Data Protection In Cloud Computing
Written by Maryam Khan
Blogger
Cloud computing has existed for many years playing a crucial role in transforming legal practice. Leading law firms have moved to the cloud due to its flexibility in comparison to traditional server and desktop-based applications. Although cloud computing allows law firms to benefit from improved security and better data management, there are still many concerns surrounding the integration of cloud technology, as nearly 55% of UK law firms faced a cyber-attack in June 2019 [1].
Data protection and privacy are considered key risks when storing personal data while integrating cloud computing to streamline business processes. This gap is where law firms are required to utilise the right tools and resources available to alleviate such concerns to avoid facing consequences that can have a huge impact on their reputation and client retention rate.
What is Cloud Computing?
Cloud computing refers to software or services that can be accessed and used over the internet using a browser or a mobile application, where the software itself is not installed locally on the device being used by law firms accessing that particular service [2]. The services available over the internet include computing services such as servers, databases, storage, software and analytics, which offer flexible resources and faster innovation [3]. When accessing these services, the data is stored on remote servers rather than on local computers and hard drives.
Examples of cloud computing in our everyday lives include Gmail or iCloud, which backs up all of the pictures stored on a mobile device. Another mainstream platform that utilises cloud computing to provide its video streaming service is Netflix [4]. From a law firm’s perspective, cloud-based software is used to provide several services, including case management software, document storage software, client onboarding and IP docketing.
How Are Law Firms Benefiting From Cloud Computing?
Cloud computing to manage and store data is becoming increasingly useful for law firms as they look to benefit from improved security, cost-effectiveness, mobility and providing superior client service.
Improved Security
While some law firms may be slightly hesitant to switch to the cloud due to the risk of losing data, it has been predicted that cloud infrastructure as a service will face at least 60% fewer security incidents than those in traditional data storage mechanisms [5]. Cloud software is becoming more secure than data security offered by traditional platforms. Cloud service providers can easily identify any fraudulent or unauthorised use through passwords, defined access and encryption ensuring there is minimal risk of any confidential information being leaked [6].
Easy Data Access
Through the cloud, law firm data can be accessed within seconds, regardless of the nature or geographical location of where the data is attempting to be accessed from. This interconnectedness and accessibility is of huge benefit for international law firms with offices and teams worldwide. This prevents any delays and ensures that information can be shared quickly and securely both internally and with clients. Lastly, all data management is automated by using the cloud, which makes access to information much easier and further streamlines business processes.
Increased Collaboration
Cloud computing fosters collaboration. Cloud storage solutions allow documents to be edited in real-time, which allows every team member to access the updated version without sending documents back and forth via email, which often creates a great deal of confusion. Lawyers can now edit and view the same documents and work simultaneously at any time from any location. This cloud collaboration also facilitates hybrid work policies, which are becoming increasingly prominent in law firms. Whether lawyers are working remotely or in office, they can now easily work on a document together without having to be physically present in the same place [7].
What is Cloud Security?
Cloud security is a subdivision of cybersecurity that is committed to securing cloud computing systems. It covers a range of policies, technologies and security controls that aim to protect data and the platforms associated with cloud computing [8]. The main function of cloud security is to keep data private and safe across all online platforms. Important aspects of cloud security include data security, data retention, identity and access management, governance and legal compliance. Cloud security works to enable data recovery in the case of data loss, protects storage and networks against malicious data theft and prevent human negligence, which is directly responsible for data leaks and reduces the overall impact on any data system [9]. The first step to ensuring that law firms are cloud secure is to understand what needs to be secured and the systems required to manage security [10]. While choosing an already security-conscious cloud provider is crucial, law firms must implement measures in order to ensure that the data they have stored on the cloud is secure.
Can Law Firms Be Held Liable?
All individuals and organisations have a general responsibility to comply with the General Data Protection Regulation (GDPR). This includes law firms. Despite law firms not having complete control over the cloud, they are still considered a ‘data controller’ as they determine how, when and why the data is used. Therefore, law firms are liable for the secure processing of all personal data regardless of whether it is being carried out by them or the cloud provider on their behalf [11].
What Cloud Computing Challenges Should Law Firms Be Aware Of?
Cloud computing offers a rich mix of benefits and risks, which every law firm should carefully consider. The main concerns relate to issues in protecting confidentiality, maintaining ethics and the supervision of data. If you are making a transition into cloud computing, you need to carefully assess the benefits and risks in accordance with your law firm’s circumstances.
Maintaining Confidentiality
Law firms must ensure that confidential clients stay secure, which is a big concern when transitioning to cloud computing. Maintaining confidentiality is crucial to a law firm’s success, and if the right policies and protections are not in place when storing data on the cloud, the firm could face a huge reputational risk, losing out on business and developing a negative reputation. Therefore, the organisation must choose a cloud service provider which has a good reputation and is known to be both trustworthy and reliable.
A successful company will ensure that your data is end-to-end encrypted, making it completely unreadable to any unauthorised user even during the transition phase [12].
Lastly, while using cloud data has become the norm in the legal sector, law firms should still take extra precaution in order to eliminate any potential risks as the damage can be irreversible.
Complying With Data Privacy Regulations
The general cloud transition process raises issues for many law firms as there could be several legal implications regarding data privacy regulations if not carried out correctly. The General Data Protection Regulation (GDPR) sets out a framework to ensure data privacy and avoid being non-compliant. Law firms must protect themselves against cyber-attacks, manage their security risks and avoid hefty fines by ensuring that they are compliant with the GDPR. This includes conducting a close examination of the internal procedures of their cloud service provider of choice in order to ensure they are working with a compliant cloud company [13].
