The Cloud: Legal Professionals Still Seem Skeptical
The results of a recent survey of 148 legal professionals conducted during Legal Tech New York found that 2/3 of these respondents were “concerned” or “very concerned” about using cloud-based applications. This is consistent with some of the conversations I have had with lawyers or legal technology professionals who relay that their corporate clients are driving part of this skepticism - some even forbid the use of the cloud. When you dig into the survey, there are additional reasons for this skepticism which include the fear of the inadvertent disclosure of data (64%), and the potential theft of intellectual property (39%). However, I believe that underlying much of this fear is the apparent lack of control one feels when not keeping data on internal systems.
With the continued explosion of data, this belief is causing headaches for IT professionals. It is then important to articulate why this fear of security in the cloud is not supported by facts and why a much greater threat to losing data is the rise in the adoption of 3rd party or “non-sanctioned” applications found in the App Store on iTunes.
More Control Does Not Equal Greater Security
While one may think that keeping data behind its firewall will lead to higher security safeguards, the physical location of data matters less than the means of access. Inadvertently, users are victims of phishing attacks that persuade individuals to disclose passwords that lead to unauthorized access. Plus, some Enterprise IT applications were not necessarily designed with security being of utmost concern while cloud-based businesses sell safeguarding of data as its main priority. In addition, with data residing onsite, there is always the chance that an employee intentionally/recklessly puts data in jeopardy because they have onsite access.
Security Certifications of Data Centers
Hosting one’s own data and knowing the people administering your network and systems may give you a sense of security, but have your IT systems attained the highest level of security certifications? Cloud-based businesses have to build secure data centers that are independently audited. Data centers must adhere to high standards (Soc II, SSAE) and are used by thousands of different tenants. Not surprisingly, it is in a cloud-based company’s interest to uphold these high levels of security because of the damage a potential breach would do to its reputation. Plus, security is a main selling point for its services while this may not be a core component of their client’s business.
“Bring your Own Device” and 3rd Party Applications
A bigger threat to data security is the allure of the applications found on iTunes. As more and more legal professionals use their phones and iPads to work, many choose to download 3rd party applications. If there is a fear of losing data, you would imagine this same fear would prevent the use of these cloud-based applications downloaded to an iPad. Why do people turn to these applications? They are easy to access, install and ultimately use. When you consider that respondents claimed 55% of data stored on these applications is pertinent to a legal or investigatory matter, some IT departments have found it difficult to know who is using these tools and to track the sources of this data. While these sources grow, it becomes harder to find this data if litigation arises and to ensure that all of these applications have sufficient security standards in place.
As we know, the legal profession is cautious when it comes to change. However, a good first step is understanding that keeping data on premise in an internal environment, not subject to periodic audit, is less secure than the cloud. Most importantly, legal professionals should speak with their IT groups before they come upon the latest app that promises to streamline their work life.