Safe in the Cloud? Online Service Risks Need Care and Coverage”: “Certain levels of security will depend on the company you are dealing with and on the underlying cloud provider. Most cloud-based services are small startup companies leasing space on a large cloud, such as from Google, Amazon, Microsoft or IBM. Cloud service providers like Dropbox, for example, store your data on storage they lease from a major cloud provider.”
A problem Dropbox encountered earlier this year illustrates the next issue law firms face regarding the use of cloud computing. Per the article, because of a programmer's error in the summer of this year, any password entered enabled access to the site. Although the service rectified the error, it brings the vulnerability of users to the forefront. What could a hacker do to the integrity of documents and other information? A disgruntled employee? Or anyone else intent on harm?
As with most advancements in technology, the development of policies and procedures designed to address said advancements tends to lag behind. Full communication among all departments is absolutely necessary to achieve the development and implementation of adequate policies, including legal and IT. Without such policies, law firms are left, ironically, open to malpractice lawsuits.
Brant Weidner, a claims manager for Beazley Group in Chicago, a Lloyd's of London syndicate offering lawyers’ professional liability insurance, including specialty products for cyber- and data-related losses, was quoted as saying regarding the coverage firms carry on malpractice insurance coverage: “Lawyers should have coverage specifically designed to deal with the losses that can arise in the event of a data breach: That means notifying clients that data has been disclosed, credit monitoring if necessary, and hiring a computer security expert to figure out why there was a breach. There is also the possibility of civil fines for violations. All of these costs can have not only financial but also professional consequences.”
As with many situations, the best defense is a good offense. Therefore, researching the cloud computing service provider is absolutely essential. Per the article, Tanner advises firms to research the service provider and the company leasing the space to assess the stability of the cloud.
And, as can be seen with much technology, it's here to stay, and firms will adapt to it, not the other way around. That means that while cloud computing presents some obvious risks it also offers many benefits. The key isn't to eliminate or avoid the risks, it's to manage and reduce them, while leveraging the benefits to increase business success.
