Firmex

Cloud Computing: Security Issues for Lawyers

May 11, 2010 - by Nicole Black

In prior posts I discussed basic cloud computing concepts and the ethical issues triggered by cloud computing. There are also security issues that lawyers must consider when deciding whether to use cloud computing products in their practice.

Two key steps lawyers can take to ensure that their data is secure are to:

  1. ask the right questions of cloud computing vendor and
  2. ensure that their contract with the vendor addresses important security issues.
Is it Safe for Lawyers to Save Data Online? Still, the most important thing you can do is learn as much as possible about the way your data will be handled by the cloud computing provider. The security of your firm’s data is of paramount concern. Security issues to consider include:
  1. What type of facility will host the data?
  2. Who has access to the data?
  3. How frequently are back-ups performed?
  4. Is data backed up to more than one server?
  5. How secure are the data centers?
  6. What types of encryption methods are used and how are passwords stored?
  7. Are there redundant power supplies?
  8. Is there more than one server?
  9. Where are the servers located?
  10. If a natural disaster strikes one geographic region, would all data be lost?

This recent article from Law.com, A Check List for Cloud Computing Deals, is a good resource for your contract negotiations with a vendor. The article is targeted toward lawyers who negotiate cloud computing agreements on behalf of their clients, but is equally applicable to lawyers seeking to use cloud computing services in their own practice.

In the article, it is suggested that the agreement with your provider should address the following important issues:

  • What's the Agreement?
  • Where Does the Data Go?
  • Does 'One Size Fits All' Work?
  • How Reliable Is the Service?
  • What Are Other Standards for the Services?
  • When and How Can the Customer Get Its Data Back?
  • How Safe Is the Customer's Data?
  • What if There's a Data Breach?
  • What if There's a Disaster?
  • What if There's a Dispute?
  • How Much Does the Service Cost?
  • How Is Risk Allocated?
  • What if the Agreement Terminates?
  • Is It Really Your Vendor Holding the Data?
  • How Can the Customer Review the Vendor's Performance?

Obviously, absolute security is impossible. However, lawyers have an ethical obligation to take reasonable steps to ensure that their client’s data is securely stored and remains confidential. The best way to do that is to educate yourself about your alternatives, ask the right questions, ensure that you are satisfied with your vendor’s responses, and negotiate an agreement that protects both your interests and your client’s data.

Posted In: Cloud Computing, Legal, SaaS | Comments: 4 | Tags: cloud computing, legal technology, saas, legal, legal practice

Related Posts

Responses to "Cloud Computing: Security Issues for Lawyers"

Danny Johnson says:
May 12th, 2010 at 9:21 am

Very good stuff Niki. Those questions are questions that every legal SaaS vendor must answer strongly. Good stuff.

New Security Measures for SaaS Safety | Virtual Da says:
June 29th, 2010 at 4:31 am

[...] course, cyber-risk insurance does little to protect the confidentiality of your client’s data, but it does provide your law practice with coverage should a data loss [...]

Heather Alexander says:
August 25th, 2010 at 7:03 am

It’s not just lawyers need to get these questions answered - it’s everyone considering holding personal/customer/client data in the cloud…

Leave a Reply

Remember my personal information

Notify me of follow-up comments?

Share This Page
Close