The Legal Cloud: A Question of Security, Ethics

Security emerged as a major barrier to the adoption of cloud technology in a recent survey of independent attorneys.  It’s been a trend for a while, as Bob Ambrogi wrote:

As other surveys have indicated. concerns about security and confidentiality remain the greatest barrier to cloud adoption among small-firm lawyers. Even though security was the top-ranked barrier, the survey nonetheless found that 41% of small-firm lawyers believe that the cloud is secure and only 9% say it is unsecure. Roughly 36% fell in the middle — saying they were unsure whether it is secure.

Notably, when asked why they believe the cloud is not secure, a significant number of respondents cited fear of access by the government or the NSA. They also cited fear of hackers and rogue employees of the cloud vendor.

This barrier may have slowed the legal industry in terms of adoption, as Inside Counsel reported:

While industries including healthcare and finance have paved the way for implementing new technologies, the legal industry has been a bit more skittish, especially when it comes to cloud-based services.

In reality it’s not a race, but if it were we all know the story about the tortoise and the hair.  Perhaps the legal community has timed cloud adoption just right.

Drilling down on security

In a thorough post on The Droid Lawyer blogger and lawyer Jeffrey Taylor drills down on the issues over security. He breaks security threats into categories – active and passive threats.

Active threats are those created be bad actors; think hackers.  Passive threats are those that inherently exist – like the yellow sticky note filled with hand written passwords tucked secretly under a mouse pad.

Jeffery writes:

Personally, I’d rather have a company that’s actively engaged in improving security, backing up my data, and offering me efficient ways to interact and use my information, than my hap-hazard pasting of security suites, backup solutions, and half-hearted systems updates.

Understanding the Cloud

One practicing attorney we recently spoke with, regarding the cloud, expressed concern over the terms of service of some cloud-based products.  He relayed a story about a panel of IT staff explaining how they had converted all of the law firm’s data into a cloud service – and it was apparent to him the lawyers were “completely unaware of what that meant.”

The 2013 ABA Technology survey found that just about 40% of attorneys were reviewing the terms of service (ToS) before accepting a software license. Such a review is an essential step along a cloud computing check list, such as this checklist, which was developed by an attorney.

Several state bar associations provide ethical opinions on cloud computing. Alabama for example, provides three recommendations:

• Know how provider handles storage/security of data.
• Reasonably ensure confidentiality agreement is followed.
• Stay abreast of best practices regarding data safeguards.

The American Bar Association has neatly listed out the ethical opinions on cloud computing from several state bar associations on its website.

Note:  the terms and conditions for the Firm Manager cloud service for law firm practice management are published online for anyone to freely review.

The Droid Lawyer is sums up the cloud security concerns this way:

Certainly that cloud won’t solve all the issues we face, but we’re arguably getting closer to ethical compliance and at least better protection. The choice is yours as to how you want to handle your firm’s security. Most solo and small firms don’t have the monetary resources to hire a team of technology consultants to protect stored data.

What do you think – are independent attorneys safer with vendor focused on legal technology or is the do-it-yourself route a more viable option?

Photo credit:  Flickr, Creative Commons

If you enjoyed this post, you might also like:
Infographic:  Law Firms Warming are Warming Up to the Cloud