Not All Clouds Are the Same – Questions You Should Ask Yourself About Security
Technology columnist Jeff Bennion talks to Justin Somaini of Box.com about what law firms need to know about storing documents in the cloud.
Every once in a while, I mention Dropbox here or I’ll see attorneys post on a listserve about using Dropbox for client files. It’s almost always met with disdain and a comment about how Dropbox is not secure and should not be used for client files. I am not taking a position on whether Dropbox is secure (especially its Dropbox Pro and Dropbox for Business models, which offer more security features), but I think it is important to discuss what features you need to look for if you are contemplating moving to the cloud. At ILTACON, I met one-on-one with Justin Somaini, the Chief Trust Officer for Box.com. Before working at Box, he worked at Yahoo!, Symantec, VeriSign, Charles Schwab, and Pricewaterhouse LLP, among others. We discussed what law firms need to know about storing documents in the cloud and now I want to share that with you.
The Cloud Is Not New
The buzzword “cloud” might be fairly new, but the concept is not. All “the cloud” means is storing your files on a server that is not in your office that you can remotely access. Your Gmail e-mails are in the cloud. If you have a bank, your information is probably in the cloud. Hospitals like Kaiser Permanente allow patients to log into their accounts to download their medical records and lab results. That’s also the cloud. The cloud has been around for a long time, just people never called it “the cloud.”
Is The Future Of Law Distributed? Lessons From The Tech Adoption Curve
The Cloud Is Here To Stay
Storage servers in your office are still useful. They can be reliable and secure. However, more and more law firms are moving to the cloud to store data, even confidential client data. Just a few years ago, Box had 3 of the top 100 law firms. Now they have 25 of them. The question is not so much anymore “whether you will use the cloud,” but “when will you move to the cloud?” Just like attorneys need to be able to access their e-mails from anywhere on their phones, attorneys are finding it more common to need to be able to access the rest of their files anywhere.
Office 2016 (which is supposed to be released today) comes with new features to integrate with Microsoft’s cloud software, OneDrive. Windows 8 and Windows 10 come bundled with OneDrive and OneDrive plays a core role in the operating system. Most cloud service providers have mobile apps for anywhere access.
The Cloud Can Be More Secure Than Physical Media
Sponsored
Legal AI: 3 Steps Law Firms Should Take Now
The Business Case For AI At Your Law Firm
Navigating Financial Success by Avoiding Common Pitfalls and Maximizing Firm Performance
Navigating Financial Success by Avoiding Common Pitfalls and Maximizing Firm Performance
Imagine the following scenario. You are working on a class action case. One of your expert witnesses needs to review records that were produced under a protective order. The protective order calls for the destruction of the documents at the conclusion of the case. The expert does not know how cloud sharing works, so he requests that the documents be placed on a flash drive and mailed to him. Let’s assume that it’s 20,000 pages of information – too much to print out and review. That flash drive is probably the least secure method of transmitting documents. If the documents were printed out, you would always know where they are. You do not just lose 20,000 documents like you could a flash drive. After the expert reviews the files, he puts the flash drive in a drawer, or leaves it in his home office computer. You now have rogue copies of documents that are out of your control, and you are on the hook if the documents fall into the wrong hands.
If the documents were stored on the cloud, you could set permissions for who can view the documents. Box lets you view activity of who has viewed certain records. You can password-protect the shared files or folders. You can set expiration dates for shared links. If you become suspicious that someone else is trying to log into the synced documents on your expert’s computer, you can remotely wipe the other computers of the shared data.
Or, take for example a former employee who saved a bunch of documents to his personal computer to work from home sometimes. He also has several documents printed out in an old briefcase that he has not really used very much since he left your firm. Now, that employee has left the company, but still has those documents saved somewhere on his computer or in hard copy. You have no control over what happens to those documents, when they get destroyed, or if they get destroyed.
What to Look For in a Cloud Provider
Two-factor authentication: That means that no one can log into your account without your user name, password, and cell phone. When you try to log in from a new computer, you have to enter a code that is texted to you for added security.
Sponsored
Is The Future Of Law Distributed? Lessons From The Tech Adoption Curve
Early Adopters Of Legal AI Gaining Competitive Edge In Marketplace
Enterprise management: Enterprise management refers to administrator controls over accounts that allow you to track things like who has viewed certain documents, the ability to block or hide certain files from certain people, or the ability to remove viewing privileges and remote wipe the shared files off of other servers.
Password Protection and Link expiration: Password protecting certain files or folders and sending that password in a separate e-mail will reduce the chances that a link you share will inadvertently end up at the bottom of a forwarded e-mail chain or that it will end up going to the wrong person. Likewise, link expiration means that someone could not go back into their computer and stumble across a link with sensitive information and get access to files you have long forgotten about.
Back-end improvements: Box puts out about 400 security patches and updates a year to their software. As threats evolve, so should your cloud service provider.
My thanks to Justin Somaini for taking the time to share these insights about storing files in the cloud.
Jeff Bennion is Of Counsel at Estey & Bomberger LLP, a plaintiffs’ law firm specializing in mass torts and catastrophic injuries. Although he serves on the Executive Committee for the State Bar of California’s Law Practice Management and Technology section, the thoughts and opinions in this column are his own and are not made on behalf of the State Bar of California. Follow him on Twitter here or on Facebook here, or contact him by email at jeff@trial.technology.