Internal & External Threats
There is always the risk of internal threats caused by human error, such as security misconfigurations of user access controls which put law firm systems and data at risk. On the other hand, external threats are caused almost exclusively by malicious actors, such as malware, ransomware and phishing. Cloud-based platforms are extremely interconnected, which means that any insecurity can cause huge problems, especially to law firms where dealing with confidential information is crucial to the business. Again, due to the interconnectedness of cloud platforms, hackers can easily access a poorly protected interface and expand to locate data on different platforms [14]. Such disruptions can have long-term repercussions for law firms as it can take years to build up trust with a client again.
How Can You Make Sure Your Law Firm Is Cloud Secure?
Maintaining cloud security is a twofold process that places a shared responsibility on both the cloud provider and law firms who are the client. These responsibilities can be divided into three categories; 1) the cloud provider’s responsibilities, 2) the law firm’s responsibilities and 3) the responsibilities that vary based on the service model. As a cloud customer, law firms are responsible for managing users and their access privileges, the encryption and protection of the data stored on the cloud, and safeguarding cloud accounts from any unauthorised access.
End-to-end Encryption
Encryption is one of the most important ways in which law firms can secure their cloud computing systems. Encrypting data at all communication levels ensures that law firms are taking enhanced data protection measures. Law firms can either encrypt their data through their cloud provider or use a completely different cloud security solutions provider [15].
Threat Intelligence Software
Threat intelligence software allows law firms to detect and eliminate known and unknown threats in real-time. The detection algorithms within such software undergo a forensic analysis of such threats to determine the level of risk they could pose. Law firms receive real-time alerts on any disruptions and data protection policy violations as soon as they occur [16]. This allows the firm sufficient time to evaluate these issues rather than having no knowledge of the threat prior to impact. The information generated from such software is used to prepare and prevent cyber threats aiming to access law firm resources and confidential information.
Configuration
Most cloud security data breaches originate from misconfiguration errors. Therefore, taking the necessary steps to avoid misconfiguration errors significantly reduces a law firm’s cloud security risk. Again, law firms can either do this themselves or hire a different cloud security solutions provider. Some of the key guidelines law firms can follow is to never leave the default settings unchanged and always switch on the security controls provided by their cloud vendor. If a law firm uses the default settings to secure its cloud storage, it becomes extremely easy for hackers to access the system. Additionally, using the wrong security controls or not using them at all can put law firms at huge risk. Other basic rules to keep in mind are always using strong passwords and regularly backing up law firm data [17].
Final Words
Cloud computing is taking over the way in which law firms store and protect their data. While switching to the cloud is an easy process that offers many benefits over the more traditional platforms, there are some added security concerns. Law firms must ensure that they can trust their cloud provider and monitor how their data is being protected. This should be carried out through internal management alongside keeping track of measures taken by their cloud provider. If cloud computing is not implemented carefully, it can have a huge impact on a law firm’s business, reputation and clients. On the other hand, if maintaining cloud security is taken seriously by law firms, cloud computing can work wonders by increasing their efficiency, streamlining their processes, and growing their business.
References
[1] Ross Birbeck, ‘Cyber security threats: can we trust cloud-based legal tech?’, Casedo (2021) at https://www.casedo.com/insights/legal-technology/cyber-security-threats-can-we-trust-cloud-based-legal-tech/
[2] Practice Note, ‘Cloud Computing’, The Law Society (2020) at https://www.lawsociety.org.uk/en/topics/cybersecurity/cloud-computing
[3] Ibid
[4] Steve Ranger, ‘What is cloud computing? Everything you need to know about the cloud explained’, ZD Net (2018) at https://www.zdnet.com/article/what-is-cloud-computing-everything-you-need-to-know-about-the-cloud/
[5] Teresa Maitch, ‘2021 Law Firm Data Security Guide: How to Keep Your Law Firm Secure’, Clio at https://www.clio.com/blog/data-security-law-firms/
[6] Sushree Swagatika, ‘How safe is the cloud for law firms?’ Lego Desk (2021) at https://legodesk.com/blog/legal-practice/why-lawyers-and-law-firms-are-switching-to-cloud-computing/
[7] RingCentral Glossary, ‘Cloud Collaboration’. RingCentral at https://www.ringcentral.co.uk/gb/en/blog/definitions/cloud-collaboration/
[8] ‘Protect Your Business Online’, NiBusinessInfo at https://www.nibusinessinfo.co.uk/content/cloud-security-risks-and-solutions
[9] Resource Centre, ‘What is Cloud Security’, Kaspersky at https://www.kaspersky.co.uk/resource-center/definitions/what-is-cloud-security
[10] Ibid
[11] ‘Cloud Computing’, NiBusinessInfo at https://www.nibusinessinfo.co.uk/content/data-protection-and-cloud-computing
[12] ‘Cloud Computing Risks and Benefits for Law Firms’, Nordic Backup at https://nordic-backup.com/blog/cloud-computing-risks-and-benefits-for-law-firms/
[13] Ibid (1)
[14] Ibid (9)
[15] Ibid
[16] Check Point, ‘What is Cloud Security’ at https://www.checkpoint.com/cyber-hub/cloud-security/what-is-cloud-security/#
[17] Ibid (9)