For those of you who thought that “the cloud” was simply a handy place to store your music and videos for later use without having to waste precious storage capacity on your mobile phone, think again. Cloud computing has become a way for companies of all sizes to share a variety of business related resources without having to invest heavily in more traditional storage and communication infrastructures. Law firms and corporate law departments in particular see cloud computing as a way to provide fast and efficient representation to their clients at a fraction of the normal cost. Yet use of this relatively new technology, like may advances over the past ten years, is not without its risks and dangers. Thirdparty vendors providing cloud computing services are a big lure for hackers looking to score a treasure trove of sensitive data, personally identifiable information and confidential documents. If these hackers break through the cloud’s security defenses and steal client information, the law firm could be on the hook, legally, ethically and from a business standpoint. Finding the right cloud provider and striking the right arrangement is critical to taking advantage of this valuable tool, while minimizing your firm’s risk.
What is “the Cloud”?
The phrase “the cloud” is a relatively recent marketing buzz word, but the concept of remote computing has actually been commercially available since 1964, when it was know at Dartmouth University as time-sharing – a telephone linebased service for obtaining remote access. Over the past sixty or so years, time-sharing has been known by many names, including Application Service Provider (ASP), Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). But regardless of the name, cloud computing is simply the idea that user can utilize large computer resources and applications over the Internet without having to make huge investments. It is analogous to a city electrical grid: everyone can tap into it to obtain electricity (for a price) without each person having to purchase his or her own generator.
Many large Internet-based companies, such as Amazon, Google and Rackspace, provide cloud services, while some companies, like DropBox, focus exclusively on cloud computing and the ability to share documents and other files. While it might be tempting to go with a “name brand” when it comes to cloud services (because of cost, ease of use or simply ubiquity), bear in mind that these companies offer “take it or leave it style terms of service,” usually by merely agreeing to a click agreement. Hence, if you click “I agree” you will likely be stuck with whatever terms and conditions they offer you and will not be able to negotiate things like limiting the locale of the data to the US (or any country for that matter), the right to audit your data. and the format in which you receive the data back whenever your relationship ends. As we see below, not only might that be risky from a business and legal perspective, it might also be downright unethical.