Cloud computing generally requires access to consistent, high-speed Internet. Although some cloud computing applications have an offline version, like Evernote and NetDocuments, law firms with inconsistent Internet access are not good candidates for cloud computing.
Be aware of the security offered by the cloud provider. Ask questions. In a traditional non-cloud office setting, security breaches, data corruption or bugs are confined to a law firm’s local IT environment. In the cloud, these matters are beyond a law firm’s immediate control.
For example, vendors may outsource data storage to a separate company, making it necessary to know the security policies of not only the vendor but also the storage provider. Ensure that client and personally identifiable information is encrypted in transit and in storage. Know who has access to the data. If there is a security breach, whose responsibility is it to notify the end user? Is the responsibility the vendor’s as well as the storage provider’s?
Another security concern is reliable backup of the data in the cloud. Storage providers such as Amazon and Rackspace offer co-location of data, SAS 70 certified security, and many other fail-safes. These vendors often can provide significantly more security and backup than a small law office. Another risk to consider is the potential dissolution of the vendor. If the vendor goes into bankruptcy or insolvency, access to and storage of a firm’s data becomes an issue. Vendors can provide law firms with local copies of their data to mitigate this risk. Availability of local copies of data should be a priority when choosing a cloud vendor.
Conversely, if a law firm decides to end its relationship with the cloud vendor, what happens to the firm’s data? Eventually the vendor will close the account and users will no longer be able to access the interface that allows them to read, enter and manipulate data. Again, ensure that the firm can keep a local copy of data so that migration to another vendor is an option.
Some cloud-computing vendors, like Google or Dropbox, offer free applications. However, the confidentiality of client data is at greater risk if a firm, or its members, choose to use free cloud services. Many free products often do not assume liability for lost data, and, in some cases, do not assert rights to the data itself. Vendors of free services often make data available to advertisers and third parties. Vendors of free services also assert the right to discontinue the service at any time.
With any cloud service, law firms should carefully read the terms of service, as well as the privacy policy. If a cloud vendor is served with a subpoena, will it notify the user before handing over the data? Law firms that must comply with regulations, such as requirements of the Sarbanes- Oxley Act or Health Insurance Portability and Accountability Act, should make sure those requirements can be met when using a third-party vendor.
Cloud computing allows users to access information from anywhere. But as with any access to sensitive data, users should be wary of accessing cloud-computing applications on a free, open wireless network, such as at a Starbucks, or on a shared, public computer, such as in a library. Always check that the connection is secure. Look for “https” in the browser address bar; otherwise, it is very easy for others to gain access to the information sent through an open wireless network.