Believe It or Not, You Probably Already Work in the Cloud – Now What?
Author: Thomson Reuters
Only 52% of the respondents to the 2017 ABA Legal Technology Survey said they use cloud computing. However, lawyers are typically working in the cloud more than they realize. Many of the tools attorneys use all day every day including Westlaw, LinkedIn, Facebook, Evernote, and QuickBooks Online are all cloud-based solutions.
Why is it important that you make the distinction? Because what you don’t know could negatively impact your practice. Consider these recent ABA mandates:
- In 2012, the ABA revised its Model Rules of Professional Conduct to require lawyers to stay “abreast of changes in the law and its practice” including “the benefits and risks associated with relevant technology.” As of September, 28 states have adopted this ethical duty of technological competence.
- In May, the ABA’s Committee on Ethics and Legal Responsibility issued Formal Opinion 477. It basically states that if you communicate with clients via email, store any client data on a server, or transmit client documents, you need to exercise reasonable effort to make sure this information isn’t hacked.
You obviously can’t adhere to these mandates if you’re not even aware of what kind of technology you’re using.
A Basic Definition of the Cloud
“Cloud” is simply another word for “internet.” Unless a computer program is installed on and operates from a hard drive or server located in your office, it’s delivered to you through the internet. That means it’s in the cloud. Remember, the application is still housed on a server someplace, just not yours.
A Very Brief Overview of Benefits and Challenges
Probably the greatest benefit of working from the cloud is the flexibility that allows you to:
- Work from anywhere you have internet access
- Easily upgrade and expand your services as your firm grows without huge investments in infrastructure.
This Cloud Computing for Small Law Firms whitepaper outlines more benefits of working in the cloud for small law firms, as well as how they are using it and what to consider when selecting a secure cloud provider.
The greatest challenge, depending on who is providing your cloud-based service, is security. Remember, just because you’re not housing the server doesn’t mean you’re not going to be held to task if the client data you upload to the cloud is breached. Again, those ABA opinions require that you know the technology you’re dealing with and make reasonable effort to protect client information.
Therefore, as you evaluate cloud-based solutions, you absolutely must consider the depth and breadth of their security. This Cloud Security Checklist educates you on cloud security basics and includes five must-know cloud security considerations. Here are a few red flags that may indicate that cloud-based security isn’t up to par with the expectations of the legal industry:
- They don’t have multiple third-party security certifications like SOC 2 Type II and ISO 27001.
- They don’t bother encrypting data in storage, or even worse, while in transit.
- They don’t backup your data onto multiple, geographically discrete servers at least daily, so you risk losing it.
- Their servers aren’t physically and virtually protected 24/7.
Now, chances are you may not have this level of security on your own servers or hard drives. That should give you pause. Remember the Panama Papers? This was the biggest breach in history and it happened, in part, because a law firm had dozens of vulnerabilities throughout their computer systems, including their own servers.
So while security may be the biggest drawback of the cloud, it may very well place itself among the biggest benefits. That is, if your cloud-service provider offers the level of security that you don’t have the resources or time to implement on your own.